Lucene search
K

TencentOS Server 4: openssl (TSSA-2024:0288)

🗓️ 16 Jun 2025 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 1 Views

TencentOS Server 4 prior versions have vulnerabilities; update to mitigate denial of service risks.

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin: The following vulnerabilities that can affect IBM Storage Scale System are now fixed in Storage Scale System 6.2.3.3 and 7.0.0.0 or higher
15 Dec 202520:22
ibm
IBM Security Bulletins
Security Bulletin: Multiple Vulnerabilities in IBM API Connect
15 Mar 202500:18
ibm
IBM Security Bulletins
Security Bulletin: IBM Watson Speech Services Cartridge v5.1.1 is vulnerable to multiple Operator package issues
2 Apr 202517:43
ibm
IBM Security Bulletins
Security Bulletin: IBM MaaS360 Cloud Extender VPN Module affected by vulnerability (CVE-2024-4741)
17 Jul 202414:49
ibm
IBM Security Bulletins
Security Bulletin: IBM QRadar Wincollect is using components with known vulnerabilities
9 Jul 202417:03
ibm
IBM Security Bulletins
Security Bulletin: This Power System update is being released to address CVE-2024-2511
16 May 202516:16
ibm
IBM Security Bulletins
Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to multiple Operator package issues
1 May 202521:38
ibm
IBM Security Bulletins
Security Bulletin: Multiple Vulnerabilities have been identified in IBM MQ shipped with IBM WebSphere Remote Server
19 Sep 202415:55
ibm
IBM Security Bulletins
Security Bulletin: Security vulnerability found in package openssl shipped with IBM CICS TX Advanced.
17 Feb 202515:16
ibm
IBM Security Bulletins
Security Bulletin: IBM DataPower Gateway vulnerable to DoS due to OpenSSL (CVE-2024-2511)
9 Jul 202415:27
ibm
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Tencent Linux Security Advisory TSSA-2024:0288.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(240048);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/11/20");

  script_cve_id("CVE-2024-2511", "CVE-2024-4603", "CVE-2024-4741");

  script_name(english:"TencentOS Server 4: openssl (TSSA-2024:0288)");

  script_set_attribute(attribute:"synopsis", value:
"The remote TencentOS Server 4 host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is,
therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0288 advisory.

    Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:

    CVE-2024-2511:
    Issue summary: Some non-default TLS server configurations can cause unbounded
    memory growth when processing TLSv1.3 sessions

    Impact summary: An attacker may exploit certain server configurations to trigger
    unbounded memory growth that would lead to a Denial of Service

    This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is
    being used (but not if early_data support is also configured and the default
    anti-replay protection is in use). In this case, under certain conditions, the
    session cache can get into an incorrect state and it will fail to flush properly
    as it fills. The session cache will continue to grow in an unbounded manner. A
    malicious client could deliberately create the scenario for this failure to
    force a Denial of Service. It may also happen by accident in normal operation.

    This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS
    clients.

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL
    1.0.2 is also not affected by this issue.

    CVE-2024-4741:
    A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may
    cause memory to be accessed that was previously freed in some situations.

    CVE-2024-4603:
    Issue summary: Checking excessively long DSA keys or parameters may be very
    slow.

    Impact summary: Applications that use the functions EVP_PKEY_param_check()
    or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may
    experience long delays. Where the key or parameters that are being checked
    have been obtained from an untrusted source this may lead to a Denial of
    Service.

    The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform
    various checks on DSA parameters. Some of those computations take a long time
    if the modulus (`p` parameter) is too large.

    Trying to use a very large modulus is slow and OpenSSL will not allow using
    public keys with a modulus which is over 10,000 bits in length for signature
    verification. However the key and parameter check functions do not limit
    the modulus size when performing the checks.

    An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()
    and supplies a key or parameters obtained from an untrusted source could be
    vulnerable to a Denial of Service attack.

    These functions are not called by OpenSSL itself on untrusted DSA keys so
    only applications that directly call these functions may be vulnerable.

    Also vulnerable are the OpenSSL pkey and pkeyparam command line applications
    when using the `-check` option.

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

Tenable has extracted the preceding description block directly from the Tencent Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://mirrors.tencent.com/tlinux/errata/tssa-20240288.xml");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-4741");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/08/01");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/08/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/06/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:tencent:tencentos_server:4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:tencent:tencentos_server:openssl");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tencent Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/etc/os-release", "Host/TencentOS/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'TencentOS' >!< os_product) audit(AUDIT_OS_NOT, 'TencentOS');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'TencentOS');
if (! preg(pattern:"^4([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'TencentOS 4.x', 'TencentOS ' + os_version);

if (!get_kb_item('Host/TencentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'TencentOS', cpu);

var constraints = [
  {
    'release': '4',
    'pkgs': [
      {'reference':'openssl-3.0.12-7.tl4', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'openssl-3.0.12-7.tl4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'openssl-debuginfo-3.0.12-7.tl4', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'openssl-debuginfo-3.0.12-7.tl4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'openssl-debugsource-3.0.12-7.tl4', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'openssl-debugsource-3.0.12-7.tl4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'openssl-devel-3.0.12-7.tl4', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'openssl-devel-3.0.12-7.tl4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'openssl-libs-3.0.12-7.tl4', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'openssl-libs-3.0.12-7.tl4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'openssl-libs-debuginfo-3.0.12-7.tl4', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'openssl-libs-debuginfo-3.0.12-7.tl4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'openssl-perl-3.0.12-7.tl4', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'openssl-perl-3.0.12-7.tl4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssl / openssl-debuginfo / openssl-debugsource / etc');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

20 Nov 2025 00:00Current
6.5Medium risk
Vulners AI Score6.5
CVSS 3.17.5
EPSS0.54026
SSVC
1