TencentOS Server 3: openssl (TSSA-2023:0021)

🗓️ 16 Jun 2025 00:00:00Reported by TenableType

TencentOS Server 3 is vulnerable to OpenSSL RSA decryption flaw as per TSSA-2023:0021 advisory.

Reporter	Title	Published	Views	Family All 524
ALT Linux	Security fix for the ALT Linux 9 package openssl1.1 version 1.1.1t-alt1	20 Feb 202300:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 10 package openssl1.1 version 1.1.1t-alt1	10 Feb 202300:00	–	altlinux
IBM Security Bulletins	Security Bulletin: IBM MQ for HP NonStop Server is affected by multiple OpenSSL vulnerabilities	7 Mar 202316:55	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to multiple OpenSSl denial of service vulnerabilities.	5 Jul 202320:58	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Command Center is affected by multiple vulnerabilities	4 May 202320:23	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM SDK for Node.js and packaged modules affect IBM Business Automation Workflow Configuration Editor	1 Mar 202309:00	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Verify Access Appliance has multiple security vulnerabilities	14 Oct 202305:03	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System [CVE-2022-4304, CVE-2023-0215, CVE-2023-0286]	27 Sep 202411:53	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Spectrum Conductor openssl 1.1.1 End of Life	5 Oct 202320:31	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in OpenSSL affects IBM Rational ClearCase	3 Oct 202314:09	–	ibm

Source	Link
mirrors	www.mirrors.tencent.com/tlinux/errata/tssa-20230021.xml
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Tencent Linux Security Advisory TSSA-2023:0021.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(240033);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/11/20");

  script_cve_id("CVE-2022-4304");

  script_name(english:"TencentOS Server 3: openssl (TSSA-2023:0021)");

  script_set_attribute(attribute:"synopsis", value:
"The remote TencentOS Server 3 host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is,
therefore, affected by a vulnerability as referenced in the TSSA-2023:0021 advisory.

    Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:

      CVE-2022-4304:
      A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be
    sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a
    successful decryption an attacker would have to be able to send a very large number of trial messages for
    decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For
    example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to
    the server. An attacker that had observed a genuine connection between a client and a server could use
    this flaw to send trial messages to the server and record the time taken to process them. After a
    sufficiently large number of messages the attacker could recover the pre-master secret used for the
    original connection and thus be able to decrypt the application data sent over that connection.

Tenable has extracted the preceding description block directly from the Tencent Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://mirrors.tencent.com/tlinux/errata/tssa-20230021.xml");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-4304");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/02/23");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/02/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/06/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:tencent:tencentos_server:3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:tencent:tencentos_server:openssl");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tencent Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/etc/os-release", "Host/TencentOS/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'TencentOS' >!< os_product) audit(AUDIT_OS_NOT, 'TencentOS');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'TencentOS');
if (! preg(pattern:"^3([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'TencentOS 3.x', 'TencentOS ' + os_version);

if (!get_kb_item('Host/TencentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'TencentOS', cpu);

var constraints = [
  {
    'release': '3',
    'pkgs': [
      {'reference':'openssl-1.1.1k-7.tl3', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'openssl-1.1.1k-7.tl3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'openssl-debuginfo-1.1.1k-7.tl3', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'openssl-debuginfo-1.1.1k-7.tl3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'openssl-debugsource-1.1.1k-7.tl3', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'openssl-debugsource-1.1.1k-7.tl3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'openssl-devel-1.1.1k-7.tl3', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'openssl-devel-1.1.1k-7.tl3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'openssl-libs-1.1.1k-7.tl3', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'openssl-libs-1.1.1k-7.tl3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'openssl-libs-debuginfo-1.1.1k-7.tl3', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'openssl-libs-debuginfo-1.1.1k-7.tl3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'openssl-perl-1.1.1k-7.tl3', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'openssl-perl-1.1.1k-7.tl3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'openssl-static-1.1.1k-7.tl3', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'openssl-static-1.1.1k-7.tl3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssl / openssl-debuginfo / openssl-debugsource / etc');
}

20 Nov 2025 00:00Current

7.9High risk

Vulners AI Score7.9

CVSS 3.15.9

EPSS0.00224

SSVC