Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20160510_OPENSSL_ON_SL6_X.NASL
HistoryJun 09, 2016 - 12:00 a.m.

Scientific Linux Security Update : openssl on SL6.x i386/x86_64 (20160510)

2016-06-0900:00:00
This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15
JSON

Security Fix(es) :

  • A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108)

  • Two integer overflow flaws, leading to buffer overflows, were found in the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL parsed very large amounts of input data. A remote attacker could use these flaws to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105, CVE-2016-2106)

  • It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107)

  • Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. (CVE-2016-0799, CVE-2016-2842)

  • A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL’s I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(91541);
  script_version("2.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109", "CVE-2016-2842");

  script_name(english:"Scientific Linux Security Update : openssl on SL6.x i386/x86_64 (20160510)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Security Fix(es) :

  - A flaw was found in the way OpenSSL encoded certain
    ASN.1 data structures. An attacker could use this flaw
    to create a specially crafted certificate which, when
    verified or re-encoded by OpenSSL, could cause it to
    crash, or execute arbitrary code using the permissions
    of the user running an application compiled against the
    OpenSSL library. (CVE-2016-2108)

  - Two integer overflow flaws, leading to buffer overflows,
    were found in the way the EVP_EncodeUpdate() and
    EVP_EncryptUpdate() functions of OpenSSL parsed very
    large amounts of input data. A remote attacker could use
    these flaws to crash an application using OpenSSL or,
    possibly, execute arbitrary code with the permissions of
    the user running that application. (CVE-2016-2105,
    CVE-2016-2106)

  - It was discovered that OpenSSL leaked timing information
    when decrypting TLS/SSL and DTLS protocol encrypted
    records when the connection used the AES CBC cipher
    suite and the server supported AES-NI. A remote attacker
    could possibly use this flaw to retrieve plain text from
    encrypted packets by using a TLS/SSL or DTLS server as a
    padding oracle. (CVE-2016-2107)

  - Several flaws were found in the way BIO_*printf
    functions were implemented in OpenSSL. Applications
    which passed large amounts of untrusted data through
    these functions could crash or potentially execute code
    with the permissions of the user running such an
    application. (CVE-2016-0799, CVE-2016-2842)

  - A denial of service flaw was found in the way OpenSSL
    parsed certain ASN.1-encoded data from BIO (OpenSSL's
    I/O abstraction) inputs. An application using OpenSSL
    that accepts untrusted ASN.1 BIO input could be forced
    to allocate an excessive amount of data. (CVE-2016-2109)"
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1606&L=scientific-linux-errata&F=&S=&P=2153
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?52edfd08"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openssl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openssl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openssl-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openssl-perl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openssl-static");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/03/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/05/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/06/09");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL6", reference:"openssl-1.0.1e-48.el6_8.1")) flag++;
if (rpm_check(release:"SL6", reference:"openssl-debuginfo-1.0.1e-48.el6_8.1")) flag++;
if (rpm_check(release:"SL6", reference:"openssl-devel-1.0.1e-48.el6_8.1")) flag++;
if (rpm_check(release:"SL6", reference:"openssl-perl-1.0.1e-48.el6_8.1")) flag++;
if (rpm_check(release:"SL6", reference:"openssl-static-1.0.1e-48.el6_8.1")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc");
}
VendorProductVersionCPE
fermilabscientific_linuxopensslp-cpe:/a:fermilab:scientific_linux:openssl
fermilabscientific_linuxopenssl-debuginfop-cpe:/a:fermilab:scientific_linux:openssl-debuginfo
fermilabscientific_linuxopenssl-develp-cpe:/a:fermilab:scientific_linux:openssl-devel
fermilabscientific_linuxopenssl-perlp-cpe:/a:fermilab:scientific_linux:openssl-perl
fermilabscientific_linuxopenssl-staticp-cpe:/a:fermilab:scientific_linux:openssl-static
fermilabscientific_linuxx-cpe:/o:fermilab:scientific_linux

Related

nessus 43
ibm 52
centos 2
oraclelinux 6
openvas 36
redhat 3
suse 15
ubuntu 1
amazon 1
osv 2
cloudfoundry 1
mageia 1
fedora 5
nodejsblog 1
slackware 1
freebsd 1
debian 2
cisco 1
fortinet 1
huawei 1
arista 1
f5 5
paloalto 1
freebsd_advisory 1
altlinux 5
symantec 1
aix 1
archlinux 2
citrix 1
thn 1
debiancve 1
cve 1
ubuntucve 2
nessus
nessus
Oracle Linux 6 : openssl (ELSA-2016-0996)
2016-05-16 00:00:00
CentOS 6 : openssl (CESA-2016:0996)
2016-05-17 00:00:00
RHEL 7 : openssl (RHSA-2016:0722)
2016-05-11 00:00:00
ibm
ibm
Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple openssl vulnerabilities
2018-06-18 01:33:29
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Security Network Protection
2018-06-16 21:42:54
Security Bulletin: Multiple vulnerabilities in OpenSSL affect PowerKVM
2018-06-18 01:32:18
centos
centos
openssl security update
2016-05-16 10:25:52
openssl security update
2016-05-09 08:40:50
oraclelinux
oraclelinux
openssl-fips security update
2016-06-15 00:00:00
openssl security update
2016-05-09 00:00:00
openssl security update
2016-05-13 00:00:00
openvas
openvas
CentOS Update for openssl CESA-2016:0722 centos7
2016-05-10 00:00:00
RedHat Update for openssl RHSA-2016:0996-01
2016-05-11 00:00:00
Oracle: Security Advisory (ELSA-2016-0722)
2016-05-09 00:00:00
redhat
redhat
(RHSA-2016:2073) Important: openssl security update
2016-10-18 06:21:20
(RHSA-2016:0722) Important: openssl security update
2016-05-09 04:44:04
(RHSA-2016:0996) Important: openssl security update
2016-05-10 07:00:21
suse
suse
Security update for openssl (important)
2016-05-05 13:11:19
Security update for openssl (important)
2016-05-05 18:08:51
Security update for openssl1 (important)
2016-05-03 22:08:22
ubuntu
ubuntu
OpenSSL vulnerabilities
2016-05-03 00:00:00
amazon
amazon
Important: openssl
2016-05-03 10:30:00
osv
osv
openssl - security update
2016-05-03 00:00:00
openssl - security update
2016-05-03 00:00:00
cloudfoundry
cloudfoundry
USN-2959-1 OpenSSL vulnerabilities | Cloud Foundry
2016-05-06 00:00:00
mageia
mageia
Updated openssl packages fix security vulnerability
2016-05-08 00:22:48
fedora
fedora
[SECURITY] Fedora 24 Update: openssl-1.0.2h-1.fc24
2016-05-07 12:15:14
[SECURITY] Fedora 23 Update: openssl-1.0.2h-1.fc23
2016-05-04 18:54:36
[SECURITY] Fedora 22 Update: openssl-1.0.1k-15.fc22
2016-05-10 17:58:11
nodejsblog
nodejsblog
OpenSSL updates, 1.0.1t and 1.0.2h
2016-05-02 00:00:00
slackware
slackware
[slackware-security] openssl
2016-05-03 21:05:31
freebsd
freebsd
OpenSSL -- multiple vulnerabilities
2016-05-03 00:00:00
debian
debian
[SECURITY] [DLA 456-1] openssl security update
2016-05-03 20:53:46
[SECURITY] [DSA 3566-1] openssl security update
2016-05-03 18:24:21
cisco
cisco
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016
2016-05-04 19:30:00
fortinet
fortinet
OpenSSL Advisory - May 2016
2016-09-22 00:00:00
huawei
huawei
Security Advisory - Multiple Vulnerabilities in OpenSSL in May 2016
2016-07-06 00:00:00
arista
arista
Security Advisory 0020
2016-05-06 00:00:00
f5
f5
K07538415 : Multiple OpenSSL vulnerabilities
2016-05-04 00:00:00
SOL07538415 - Multiple OpenSSL vulnerabilities
2016-05-03 00:00:00
K52349521 : OpenSSL vulnerability CVE-2016-2842
2016-04-27 00:00:00
paloalto
paloalto
OpenSSL Vulnerabilities
2016-09-02 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-16:17.openssl
2016-05-04 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.2h-alt1
2016-05-03 00:00:00
Security fix for the ALT Linux 10 package openssl1.1 version 1.0.2h-alt1
2016-05-03 00:00:00
Security fix for the ALT Linux 8 package openssl10 version 1.0.2h-alt1
2016-05-04 00:00:00
symantec
symantec
SA123 : OpenSSL Vulnerabilities 3-May-2016
2016-05-09 08:00:00
aix
aix
Vulnerabilities in OpenSSL affect AIX
2016-07-12 14:14:43
archlinux
archlinux
lib32-openssl: multiple issues
2016-05-04 00:00:00
openssl: multiple issues
2016-05-04 00:00:00
citrix
citrix
Citrix XenServer 7.2 Multiple Security Updates
2018-03-29 04:00:00
thn
thn
High-Severity OpenSSL Vulnerability allows Hackers to Decrypt HTTPS Traffic
2016-05-04 23:31:00
debiancve
debiancve
CVE-2016-0799
2016-03-03 20:59:00
cve
cve
CVE-2016-2842
2016-03-03 20:59:00
ubuntucve
ubuntucve
CVE-2016-2842
2016-03-03 00:00:00
CVE-2016-0799
2016-03-01 00:00:00
JSON
Related for SL_20160510_OPENSSL_ON_SL6_X.NASL
nessus43ibm52centos2oraclelinux6openvas36redhat3suse15ubuntu1amazon1osv2cloudfoundry1mageia1fedora5nodejsblog1slackware1freebsd1debian2cisco1fortinet1huawei1arista1f55paloalto1freebsd_advisory1altlinux5symantec1aix1archlinux2citrix1thn1debiancve1cve1ubuntucve2