Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-1357-1.NASL
HistoryFeb 10, 2012 - 12:00 a.m.

Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : openssl vulnerabilities (USN-1357-1)

2012-02-1000:00:00
Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
JSON

It was discovered that the elliptic curve cryptography (ECC) subsystem in OpenSSL, when using the Elliptic Curve Digital Signature Algorithm (ECDSA) for the ECDHE_ECDSA cipher suite, did not properly implement curves over binary fields. This could allow an attacker to determine private keys via a timing attack. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1945)

Adam Langley discovered that the ephemeral Elliptic Curve Diffie-Hellman (ECDH) functionality in OpenSSL did not ensure thread safety while processing handshake messages from clients. This could allow a remote attacker to cause a denial of service via out-of-order messages that violate the TLS protocol. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04.
(CVE-2011-3210)

Nadhem Alfardan and Kenny Paterson discovered that the Datagram Transport Layer Security (DTLS) implementation in OpenSSL performed a MAC check only if certain padding is valid. This could allow a remote attacker to recover plaintext. (CVE-2011-4108)

Antonio Martin discovered that a flaw existed in the fix to address CVE-2011-4108, the DTLS MAC check failure. This could allow a remote attacker to cause a denial of service. (CVE-2012-0050)

Ben Laurie discovered a double free vulnerability in OpenSSL that could be triggered when the X509_V_FLAG_POLICY_CHECK flag is enabled.
This could allow a remote attacker to cause a denial of service. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-4109)

It was discovered that OpenSSL, in certain circumstances involving ECDH or ECDHE cipher suites, used an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves. This could allow a remote attacker to obtain the private key of a TLS server via multiple handshake attempts. This issue only affected Ubuntu 8.04 LTS. (CVE-2011-4354)

Adam Langley discovered that the SSL 3.0 implementation in OpenSSL did not properly initialize data structures for block cipher padding. This could allow a remote attacker to obtain sensitive information.
(CVE-2011-4576)

Andrew Chi discovered that OpenSSL, when RFC 3779 support is enabled, could trigger an assert when handling an X.509 certificate containing certificate-extension data associated with IP address blocks or Autonomous System (AS) identifiers. This could allow a remote attacker to cause a denial of service. (CVE-2011-4577)

Adam Langley discovered that the Server Gated Cryptography (SGC) implementation in OpenSSL did not properly handle handshake restarts.
This could allow a remote attacker to cause a denial of service.
(CVE-2011-4619)

Andrey Kulikov discovered that the GOST block cipher engine in OpenSSL did not properly handle invalid parameters. This could allow a remote attacker to cause a denial of service via crafted data from a TLS client. This issue only affected Ubuntu 11.10. (CVE-2012-0027).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-1357-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(57887);
  script_version("1.11");
  script_cvs_date("Date: 2019/09/19 12:54:27");

  script_cve_id("CVE-2011-1945", "CVE-2011-3210", "CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4354", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2012-0027", "CVE-2012-0050");
  script_bugtraq_id(47888, 49471, 50882, 51281, 51563);
  script_xref(name:"USN", value:"1357-1");

  script_name(english:"Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : openssl vulnerabilities (USN-1357-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"It was discovered that the elliptic curve cryptography (ECC) subsystem
in OpenSSL, when using the Elliptic Curve Digital Signature Algorithm
(ECDSA) for the ECDHE_ECDSA cipher suite, did not properly implement
curves over binary fields. This could allow an attacker to determine
private keys via a timing attack. This issue only affected Ubuntu 8.04
LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1945)

Adam Langley discovered that the ephemeral Elliptic Curve
Diffie-Hellman (ECDH) functionality in OpenSSL did not ensure thread
safety while processing handshake messages from clients. This could
allow a remote attacker to cause a denial of service via out-of-order
messages that violate the TLS protocol. This issue only affected
Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04.
(CVE-2011-3210)

Nadhem Alfardan and Kenny Paterson discovered that the Datagram
Transport Layer Security (DTLS) implementation in OpenSSL performed a
MAC check only if certain padding is valid. This could allow a remote
attacker to recover plaintext. (CVE-2011-4108)

Antonio Martin discovered that a flaw existed in the fix to address
CVE-2011-4108, the DTLS MAC check failure. This could allow a remote
attacker to cause a denial of service. (CVE-2012-0050)

Ben Laurie discovered a double free vulnerability in OpenSSL that
could be triggered when the X509_V_FLAG_POLICY_CHECK flag is enabled.
This could allow a remote attacker to cause a denial of service. This
issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10
and Ubuntu 11.04. (CVE-2011-4109)

It was discovered that OpenSSL, in certain circumstances involving
ECDH or ECDHE cipher suites, used an incorrect modular reduction
algorithm in its implementation of the P-256 and P-384 NIST elliptic
curves. This could allow a remote attacker to obtain the private key
of a TLS server via multiple handshake attempts. This issue only
affected Ubuntu 8.04 LTS. (CVE-2011-4354)

Adam Langley discovered that the SSL 3.0 implementation in OpenSSL did
not properly initialize data structures for block cipher padding. This
could allow a remote attacker to obtain sensitive information.
(CVE-2011-4576)

Andrew Chi discovered that OpenSSL, when RFC 3779 support is enabled,
could trigger an assert when handling an X.509 certificate containing
certificate-extension data associated with IP address blocks or
Autonomous System (AS) identifiers. This could allow a remote attacker
to cause a denial of service. (CVE-2011-4577)

Adam Langley discovered that the Server Gated Cryptography (SGC)
implementation in OpenSSL did not properly handle handshake restarts.
This could allow a remote attacker to cause a denial of service.
(CVE-2011-4619)

Andrey Kulikov discovered that the GOST block cipher engine in OpenSSL
did not properly handle invalid parameters. This could allow a remote
attacker to cause a denial of service via crafted data from a TLS
client. This issue only affected Ubuntu 11.10. (CVE-2012-0027).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/1357-1/"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Update the affected libssl0.9.8, libssl1.0.0 and / or openssl
packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openssl");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/05/31");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/02/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/02/10");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(8\.04|10\.04|10\.10|11\.04|11\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 8.04 / 10.04 / 10.10 / 11.04 / 11.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"8.04", pkgname:"libssl0.9.8", pkgver:"0.9.8g-4ubuntu3.15")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"openssl", pkgver:"0.9.8g-4ubuntu3.15")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"libssl0.9.8", pkgver:"0.9.8k-7ubuntu8.8")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"openssl", pkgver:"0.9.8k-7ubuntu8.8")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"libssl0.9.8", pkgver:"0.9.8o-1ubuntu4.6")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"openssl", pkgver:"0.9.8o-1ubuntu4.6")) flag++;
if (ubuntu_check(osver:"11.04", pkgname:"libssl0.9.8", pkgver:"0.9.8o-5ubuntu1.2")) flag++;
if (ubuntu_check(osver:"11.04", pkgname:"openssl", pkgver:"0.9.8o-5ubuntu1.2")) flag++;
if (ubuntu_check(osver:"11.10", pkgname:"libssl1.0.0", pkgver:"1.0.0e-2ubuntu4.2")) flag++;
if (ubuntu_check(osver:"11.10", pkgname:"openssl", pkgver:"1.0.0e-2ubuntu4.2")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libssl0.9.8 / libssl1.0.0 / openssl");
}
VendorProductVersionCPE
canonicalubuntu_linuxlibssl0.9.8p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8
canonicalubuntu_linuxlibssl1.0.0p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0
canonicalubuntu_linuxopensslp-cpe:/a:canonical:ubuntu_linux:openssl
canonicalubuntu_linux10.04cpe:/o:canonical:ubuntu_linux:10.04:-:lts
canonicalubuntu_linux10.10cpe:/o:canonical:ubuntu_linux:10.10
canonicalubuntu_linux11.04cpe:/o:canonical:ubuntu_linux:11.04
canonicalubuntu_linux11.10cpe:/o:canonical:ubuntu_linux:11.10
canonicalubuntu_linux8.04cpe:/o:canonical:ubuntu_linux:8.04:-:lts

Related

openvas 53
ubuntu 1
securityvulns 3
nessus 52
gentoo 1
freebsd 3
suse 3
debian 2
oraclelinux 3
osv 1
aix 1
redhat 7
fedora 5
centos 3
amazon 1
ibm 9
debiancve 8
freebsd_advisory 1
openssl 5
prion 6
f5 10
ubuntucve 5
cve 6
cert 1
rosalinux 1
checkpoint_advisories 2
veracode 5
thn 1
openvas
openvas
Ubuntu Update for openssl USN-1357-1
2012-02-13 00:00:00
Ubuntu: Security Advisory (USN-1357-1)
2012-02-13 00:00:00
Gentoo Security Advisory GLSA 201203-12 (openssl)
2012-03-12 00:00:00
ubuntu
ubuntu
OpenSSL vulnerabilities
2012-02-09 00:00:00
securityvulns
securityvulns
OpenSSL library multiple security vulnerabilities
2012-01-20 00:00:00
HP Onboard Administrator multiple security vulnerabilities
2012-06-17 00:00:00
[security bulletin] HPSBMU02776 SSRT100852 rev.1 - HP Onboard Administrator &#40;OA&#41;, Remote Unauthorized Access to Data, Unauthorized Disclosure of Information Denial of Service &#40;DoS&#41;
2012-06-17 00:00:00
nessus
nessus
GLSA-201203-12 : OpenSSL: Multiple vulnerabilities
2012-03-06 00:00:00
Oracle Solaris Third-Party Patch Update : openssl (cve_2012_0050_denial_of)
2015-01-19 00:00:00
OpenSSL 0.9.8 < 0.9.8s / 1.x < 1.0.0f Multiple Vulnerabilities
2012-01-05 00:00:00
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2012-03-06 00:00:00
freebsd
freebsd
OpenSSL -- multiple vulnerabilities
2012-01-04 00:00:00
OpenSSL -- DTLS Denial of Service
2012-01-18 00:00:00
FreeBSD -- OpenSSL multiple vulnerabilities
2012-05-03 00:00:00
suse
suse
openssl: fixing various security issues (important)
2012-01-16 17:08:14
Security update for OpenSSL (important)
2012-01-16 17:08:28
Security update for openssl (important)
2012-05-30 23:08:17
debian
debian
[SECURITY] [DSA 2390-1] openssl security update
2012-01-15 20:23:51
[BSA-060] Security Update for openssl
2011-11-16 11:49:36
oraclelinux
oraclelinux
openssl security update
2012-01-24 00:00:00
openssl security update
2012-01-24 00:00:00
openssl security update
2012-02-01 00:00:00
osv
osv
openssl - several
2012-01-15 00:00:00
aix
aix
Multiple OpenSSL vulnerabilities
2012-03-21 13:02:49
redhat
redhat
(RHSA-2012:0060) Moderate: openssl security update
2012-01-24 00:00:00
(RHSA-2012:0059) Moderate: openssl security update
2012-01-24 00:00:00
(RHSA-2012:0109) Important: rhev-hypervisor6 security and bug fix update
2012-02-15 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: openssl-1.0.0f-1.fc16
2012-01-11 06:13:34
[SECURITY] Fedora 15 Update: openssl-1.0.0f-1.fc15
2012-01-15 20:10:09
[SECURITY] Fedora 16 Update: openssl-1.0.0g-1.fc16
2012-01-22 05:27:15
centos
centos
openssl security update
2012-01-30 20:25:59
openssl security update
2012-01-24 21:54:22
openssl security update
2012-02-01 22:15:00
amazon
amazon
Medium: openssl
2012-02-02 14:24:00
ibm
ibm
Security Bulletin: IBM InfoSphere Balanced Warehouse C3000, C4000 and D5100 and IBM Smart Analytics System 1050, 2050, 5600 and 5710 are affected by vulnerabilities in OpenSSL
2022-09-25 23:13:40
Security Bulletin: IBM XIV Storage System Gen3 (CVE-2011-4619, CVE-2011-4576, CVE-2011-3210, CVE-2012-4829)
2022-09-26 04:23:14
Security Bulletin: Storage HMC OpenSSL upgrade to address cryptographic vulnerabilities.
2018-06-18 00:07:41
debiancve
debiancve
CVE-2012-0050
2012-01-19 19:55:00
CVE-2011-4354
2012-01-27 00:55:00
CVE-2012-0027
2012-01-06 01:55:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-12:01.openssl
2012-05-30 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2012-0050
2012-01-04 00:00:00
Vulnerability in OpenSSL CVE-2012-0027
2012-01-04 00:00:00
Vulnerability in OpenSSL CVE-2011-4109
2012-01-04 00:00:00
prion
prion
Design/Logic Flaw
2012-01-19 19:55:00
Authentication flaw
2012-01-27 00:55:00
Code injection
2011-09-22 10:55:00
f5
f5
K15417 : OpenSSL vulnerability CVE-2012-0050
2014-08-14 00:00:00
SOL15417 - OpenSSL vulnerability CVE-2012-0050
2014-07-17 00:00:00
K15427 : OpenSSL vulnerability CVE-2011-4354
2014-07-17 00:00:00
ubuntucve
ubuntucve
CVE-2012-0050
2012-01-19 00:00:00
CVE-2011-4354
2012-01-26 00:00:00
CVE-2011-4109
2012-01-05 00:00:00
cve
cve
CVE-2012-0050
2012-01-19 19:55:00
CVE-2011-4354
2012-01-27 00:55:00
CVE-2011-3210
2011-09-22 10:55:00
cert
cert
Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL
2013-03-18 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1939
2021-07-02 17:38:47
checkpoint_advisories
checkpoint_advisories
OpenSSL Handshake Sequence Cipher Suite Use-After-Free (CVE-2011-3210)
2012-05-14 00:00:00
OpenSSL Handshake Requests ECDH Use-After-Free (CVE-2011-3210)
2012-05-14 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 01:09:45
Denial Of Service (DoS)
2017-02-10 00:54:46
Denial Of Service (DoS)
2020-04-10 01:06:27
thn
thn
Hackers Take Over US Voting Machines In Just 90 Minutes
2017-07-30 22:32:00
JSON
Related for UBUNTU_USN-1357-1.NASL
openvas53ubuntu1securityvulns3nessus52gentoo1freebsd3suse3debian2oraclelinux3osv1aix1redhat7fedora5centos3amazon1ibm9debiancve8freebsd_advisory1openssl5prion6f510ubuntucve5cve6cert1rosalinux1checkpoint_advisories2veracode5thn1