Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

TencentOS Server 2: openssl (TSSA-2023:0331)

🗓️ 16 Jun 2025 00:00:00Reported by TenableType 
nessus
 nessus🔗 www.tenable.com👁 3 Views

TencentOS Server 2 is affected by vulnerabilities in OpenSSL prior to tested version TSSA-2023:0331.

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins		Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for Digital Payments
2 Oct 201819:55
ibm
IBM Security Bulletins		Security Bulletin: Security vulnerability in OpenSSL (CVE-2017-3736)
15 Jun 201807:09
ibm
IBM Security Bulletins		Security Bulletin: Multiple vulnerabilities in Open Source OpenSSL affect IBM Netezza Host Management
18 Oct 201903:10
ibm
IBM Security Bulletins		Security Bulletin: Multiple vulnerabilities in IBM HTTP Server affects Netezza Performance Portal
18 Oct 201903:36
ibm
IBM Security Bulletins		Security Bulletin: WebSphere DataPower Appliances is affected by multiple issues
11 Sep 201813:21
ibm
IBM Security Bulletins		Security Bulletin: Multiple security vulnerabilities have been identified in Open SSL, which is shipped with IBM Tivoli Network Manager IP Edition.
28 Jun 202322:02
ibm
IBM Security Bulletins		Security Bulletin: Multiple vulnerabilities in IBM® Java™ SDK and IBM® Java™ Runtime affect IBM® Intelligent Operations Center products
21 Dec 201811:10
ibm
IBM Security Bulletins		Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Application Developer for WebSphere Software
4 Oct 201818:30
ibm
IBM Security Bulletins		Security Bulletin: IBM Sterling Connect:Express for UNIX is Affected by the Following OpenSSL Vulnerabilities (CVE-2017-3736, CVE-2017-3737, CVE-2017-3738)
24 Jul 202022:49
ibm
IBM Security Bulletins		Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus, IBM App Connect Enterpise v11 and WebSphere Message Broker
23 Mar 202020:41
ibm
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Tencent Linux Security Advisory TSSA-2023:0331.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(238923);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/11/20");

  script_cve_id("CVE-2017-3736", "CVE-2017-3737", "CVE-2017-3738");

  script_name(english:"TencentOS Server 2: openssl (TSSA-2023:0331)");

  script_set_attribute(attribute:"synopsis", value:
"The remote TencentOS Server 2 host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is,
therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0331 advisory.

    Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:

    CVE-2017-3736:
    There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and
    1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as
    a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH
    are considered just feasible (although very difficult) because most of the work necessary to deduce
    information about a private key may be performed offline. The amount of resources required for such an
    attack would be very significant and likely only accessible to a limited number of attackers. An attacker
    would additionally need online access to an unpatched system using the target private key in a scenario
    with persistent DH parameters and a private key that is shared between multiple clients. This only affects
    processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later
    or AMD Ryzen.

    CVE-2017-3737:
    OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an error state mechanism. The intent was that if
    a fatal error occurred during a handshake then OpenSSL would move into the error state and would
    immediately fail if you attempted to continue the handshake. This works as designed for the explicit
    handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not
    work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails
    then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is
    subsequently called by the application for the same SSL object then it will succeed and the data is passed
    without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue
    an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued
    after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL
    1.0.2n. OpenSSL 1.1.0 is not affected.

    CVE-2017-3738:
    There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with
    1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a
    result of this defect would be very difficult to perform and are not believed likely. Attacks against
    DH1024 are considered just feasible, because most of the work necessary to deduce information about a
    private key may be performed offline. The amount of resources required for such an attack would be
    significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024
    private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects
    processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The
    impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version
    1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue
    we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h
    when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository.

Tenable has extracted the preceding description block directly from the Tencent Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://mirrors.tencent.com/tlinux/errata/tssa-20180031.xml");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-3738");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2017-3736");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/04/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/04/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/06/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:tencent:tencentos_server:2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:tencent:tencentos_server:openssl");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tencent Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/etc/os-release", "Host/TencentOS/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'TencentOS' >!< os_product) audit(AUDIT_OS_NOT, 'TencentOS');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'TencentOS');
if (! preg(pattern:"^2([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'TencentOS 2.x', 'TencentOS ' + os_version);

if (!get_kb_item('Host/TencentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'TencentOS', cpu);

var constraints = [
  {
    'release': '2',
    'pkgs': [
      {'reference':'openssl-1.0.2k-19.tl2', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'openssl-1.0.2k-19.tl2', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'openssl-debuginfo-1.0.2k-19.tl2', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'openssl-debuginfo-1.0.2k-19.tl2', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'openssl-devel-1.0.2k-19.tl2', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'openssl-devel-1.0.2k-19.tl2', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'openssl-libs-1.0.2k-19.tl2', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'openssl-libs-1.0.2k-19.tl2', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'openssl-perl-1.0.2k-19.tl2', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'openssl-perl-1.0.2k-19.tl2', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'openssl-static-1.0.2k-19.tl2', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'openssl-static-1.0.2k-19.tl2', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssl / openssl-debuginfo / openssl-devel / etc');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
20 Nov 2025 00:00Current
7.1High risk
Vulners AI Score7.1
CVSS 24.3
CVSS 36.5
CVSS 3.15.9
EPSS0.42931
tencentos serveropenssl vulnerabilitiescve-2017-3736cve-2017-3737package updates
3