Lucene search
This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.SUSE_11_3_LIBOPENSSL-DEVEL-110210.NASLHistoryJun 13, 2014 - 12:00 a.m.
openSUSE Security Update : libopenssl-devel (libopenssl-devel-3937)
2014-06-1300:00:00
This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.
www.tenable.com
14
This update improves the ClientHello handshake message parsing function. Prior to this update is was possible that this function reads beyond the end of a message leading to invalid memory access and a crash. Under some circumstances it was possible that information from the OCSP extensions was disclosed. (CVE-2011-0014: CVSS v2 Base Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:N/A:P))
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update libopenssl-devel-3937.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(75595);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2011-0014");
script_name(english:"openSUSE Security Update : libopenssl-devel (libopenssl-devel-3937)");
script_summary(english:"Check for the libopenssl-devel-3937 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"This update improves the ClientHello handshake message parsing
function. Prior to this update is was possible that this function
reads beyond the end of a message leading to invalid memory access and
a crash. Under some circumstances it was possible that information
from the OCSP extensions was disclosed. (CVE-2011-0014: CVSS v2 Base
Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:N/A:P))"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=670526"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected libopenssl-devel packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl0_9_8");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl0_9_8-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl1_0_0");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openssl");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.3");
script_set_attribute(attribute:"patch_publication_date", value:"2011/02/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE11\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE11.3", reference:"libopenssl-devel-1.0.0-6.7.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"libopenssl0_9_8-0.9.8m-3.3.2") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"libopenssl1_0_0-1.0.0-6.7.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"openssl-1.0.0-6.7.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", cpu:"x86_64", reference:"libopenssl0_9_8-32bit-0.9.8m-3.3.2") ) flag++;
if ( rpm_check(release:"SUSE11.3", cpu:"x86_64", reference:"libopenssl1_0_0-32bit-1.0.0-6.7.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | opensuse | libopenssl-devel | p-cpe:/a:novell:opensuse:libopenssl-devel |
| novell | opensuse | libopenssl0_9_8 | p-cpe:/a:novell:opensuse:libopenssl0_9_8 |
| novell | opensuse | libopenssl0_9_8-32bit | p-cpe:/a:novell:opensuse:libopenssl0_9_8-32bit |
| novell | opensuse | libopenssl1_0_0 | p-cpe:/a:novell:opensuse:libopenssl1_0_0 |
| novell | opensuse | libopenssl1_0_0-32bit | p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit |
| novell | opensuse | openssl | p-cpe:/a:novell:opensuse:openssl |
| novell | opensuse | 11.3 | cpe:/o:novell:opensuse:11.3 |
Related
nessus
nessus
RHEL 6 : openssl (RHSA-2011:0677)
2011-05-20 00:00:00
Fedora 15 : mingw32-openssl-1.0.0d-1.fc15 (2011-5878)
2011-04-29 00:00:00
openSUSE Security Update : libopenssl-devel (libopenssl-devel-3937)
2011-05-05 00:00:00
openvas
openvas
RedHat Update for openssl RHSA-2011:0677-01
2012-06-06 00:00:00
Mandriva Update for openssl MDVSA-2011:028 (openssl)
2011-02-18 00:00:00
Mandriva Update for openssl MDVSA-2011:028 (openssl)
2011-02-18 00:00:00
fedora
fedora
[SECURITY] Fedora 15 Update: mingw32-openssl-1.0.0d-1.fc15
2011-04-28 19:24:32
[SECURITY] Fedora 13 Update: mingw32-openssl-1.0.0-0.7.beta4.fc13
2011-05-01 20:55:36
[SECURITY] Fedora 14 Update: mingw32-openssl-1.0.0a-2.fc14
2011-05-01 20:55:18
slackware
slackware
[slackware-security] openssl
2011-02-11 01:17:47
cve
cve
CVE-2011-0014
2011-02-19 01:00:00
prion
prion
Spoofing
2011-02-19 01:00:00
altlinux
altlinux
Security fix for the ALT Linux 7 package openssl10 version 1.0.0d-alt1
2011-02-09 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.0d-alt1
2011-02-09 00:00:00
Security fix for the ALT Linux 9 package openssl10 version 1.0.0d-alt1
2011-02-09 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:59:10
debiancve
debiancve
CVE-2011-0014
2011-02-19 01:00:00
f5
f5
K10534046 : OpenSSL vulnerability CVE-2011-0014
2019-06-27 00:00:00
securityvulns
securityvulns
OpenSSL DoS
2011-02-15 00:00:00
[SECURITY] [DSA 2162-1] openssl security update
2011-02-15 00:00:00
HP Insight Control multiple security vulnerabilities
2011-04-26 00:00:00
redhat
redhat
(RHSA-2011:0677) Moderate: openssl security, bug fix, and enhancement update
2011-05-19 00:00:00
ubuntu
ubuntu
OpenSSL vulnerability
2011-02-15 00:00:00
debian
debian
[SECURITY] [DSA 2162-1] openssl security update
2011-02-14 15:22:27
[BSA-060] Security Update for openssl
2011-11-14 04:20:38
ubuntucve
ubuntucve
CVE-2011-0014
2011-02-09 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2011-0014
2011-02-08 00:00:00
oraclelinux
oraclelinux
openssl security, bug fix, and enhancement update
2011-05-28 00:00:00
openssl-fips security update
2015-04-02 00:00:00
openssl security update
2016-09-27 00:00:00
ibm
ibm
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2011-10-09 00:00:00
vmware
vmware
VMware vSphere and vCOps updates to third party libraries
2012-08-30 00:00:00
VMware vSphere and vCOps updates to third party libraries
2012-08-30 00:00:00
Related for SUSE_11_3_LIBOPENSSL-DEVEL-110210.NASL