Vulnerability in OpenSSL - EDIPARTYNAME NULL pointer de-reference
2020-12-08T00:00:00
ID OPENSSL:CVE-2020-1971 Type openssl Reporter OpenSSL Modified 2020-12-08T00:00:00
Description
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Reported by David Benjamin (Google).
Fixed in OpenSSL 1.1.1i (git commit) (Affected 1.1.1-1.1.1h)
Fixed in OpenSSL 1.0.2x (git commit) (Affected 1.0.2-1.0.2w)
{"id": "OPENSSL:CVE-2020-1971", "bulletinFamily": "software", "title": "Vulnerability in OpenSSL - EDIPARTYNAME NULL pointer de-reference ", "description": " The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the \"-crl_download\" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Reported by David Benjamin (Google). \n\n * Fixed in OpenSSL 1.1.1i [(git commit)](<https://github.com/openssl/openssl/commit/f960d81215ebf3f65e03d4d5d857fb9b666d6920>) (Affected 1.1.1-1.1.1h)\n * Fixed in OpenSSL 1.0.2x [(git commit)](<https://github.com/openssl/openssl/commit/2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e>) (Affected 1.0.2-1.0.2w)\n", "published": "2020-12-08T00:00:00", "modified": "2020-12-08T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "href": "https://www.openssl.org/news/secadv/20201208.txt", "reporter": "OpenSSL", "references": [], "cvelist": ["CVE-2020-1971"], "type": "openssl", "lastseen": "2020-12-16T19:23:15", "edition": 3, "viewCount": 93, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-1971"]}, {"type": "cloudlinux", "idList": ["CLSA-2020:1608724134"]}, {"type": "freebsd", "idList": ["08B553ED-537A-11EB-BE6E-0022489AD614", "1D56CFC5-3970-11EB-929D-D4C9EF517024"]}, {"type": "redhat", "idList": ["RHSA-2021:0056", "RHSA-2020:5588", "RHSA-2020:5623", "RHSA-2020:5637", "RHSA-2020:5640", "RHSA-2020:5639", "RHSA-2020:5566", "RHSA-2020:5476", "RHSA-2020:5641", "RHSA-2020:5642"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-5566-1", "ELSA-2020-5476"]}, {"type": "fedora", "idList": ["FEDORA:8C9CB30BDABD", "FEDORA:E700F3072E21"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2492-1:77952", "DEBIAN:DSA-4807-1:B0537", "DEBIAN:DLA-2493-1:D2596"]}, {"type": "amazon", "idList": ["ALAS-2020-1456", "ALAS2-2020-1573"]}, {"type": "nessus", "idList": ["SUSE_SU-2020-3763-1.NASL", "OPENSSL_1_0_2X.NASL", "REDHAT-RHSA-2020-5637.NASL", "REDHAT-RHSA-2020-5566.NASL", "SUSE_SU-2020-3721-1.NASL", "FEDORA_2020-A31B01E945.NASL", "REDHAT-RHSA-2020-5422.NASL", "AL2_ALAS-2020-1573.NASL", "PHOTONOS_PHSA-2020-1_0-0345_OPENSSL.NASL", "ORACLELINUX_ELSA-2020-5476.NASL"]}, {"type": "centos", "idList": ["CESA-2020:5566"]}, {"type": "gentoo", "idList": ["GLSA-202012-13"]}, {"type": "archlinux", "idList": ["ASA-202012-24"]}, {"type": "ubuntu", "idList": ["USN-4662-1"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:BCFE0333C3F2E89FFDF11615D117C9AF"]}], "modified": "2020-12-16T19:23:15", "rev": 2}, "score": {"value": 5.2, "vector": "NONE", "modified": "2020-12-16T19:23:15", "rev": 2}, "vulnersScore": 5.2}, "affectedSoftware": [{"name": "openssl", "operator": "eq", "version": "1.0.2j"}, {"name": "openssl", "operator": "eq", "version": "1.0.2g"}, {"name": "openssl", "operator": "eq", "version": "1.0.2s"}, {"name": "openssl", "operator": "eq", "version": "1.0.2h"}, {"name": "openssl", "operator": "eq", "version": "1.0.2m"}, {"name": "openssl", "operator": "eq", "version": "1.0.2o"}, {"name": "openssl", "operator": "eq", "version": "1.1.1f"}, {"name": "openssl", "operator": "eq", "version": "1.0.2t"}, {"name": "openssl", "operator": "eq", "version": "1.0.2k"}, {"name": "openssl", "operator": "eq", "version": "1.1.1e"}, {"name": "openssl", "operator": "eq", "version": "1.0.2w"}, {"name": "openssl", "operator": "eq", "version": "1.0.2p"}, {"name": "openssl", "operator": "eq", "version": "1.0.2e"}, {"name": "openssl", "operator": "eq", "version": "1.1.1c"}, {"name": "openssl", "operator": "eq", "version": "1.0.2b"}, {"name": "openssl", "operator": "eq", "version": "1.1.1b"}, {"name": "openssl", "operator": "eq", "version": "1.0.2d"}, {"name": "openssl", "operator": "eq", "version": "1.1.1g"}, {"name": "openssl", "operator": "eq", "version": "1.0.2n"}, {"name": "openssl", "operator": "eq", "version": "1.1.1h"}, {"name": "openssl", "operator": "eq", "version": "1.0.2c"}, {"name": "openssl", "operator": "eq", "version": "1.1.1"}, {"name": "openssl", "operator": "eq", "version": "1.0.2r"}, {"name": "openssl", "operator": "eq", "version": "1.0.2f"}, {"name": "openssl", "operator": "eq", "version": "1.0.2l"}, {"name": "openssl", "operator": "eq", "version": "1.0.2q"}, {"name": "openssl", "operator": "eq", "version": "1.0.2i"}, {"name": "openssl", "operator": "eq", "version": "1.1.1a"}, {"name": "openssl", "operator": "eq", "version": "1.0.2u"}, {"name": "openssl", "operator": "eq", "version": "1.1.1d"}, {"name": "openssl", "operator": "eq", "version": "1.0.2a"}, {"name": "openssl", "operator": "eq", "version": "1.0.2"}, {"name": "openssl", "operator": "eq", "version": "1.0.2v"}], "scheme": null}
{"cve": [{"lastseen": "2020-12-24T13:57:53", "description": "The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the \"-crl_download\" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).", "edition": 10, "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-12-08T16:15:00", "title": "CVE-2020-1971", "type": "cve", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1971"], "modified": "2020-12-23T22:15:00", "cpe": ["cpe:/o:debian:debian_linux:10.0", "cpe:/a:openssl:openssl:1.1.1h", "cpe:/a:openssl:openssl:1.0.2w", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2020-1971", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1971", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.1.1h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2w:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"]}], "cloudlinux": [{"lastseen": "2020-12-23T13:43:54", "bulletinFamily": "unix", "cvelist": ["CVE-2020-1971"], "description": "EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)", "modified": "2020-12-09T11:10:00", "published": "2020-12-09T11:10:00", "id": "CLSA-2020:1608724134", "href": "https://repo.cloudlinux.com/centos6-els/updateinfo.xml", "type": "cloudlinux", "title": "Update of openssl-devel, openssl-static, openssl-perl, openssl CVE-2020-1971", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:56", "bulletinFamily": "unix", "cvelist": ["CVE-2020-1971"], "description": "The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. ", "modified": "2020-12-16T01:43:55", "published": "2020-12-16T01:43:55", "id": "FEDORA:8C9CB30BDABD", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: openssl-1.1.1i-1.fc33", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:56", "bulletinFamily": "unix", "cvelist": ["CVE-2020-1971"], "description": "The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. ", "modified": "2020-12-21T01:36:23", "published": "2020-12-21T01:36:23", "id": "FEDORA:E700F3072E21", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: openssl-1.1.1i-1.fc32", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "oraclelinux": [{"lastseen": "2020-12-30T19:19:36", "bulletinFamily": "unix", "cvelist": ["CVE-2020-1971"], "description": "[1.0.2k-21]\n- remove ASN1_F_ASN1_ITEM_EMBED_D2I from openssl-1.0.2k-cve-2020-1971.patch\n[1.0.2k-20]\n- fix CVE-2020-1971 openssl: EDIPARTYNAME NULL pointer de-reference", "edition": 3, "modified": "2020-12-17T00:00:00", "published": "2020-12-17T00:00:00", "id": "ELSA-2020-5566-1", "href": "http://linux.oracle.com/errata/ELSA-2020-5566-1.html", "title": "openssl security update", "type": "oraclelinux", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-17T07:25:51", "bulletinFamily": "unix", "cvelist": ["CVE-2020-1971"], "description": "[1.1.1g-12]\n- Fix CVE-2020-1971 ediparty null pointer dereference\n[1.1.1g-11.1]\n- Implemented new FIPS requirements in regards to KDF and DH selftests\n- Disallow certificates with explicit EC parameters", "edition": 1, "modified": "2020-12-17T00:00:00", "published": "2020-12-17T00:00:00", "id": "ELSA-2020-5476", "href": "http://linux.oracle.com/errata/ELSA-2020-5476.html", "title": "openssl security and bug fix update", "type": "oraclelinux", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "centos": [{"lastseen": "2020-12-18T04:40:08", "bulletinFamily": "unix", "cvelist": ["CVE-2020-1971"], "description": "**CentOS Errata and Security Advisory** CESA-2020:5566\n\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2020-December/048211.html\n\n**Affected packages:**\nopenssl\nopenssl-devel\nopenssl-libs\nopenssl-perl\nopenssl-static\n\n**Upstream details at:**\n", "edition": 1, "modified": "2020-12-18T00:03:46", "published": "2020-12-18T00:03:46", "id": "CESA-2020:5566", "href": "http://lists.centos.org/pipermail/centos-announce/2020-December/048211.html", "title": "openssl security update", "type": "centos", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2020-12-17T01:17:13", "bulletinFamily": "unix", "cvelist": ["CVE-2020-1971"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4807-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nDecember 08, 2020 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openssl\nCVE ID : CVE-2020-1971\n\nDavid Benjamin discovered a flaw in the GENERAL_NAME_cmp() function\nwhich could cause a NULL dereference, resulting in denial of service.\n\nAdditional details can be found in the upstream advisory:\nhttps://www.openssl.org/news/secadv/20201208.txt\n\nFor the stable distribution (buster), this problem has been fixed in\nversion 1.1.1d-0+deb10u4.\n\nWe recommend that you upgrade your openssl packages.\n\nFor the detailed security status of openssl please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/openssl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 4, "modified": "2020-12-08T15:25:31", "published": "2020-12-08T15:25:31", "id": "DEBIAN:DSA-4807-1:B0537", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2020/msg00214.html", "title": "[SECURITY] [DSA 4807-1] openssl security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-17T01:16:41", "bulletinFamily": "unix", "cvelist": ["CVE-2020-1971"], "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2493-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Emilio Pozuelo Monfort\nDecember 14, 2020 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : openssl1.0\nVersion : 1.0.2u-1~deb9u3\nCVE ID : CVE-2020-1971\n\nDavid Benjamin discovered a flaw in the GENERAL_NAME_cmp() function\nwhich could cause a NULL dereference, resulting in denial of service.\n\nFor Debian 9 stretch, this problem has been fixed in version\n1.0.2u-1~deb9u3.\n\nWe recommend that you upgrade your openssl1.0 packages.\n\nFor the detailed security status of openssl1.0 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openssl1.0\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 2, "modified": "2020-12-14T09:04:36", "published": "2020-12-14T09:04:36", "id": "DEBIAN:DLA-2493-1:D2596", "href": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202012/msg00021.html", "title": "[SECURITY] [DLA 2493-1] openssl1.0 security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-17T01:22:17", "bulletinFamily": "unix", "cvelist": ["CVE-2020-1971"], "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2492-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Emilio Pozuelo Monfort\nDecember 14, 2020 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : openssl\nVersion : 1.1.0l-1~deb9u2\nCVE ID : CVE-2020-1971\n\nDavid Benjamin discovered a flaw in the GENERAL_NAME_cmp() function\nwhich could cause a NULL dereference, resulting in denial of service.\n\nFor Debian 9 stretch, this problem has been fixed in version\n1.1.0l-1~deb9u2.\n\nWe recommend that you upgrade your openssl packages.\n\nFor the detailed security status of openssl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openssl\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "modified": "2020-12-14T09:01:11", "published": "2020-12-14T09:01:11", "id": "DEBIAN:DLA-2492-1:77952", "href": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202012/msg00020.html", "title": "[SECURITY] [DLA 2492-1] openssl security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "amazon": [{"lastseen": "2020-12-16T19:24:00", "bulletinFamily": "unix", "cvelist": ["CVE-2020-1971"], "description": "**Issue Overview:**\n\nA null pointer dereference flaw was found in openssl. A remote attacker, able to control the arguments of the GENERAL_NAME_cmp function, could cause the application, compiled with openssl to crash resulting in a denial of service. The highest threat from this vulnerability is to system availability. ([CVE-2020-1971 __](<https://access.redhat.com/security/cve/CVE-2020-1971>))\n\n \n**Affected Packages:** \n\n\nopenssl\n\n \n**Issue Correction:** \nRun _yum update openssl_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n openssl-debuginfo-1.0.2k-16.152.amzn1.i686 \n openssl-static-1.0.2k-16.152.amzn1.i686 \n openssl-1.0.2k-16.152.amzn1.i686 \n openssl-perl-1.0.2k-16.152.amzn1.i686 \n openssl-devel-1.0.2k-16.152.amzn1.i686 \n \n src: \n openssl-1.0.2k-16.152.amzn1.src \n \n x86_64: \n openssl-1.0.2k-16.152.amzn1.x86_64 \n openssl-perl-1.0.2k-16.152.amzn1.x86_64 \n openssl-devel-1.0.2k-16.152.amzn1.x86_64 \n openssl-debuginfo-1.0.2k-16.152.amzn1.x86_64 \n openssl-static-1.0.2k-16.152.amzn1.x86_64 \n \n \n", "edition": 3, "modified": "2020-12-08T19:28:00", "published": "2020-12-08T19:28:00", "id": "ALAS-2020-1456", "href": "https://alas.aws.amazon.com/ALAS-2020-1456.html", "title": "Important: openssl", "type": "amazon", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-16T19:21:30", "bulletinFamily": "unix", "cvelist": ["CVE-2020-1971"], "description": "**Issue Overview:**\n\nA null pointer dereference flaw was found in openssl. A remote attacker, able to control the arguments of the GENERAL_NAME_cmp function, could cause the application, compiled with openssl to crash resulting in a denial of service. The highest threat from this vulnerability is to system availability. ([CVE-2020-1971 __](<https://access.redhat.com/security/cve/CVE-2020-1971>))\n\n \n**Affected Packages:** \n\n\nopenssl, openssl11\n\n \n**Issue Correction:** \nRun _yum update openssl_ to update your system. \nRun _yum update openssl11_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n openssl-1.0.2k-19.amzn2.0.4.aarch64 \n openssl-libs-1.0.2k-19.amzn2.0.4.aarch64 \n openssl-devel-1.0.2k-19.amzn2.0.4.aarch64 \n openssl-static-1.0.2k-19.amzn2.0.4.aarch64 \n openssl-perl-1.0.2k-19.amzn2.0.4.aarch64 \n openssl-debuginfo-1.0.2k-19.amzn2.0.4.aarch64 \n openssl11-1.1.1c-15.amzn2.0.2.aarch64 \n openssl11-libs-1.1.1c-15.amzn2.0.2.aarch64 \n openssl11-devel-1.1.1c-15.amzn2.0.2.aarch64 \n openssl11-static-1.1.1c-15.amzn2.0.2.aarch64 \n openssl11-debuginfo-1.1.1c-15.amzn2.0.2.aarch64 \n \n i686: \n openssl-1.0.2k-19.amzn2.0.4.i686 \n openssl-libs-1.0.2k-19.amzn2.0.4.i686 \n openssl-devel-1.0.2k-19.amzn2.0.4.i686 \n openssl-static-1.0.2k-19.amzn2.0.4.i686 \n openssl-perl-1.0.2k-19.amzn2.0.4.i686 \n openssl-debuginfo-1.0.2k-19.amzn2.0.4.i686 \n openssl11-1.1.1c-15.amzn2.0.2.i686 \n openssl11-libs-1.1.1c-15.amzn2.0.2.i686 \n openssl11-devel-1.1.1c-15.amzn2.0.2.i686 \n openssl11-static-1.1.1c-15.amzn2.0.2.i686 \n openssl11-debuginfo-1.1.1c-15.amzn2.0.2.i686 \n \n src: \n openssl-1.0.2k-19.amzn2.0.4.src \n openssl11-1.1.1c-15.amzn2.0.2.src \n \n x86_64: \n openssl-1.0.2k-19.amzn2.0.4.x86_64 \n openssl-libs-1.0.2k-19.amzn2.0.4.x86_64 \n openssl-devel-1.0.2k-19.amzn2.0.4.x86_64 \n openssl-static-1.0.2k-19.amzn2.0.4.x86_64 \n openssl-perl-1.0.2k-19.amzn2.0.4.x86_64 \n openssl-debuginfo-1.0.2k-19.amzn2.0.4.x86_64 \n openssl11-1.1.1c-15.amzn2.0.2.x86_64 \n openssl11-libs-1.1.1c-15.amzn2.0.2.x86_64 \n openssl11-devel-1.1.1c-15.amzn2.0.2.x86_64 \n openssl11-static-1.1.1c-15.amzn2.0.2.x86_64 \n openssl11-debuginfo-1.1.1c-15.amzn2.0.2.x86_64 \n \n \n", "edition": 3, "modified": "2020-12-08T21:31:00", "published": "2020-12-08T21:31:00", "id": "ALAS2-2020-1573", "href": "https://alas.aws.amazon.com/AL2/ALAS-2020-1573.html", "title": "Important: openssl, openssl11", "type": "amazon", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "ubuntu": [{"lastseen": "2020-12-16T19:02:09", "bulletinFamily": "unix", "cvelist": ["CVE-2020-1971"], "description": "David Benjamin discovered that OpenSSL incorrectly handled comparing \ncertificates containing a EDIPartyName name type. A remote attacker could \npossibly use this issue to cause OpenSSL to crash, resulting in a denial of \nservice.", "edition": 3, "modified": "2020-12-08T00:00:00", "published": "2020-12-08T00:00:00", "id": "USN-4662-1", "href": "https://ubuntu.com/security/notices/USN-4662-1", "title": "OpenSSL vulnerability", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "cloudfoundry": [{"lastseen": "2021-01-13T05:41:32", "bulletinFamily": "software", "cvelist": ["CVE-2020-1971"], "description": "## Severity\n\nHigh\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 16.04\n * Canonical Ubuntu 18.04\n\n## Description\n\nDavid Benjamin discovered that OpenSSL incorrectly handled comparing certificates containing a EDIPartyName name type. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service.\n\nCVEs contained in this USN include: CVE-2020-1971.\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is high unless otherwise noted._\n\n * cflinuxfs3 \n * All versions prior to 0.212.0\n * Xenial Stemcells \n * 315.x versions prior to 315.203\n * 456.x versions prior to 456.130\n * 621.x versions prior to 621.94\n * All other stemcells not listed.\n * CF Deployment \n * All versions prior to 15.4.0\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:\n\n * cflinuxfs3 \n * Upgrade All versions to 0.212.0 or greater\n * Xenial Stemcells \n * Upgrade 315.x versions to 315.203 or greater\n * Upgrade 456.x versions to 456.130 or greater\n * Upgrade 621.x versions to 621.94 or greater\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells>).\n * CF Deployment \n * Upgrade All versions to 15.4.0 or greater\n\n## References\n\n * [USN Notice](<https://usn.ubuntu.com/4662-1/>)\n * [CVE-2020-1971](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-1971>)\n\n## History\n\n2021-01-13: Initial vulnerability report published.\n", "edition": 1, "modified": "2021-01-12T00:00:00", "published": "2021-01-12T00:00:00", "id": "CFOUNDRY:BCFE0333C3F2E89FFDF11615D117C9AF", "href": "https://www.cloudfoundry.org/blog/usn-4662-1/", "title": "USN-4662-1: OpenSSL vulnerability | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "gentoo": [{"lastseen": "2020-12-24T00:26:58", "bulletinFamily": "unix", "cvelist": ["CVE-2020-1971"], "description": "### Background\n\nOpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1/v1.1/v1.2/v1.3) as well as a general purpose cryptography library. \n\n### Description\n\nA null pointer dereference flaw was found in OpenSSL.\n\n### Impact\n\nA remote attacker, able to control the arguments of the GENERAL_NAME_cmp function in an application linked against OpenSSL, could possibly cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll OpenSSL users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/openssl-1.1.1i\"", "edition": 1, "modified": "2020-12-23T00:00:00", "published": "2020-12-23T00:00:00", "id": "GLSA-202012-13", "href": "https://security.gentoo.org/glsa/202012-13", "title": "OpenSSL: Denial of service", "type": "gentoo", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "archlinux": [{"lastseen": "2020-12-31T13:40:53", "bulletinFamily": "unix", "cvelist": ["CVE-2020-1971"], "description": "Arch Linux Security Advisory ASA-202012-24\n==========================================\n\nSeverity: High\nDate : 2020-12-16\nCVE-ID : CVE-2020-1971\nPackage : openssl\nType : denial of service\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1335\n\nSummary\n=======\n\nThe package openssl before version 1.1.1.i-1 is vulnerable to denial of\nservice.\n\nResolution\n==========\n\nUpgrade to 1.1.1.i-1.\n\n# pacman -Syu \"openssl>=1.1.1.i-1\"\n\nThe problem has been fixed upstream in version 1.1.1.i.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nA denial of service security issue was discovered in OpenSSL before\n1.1.1i. The X.509 GeneralName type is a generic type for representing\ndifferent types of names. One of those name types is known as\nEDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which\ncompares different instances of a GENERAL_NAME to see if they are equal\nor not. This function behaves incorrectly when both GENERAL_NAMEs\ncontain an EDIPARTYNAME. A NULL pointer dereference and a crash may\noccur leading to a possible denial of service attack.\n\nImpact\n======\n\nA remote attacker might be able to cause a crash by tricking a\nvulnerable client or server into checking a malicious certificate\nagainst a malicious CRL.\n\nReferences\n==========\n\nhttps://www.openssl.org/news/secadv/20201208.txt\nhttps://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f960d81215ebf3f65e03d4d5d857fb9b666d6920\nhttps://security.archlinux.org/CVE-2020-1971", "modified": "2020-12-16T00:00:00", "published": "2020-12-16T00:00:00", "id": "ASA-202012-24", "href": "https://security.archlinux.org/ASA-202012-24", "type": "archlinux", "title": "[ASA-202012-24] openssl: denial of service", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2020-12-21T09:29:55", "bulletinFamily": "unix", "cvelist": ["CVE-2020-1971"], "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-12-21T13:24:05", "published": "2020-12-21T13:13:34", "id": "RHSA-2020:5637", "href": "https://access.redhat.com/errata/RHSA-2020:5637", "type": "redhat", "title": "(RHSA-2020:5637) Important: openssl security update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-16T15:29:14", "bulletinFamily": "unix", "cvelist": ["CVE-2020-1971"], "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Reject certificates with explicit EC parameters in strict mode (BZ#1891541)\n\n* Add FIPS selftest for HKDF, SSKDF, SSHKDF, and TLS12PRF; add DH_compute_key KAT to DH selftest (BZ#1891542)", "modified": "2020-12-15T21:16:47", "published": "2020-12-15T20:55:57", "id": "RHSA-2020:5476", "href": "https://access.redhat.com/errata/RHSA-2020:5476", "type": "redhat", "title": "(RHSA-2020:5476) Important: openssl security and bug fix update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-16T15:31:08", "bulletinFamily": "unix", "cvelist": ["CVE-2020-1971"], "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-12-15T13:36:25", "published": "2020-12-15T13:15:49", "id": "RHSA-2020:5422", "href": "https://access.redhat.com/errata/RHSA-2020:5422", "type": "redhat", "title": "(RHSA-2020:5422) Important: openssl security update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-11T10:28:56", "bulletinFamily": "unix", "cvelist": ["CVE-2020-1971"], "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-01-11T15:12:39", "published": "2021-01-11T14:57:44", "id": "RHSA-2021:0056", "href": "https://access.redhat.com/errata/RHSA-2021:0056", "type": "redhat", "title": "(RHSA-2021:0056) Important: openssl security update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T13:30:57", "bulletinFamily": "unix", "cvelist": ["CVE-2020-1971"], "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-12-21T17:03:21", "published": "2020-12-21T16:43:05", "id": "RHSA-2020:5642", "href": "https://access.redhat.com/errata/RHSA-2020:5642", "type": "redhat", "title": "(RHSA-2020:5642) Important: openssl security update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T13:31:09", "bulletinFamily": "unix", "cvelist": ["CVE-2020-1971"], "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-12-21T16:55:06", "published": "2020-12-21T16:42:58", "id": "RHSA-2020:5641", "href": "https://access.redhat.com/errata/RHSA-2020:5641", "type": "redhat", "title": "(RHSA-2020:5641) Important: openssl security update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-16T15:29:30", "bulletinFamily": "unix", "cvelist": ["CVE-2020-1971"], "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-12-16T20:07:44", "published": "2020-12-16T20:01:52", "id": "RHSA-2020:5588", "href": "https://access.redhat.com/errata/RHSA-2020:5588", "type": "redhat", "title": "(RHSA-2020:5588) Important: openssl security update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-17T17:29:22", "bulletinFamily": "unix", "cvelist": ["CVE-2020-1971"], "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-12-17T21:17:06", "published": "2020-12-17T21:00:18", "id": "RHSA-2020:5623", "href": "https://access.redhat.com/errata/RHSA-2020:5623", "type": "redhat", "title": "(RHSA-2020:5623) Important: openssl security update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T13:31:11", "bulletinFamily": "unix", "cvelist": ["CVE-2020-1971"], "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-12-21T16:49:39", "published": "2020-12-21T16:42:51", "id": "RHSA-2020:5640", "href": "https://access.redhat.com/errata/RHSA-2020:5640", "type": "redhat", "title": "(RHSA-2020:5640) Important: openssl security update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T13:29:44", "bulletinFamily": "unix", "cvelist": ["CVE-2020-1971"], "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-12-21T16:49:30", "published": "2020-12-21T16:42:46", "id": "RHSA-2020:5639", "href": "https://access.redhat.com/errata/RHSA-2020:5639", "type": "redhat", "title": "(RHSA-2020:5639) Important: openssl security update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "freebsd": [{"lastseen": "2020-12-16T19:20:57", "bulletinFamily": "unix", "cvelist": ["CVE-2020-1971"], "description": "\nThe OpenSSL project reports:\n\nEDIPARTYNAME NULL pointer de-reference (High)\nThe X.509 GeneralName type is a generic type for representing\n\t different types of names. One of those name types is known as\n\t EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which\n\t compares different instances of a GENERAL_NAME to see if they\n\t are equal or not. This function behaves incorrectly when both\n\t GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer\n\t dereference and a crash may occur leading to a possible denial\n\t of service attack.\n\n", "edition": 5, "modified": "2020-12-15T00:00:00", "published": "2020-12-08T00:00:00", "id": "1D56CFC5-3970-11EB-929D-D4C9EF517024", "href": "https://vuxml.freebsd.org/freebsd/1d56cfc5-3970-11eb-929d-d4c9ef517024.html", "title": "OpenSSL -- NULL pointer de-reference", "type": "freebsd", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-15T15:26:17", "bulletinFamily": "unix", "cvelist": ["CVE-2020-1971", "CVE-2020-8287", "CVE-2020-8265"], "description": "\nNode.js reports:\n\nuse-after-free in TLSWrap (High) (CVE-2020-8265)\nAffected Node.js versions are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits.\nHTTP Request Smuggling in nodejs (Low) (CVE-2020-8287)\nAffected versions of Node.js allow two copies of a header field in a http request. For example, two Transfer-Encoding header fields. In this case Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling.\nOpenSSL - EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)\niThis is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20201208.txt.\n\n", "edition": 2, "modified": "2021-01-04T00:00:00", "published": "2021-01-04T00:00:00", "id": "08B553ED-537A-11EB-BE6E-0022489AD614", "href": "https://vuxml.freebsd.org/freebsd/08b553ed-537a-11eb-be6e-0022489ad614.html", "title": "Node.js -- January 2021 Security Releases", "type": "freebsd", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2020-12-25T09:41:45", "description": "David Benjamin discovered a flaw in the GENERAL_NAME_cmp() function\nwhich could cause a NULL dereference, resulting in denial of service.\n\nFor Debian 9 stretch, this problem has been fixed in version\n1.0.2u-1~deb9u3.\n\nWe recommend that you upgrade your openssl1.0 packages.\n\nFor the detailed security status of openssl1.0 please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/openssl1.0\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 4, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-12-15T00:00:00", "title": "Debian DLA-2493-1 : openssl1.0 security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-1971"], "modified": "2020-12-15T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libssl1.0.2", "p-cpe:/a:debian:debian_linux:libssl1.0-dev", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2493.NASL", "href": "https://www.tenable.com/plugins/nessus/144262", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2493-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144262);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/24\");\n\n script_cve_id(\"CVE-2020-1971\");\n script_xref(name:\"IAVA\", value:\"2020-A-0566\");\n\n script_name(english:\"Debian DLA-2493-1 : openssl1.0 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"David Benjamin discovered a flaw in the GENERAL_NAME_cmp() function\nwhich could cause a NULL dereference, resulting in denial of service.\n\nFor Debian 9 stretch, this problem has been fixed in version\n1.0.2u-1~deb9u3.\n\nWe recommend that you upgrade your openssl1.0 packages.\n\nFor the detailed security status of openssl1.0 please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/openssl1.0\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/12/msg00021.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/openssl1.0\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/openssl1.0\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade the affected libssl1.0-dev, and libssl1.0.2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1971\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl1.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl1.0.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/15\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"libssl1.0-dev\", reference:\"1.0.2u-1~deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libssl1.0.2\", reference:\"1.0.2u-1~deb9u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-25T13:59:13", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:5639 advisory.\n\n - openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 3, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-12-21T00:00:00", "title": "RHEL 7 : openssl (RHSA-2020:5639)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-1971"], "modified": "2020-12-21T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:openssl-libs", "cpe:/o:redhat:rhel_aus:7.2::server", "p-cpe:/a:redhat:enterprise_linux:openssl-static", "cpe:/o:redhat:rhel_aus:7.2", "p-cpe:/a:redhat:enterprise_linux:openssl-perl", "p-cpe:/a:redhat:enterprise_linux:openssl", "p-cpe:/a:redhat:enterprise_linux:openssl-devel"], "id": "REDHAT-RHSA-2020-5639.NASL", "href": "https://www.tenable.com/plugins/nessus/144505", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:5639. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144505);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/24\");\n\n script_cve_id(\"CVE-2020-1971\");\n script_xref(name:\"RHSA\", value:\"2020:5639\");\n script_xref(name:\"IAVA\", value:\"2020-A-0566\");\n\n script_name(english:\"RHEL 7 : openssl (RHSA-2020:5639)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:5639 advisory.\n\n - openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/476.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:5639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1903409\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1971\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(476);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.2::server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-static\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.2')) audit(AUDIT_OS_NOT, 'Red Hat 7.2', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'rhel_aus_7_2_server': [\n 'rhel-7-server-aus-debug-rpms',\n 'rhel-7-server-aus-debug-rpms__7_DOT_2__x86_64',\n 'rhel-7-server-aus-optional-debug-rpms',\n 'rhel-7-server-aus-optional-debug-rpms__7_DOT_2__x86_64',\n 'rhel-7-server-aus-optional-rpms',\n 'rhel-7-server-aus-optional-rpms__7_DOT_2__x86_64',\n 'rhel-7-server-aus-optional-source-rpms',\n 'rhel-7-server-aus-optional-source-rpms__7_DOT_2__x86_64',\n 'rhel-7-server-aus-rpms',\n 'rhel-7-server-aus-rpms__7_DOT_2__x86_64',\n 'rhel-7-server-aus-source-rpms',\n 'rhel-7-server-aus-source-rpms__7_DOT_2__x86_64'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2020:5639');\n}\n\npkgs = [\n {'reference':'openssl-1.0.1e-52.el7_2', 'sp':'2', 'cpu':'x86_64', 'release':'7', 'el_string':'el7_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_aus_7_2_server']},\n {'reference':'openssl-devel-1.0.1e-52.el7_2', 'sp':'2', 'cpu':'i686', 'release':'7', 'el_string':'el7_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_aus_7_2_server']},\n {'reference':'openssl-devel-1.0.1e-52.el7_2', 'sp':'2', 'cpu':'x86_64', 'release':'7', 'el_string':'el7_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_aus_7_2_server']},\n {'reference':'openssl-libs-1.0.1e-52.el7_2', 'sp':'2', 'cpu':'i686', 'release':'7', 'el_string':'el7_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_aus_7_2_server']},\n {'reference':'openssl-libs-1.0.1e-52.el7_2', 'sp':'2', 'cpu':'x86_64', 'release':'7', 'el_string':'el7_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_aus_7_2_server']},\n {'reference':'openssl-perl-1.0.1e-52.el7_2', 'sp':'2', 'cpu':'x86_64', 'release':'7', 'el_string':'el7_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_aus_7_2_server']},\n {'reference':'openssl-static-1.0.1e-52.el7_2', 'sp':'2', 'cpu':'i686', 'release':'7', 'el_string':'el7_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_aus_7_2_server']},\n {'reference':'openssl-static-1.0.1e-52.el7_2', 'sp':'2', 'cpu':'x86_64', 'release':'7', 'el_string':'el7_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_aus_7_2_server']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssl / openssl-devel / openssl-libs / openssl-perl / openssl-static');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-25T15:02:44", "description": "This update for openssl-1_0_0 fixes the following issues :\n\nCVE-2020-1971: Fixed a NULL pointer dereference in EDIPARTYNAME\n(bsc#1179491).\n\nInitialized dh->nid to NID_undef in DH_new_method() (bsc#1177673).\n\nFixed a test failure in apache_ssl in fips mode (bsc#1177793).\n\nRenamed BN_get_rfc3526_prime_* functions back to get_rfc3526_prime_*\n(bsc#1177575).\n\nRestored private key check in EC_KEY_check_key (bsc#1177479).\n\nAdded shared secret KAT to FIPS DH selftest (bsc#1176029).\n\nIncluded ECDH/DH Requirements from SP800-56Arev3 (bsc#1176029).\n\nUsed SHA-2 in the RSA pairwise consistency check (bsc#1155346)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 4, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-12-14T00:00:00", "title": "SUSE SLES15 Security Update : openssl-1_0_0 (SUSE-SU-2020:3762-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-1971"], "modified": "2020-12-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libopenssl10", "cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:libopenssl-1_0_0-devel", "p-cpe:/a:novell:suse_linux:openssl-1_0_0-debuginfo", "p-cpe:/a:novell:suse_linux:libopenssl10-debuginfo", "p-cpe:/a:novell:suse_linux:openssl-1_0_0-debugsource", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0"], "id": "SUSE_SU-2020-3762-1.NASL", "href": "https://www.tenable.com/plugins/nessus/144137", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3762-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144137);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/24\");\n\n script_cve_id(\"CVE-2020-1971\");\n script_xref(name:\"IAVA\", value:\"2020-A-0566\");\n\n script_name(english:\"SUSE SLES15 Security Update : openssl-1_0_0 (SUSE-SU-2020:3762-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for openssl-1_0_0 fixes the following issues :\n\nCVE-2020-1971: Fixed a NULL pointer dereference in EDIPARTYNAME\n(bsc#1179491).\n\nInitialized dh->nid to NID_undef in DH_new_method() (bsc#1177673).\n\nFixed a test failure in apache_ssl in fips mode (bsc#1177793).\n\nRenamed BN_get_rfc3526_prime_* functions back to get_rfc3526_prime_*\n(bsc#1177575).\n\nRestored private key check in EC_KEY_check_key (bsc#1177479).\n\nAdded shared secret KAT to FIPS DH selftest (bsc#1176029).\n\nIncluded ECDH/DH Requirements from SP800-56Arev3 (bsc#1176029).\n\nUsed SHA-2 in the RSA pairwise consistency check (bsc#1155346)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155346\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176029\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177479\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177575\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177673\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177793\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179491\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-1971/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203762-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4dcb01ab\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 15 :\n\nzypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-3762=1\n\nSUSE Linux Enterprise Server 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-2020-3762=1\n\nSUSE Linux Enterprise Module for Legacy Software 15-SP3 :\n\nzypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2020-3762=1\n\nSUSE Linux Enterprise Module for Legacy Software 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2020-3762=1\n\nSUSE Linux Enterprise Module for Legacy Software 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2020-3762=1\n\nSUSE Enterprise Storage 6 :\n\nzypper in -t patch SUSE-Storage-6-2020-3762=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1971\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl-1_0_0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl10-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-1_0_0-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/14\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1|2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1/2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libopenssl-1_0_0-devel-1.0.2p-3.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libopenssl1_0_0-1.0.2p-3.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libopenssl1_0_0-debuginfo-1.0.2p-3.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"openssl-1_0_0-1.0.2p-3.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"openssl-1_0_0-debuginfo-1.0.2p-3.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"openssl-1_0_0-debugsource-1.0.2p-3.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"libopenssl-1_0_0-devel-1.0.2p-3.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"libopenssl10-1.0.2p-3.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"libopenssl10-debuginfo-1.0.2p-3.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"libopenssl1_0_0-1.0.2p-3.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"libopenssl1_0_0-debuginfo-1.0.2p-3.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"openssl-1_0_0-1.0.2p-3.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"openssl-1_0_0-debuginfo-1.0.2p-3.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"openssl-1_0_0-debugsource-1.0.2p-3.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libopenssl-1_0_0-devel-1.0.2p-3.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libopenssl1_0_0-1.0.2p-3.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libopenssl1_0_0-debuginfo-1.0.2p-3.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"openssl-1_0_0-1.0.2p-3.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"openssl-1_0_0-debuginfo-1.0.2p-3.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"openssl-1_0_0-debugsource-1.0.2p-3.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libopenssl-1_0_0-devel-1.0.2p-3.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libopenssl1_0_0-1.0.2p-3.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libopenssl1_0_0-debuginfo-1.0.2p-3.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"openssl-1_0_0-1.0.2p-3.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"openssl-1_0_0-debuginfo-1.0.2p-3.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"openssl-1_0_0-debugsource-1.0.2p-3.34.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl-1_0_0\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-18T14:45:35", "description": "This update for openssl-1_1 fixes the following issues :\n\nCVE-2020-1971: Fixed a NULL pointer dereference in EDIPARTYNAME\n(bsc#1179491).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 5, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-12-09T00:00:00", "title": "SUSE SLES15 Security Update : openssl-1_1 (SUSE-SU-2020:3722-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-1971"], "modified": "2020-12-09T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:openssl-1_1-debugsource", "p-cpe:/a:novell:suse_linux:libopenssl1_1", "p-cpe:/a:novell:suse_linux:libopenssl-1_1-devel", "p-cpe:/a:novell:suse_linux:libopenssl1_1-debuginfo", "p-cpe:/a:novell:suse_linux:openssl-1_1-debuginfo", "p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:libopenssl1_1-hmac"], "id": "SUSE_SU-2020-3722-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143669", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3722-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143669);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/17\");\n\n script_cve_id(\"CVE-2020-1971\");\n script_xref(name:\"IAVA\", value:\"2020-A-0566\");\n\n script_name(english:\"SUSE SLES15 Security Update : openssl-1_1 (SUSE-SU-2020:3722-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for openssl-1_1 fixes the following issues :\n\nCVE-2020-1971: Fixed a NULL pointer dereference in EDIPARTYNAME\n(bsc#1179491).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179491\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-1971/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203722-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?546276c1\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 15 :\n\nzypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-3722=1\n\nSUSE Linux Enterprise Server 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-2020-3722=1\n\nSUSE Linux Enterprise High Performance Computing 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2020-3722=1\n\nSUSE Linux Enterprise High Performance Computing 15-ESPOS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2020-3722=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1971\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl-1_1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_1-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-1_1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-1_1-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"s390x\") audit(AUDIT_ARCH_NOT, \"s390x\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libopenssl-1_1-devel-1.1.0i-4.54.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libopenssl1_1-1.1.0i-4.54.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libopenssl1_1-debuginfo-1.1.0i-4.54.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libopenssl1_1-hmac-1.1.0i-4.54.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"openssl-1_1-1.1.0i-4.54.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"openssl-1_1-debuginfo-1.1.0i-4.54.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"openssl-1_1-debugsource-1.1.0i-4.54.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl-1_1\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-25T12:51:14", "description": "This update for openssl-1_0_0 fixes the following issues :\n\n - CVE-2020-1971: Fixed a NULL pointer dereference in\n EDIPARTYNAME (bsc#1179491).\n\n - Initialized dh->nid to NID_undef in DH_new_method()\n (bsc#1177673).\n\n - Fixed a test failure in apache_ssl in fips mode\n (bsc#1177793).\n\n - Renamed BN_get_rfc3526_prime_* functions back to\n get_rfc3526_prime_* (bsc#1177575).\n\n - Restored private key check in EC_KEY_check_key\n (bsc#1177479).\n\n - Added shared secret KAT to FIPS DH selftest\n (bsc#1176029).\n\n - Included ECDH/DH Requirements from SP800-56Arev3\n (bsc#1176029).\n\n - Used SHA-2 in the RSA pairwise consistency check\n (bsc#1155346)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "edition": 3, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-12-16T00:00:00", "title": "openSUSE Security Update : openssl-1_0_0 (openSUSE-2020-2236)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-1971"], "modified": "2020-12-16T00:00:00", "cpe": ["cpe:/o:novell:opensuse:15.2", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-steam-32bit", "p-cpe:/a:novell:opensuse:openssl-1_0_0-cavs", "p-cpe:/a:novell:opensuse:openssl-1_0_0-debugsource", "p-cpe:/a:novell:opensuse:libopenssl10-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-steam-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit", "p-cpe:/a:novell:opensuse:openssl-1_0_0", "p-cpe:/a:novell:opensuse:openssl-1_0_0-cavs-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac", "p-cpe:/a:novell:opensuse:libopenssl-1_0_0-devel-32bit", "p-cpe:/a:novell:opensuse:openssl-1_0_0-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl-1_0_0-devel", "p-cpe:/a:novell:opensuse:libopenssl10", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-steam-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-steam", "p-cpe:/a:novell:opensuse:libopenssl1_0_0"], "id": "OPENSUSE-2020-2236.NASL", "href": "https://www.tenable.com/plugins/nessus/144309", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-2236.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144309);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/24\");\n\n script_cve_id(\"CVE-2020-1971\");\n script_xref(name:\"IAVA\", value:\"2020-A-0566\");\n\n script_name(english:\"openSUSE Security Update : openssl-1_0_0 (openSUSE-2020-2236)\");\n script_summary(english:\"Check for the openSUSE-2020-2236 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for openssl-1_0_0 fixes the following issues :\n\n - CVE-2020-1971: Fixed a NULL pointer dereference in\n EDIPARTYNAME (bsc#1179491).\n\n - Initialized dh->nid to NID_undef in DH_new_method()\n (bsc#1177673).\n\n - Fixed a test failure in apache_ssl in fips mode\n (bsc#1177793).\n\n - Renamed BN_get_rfc3526_prime_* functions back to\n get_rfc3526_prime_* (bsc#1177575).\n\n - Restored private key check in EC_KEY_check_key\n (bsc#1177479).\n\n - Added shared secret KAT to FIPS DH selftest\n (bsc#1176029).\n\n - Included ECDH/DH Requirements from SP800-56Arev3\n (bsc#1176029).\n\n - Used SHA-2 in the RSA pairwise consistency check\n (bsc#1155346)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1155346\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176029\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177479\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177575\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177673\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177793\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179491\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected openssl-1_0_0 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-1_0_0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-1_0_0-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl10-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-steam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-steam-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-steam-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-steam-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-1_0_0-cavs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-1_0_0-cavs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-1_0_0-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/16\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libopenssl-1_0_0-devel-1.0.2p-lp152.8.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libopenssl10-1.0.2p-lp152.8.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libopenssl10-debuginfo-1.0.2p-lp152.8.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libopenssl1_0_0-1.0.2p-lp152.8.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libopenssl1_0_0-debuginfo-1.0.2p-lp152.8.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libopenssl1_0_0-hmac-1.0.2p-lp152.8.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libopenssl1_0_0-steam-1.0.2p-lp152.8.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libopenssl1_0_0-steam-debuginfo-1.0.2p-lp152.8.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"openssl-1_0_0-1.0.2p-lp152.8.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"openssl-1_0_0-cavs-1.0.2p-lp152.8.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"openssl-1_0_0-cavs-debuginfo-1.0.2p-lp152.8.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"openssl-1_0_0-debuginfo-1.0.2p-lp152.8.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"openssl-1_0_0-debugsource-1.0.2p-lp152.8.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libopenssl-1_0_0-devel-32bit-1.0.2p-lp152.8.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.2p-lp152.8.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-debuginfo-1.0.2p-lp152.8.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.2p-lp152.8.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-steam-32bit-1.0.2p-lp152.8.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-steam-32bit-debuginfo-1.0.2p-lp152.8.9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenssl-1_0_0-devel / libopenssl10 / libopenssl10-debuginfo / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-25T13:59:08", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:5422 advisory.\n\n - openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 3, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-12-15T00:00:00", "title": "RHEL 8 : openssl (RHSA-2020:5422)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-1971"], "modified": "2020-12-15T00:00:00", "cpe": ["cpe:/o:redhat:rhel_tus:8.2", "p-cpe:/a:redhat:enterprise_linux:openssl-libs", "cpe:/o:redhat:rhel_eus:8.2::baseos", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_aus:8.2::baseos", "p-cpe:/a:redhat:enterprise_linux:openssl-perl", "p-cpe:/a:redhat:enterprise_linux:openssl", "cpe:/o:redhat:rhel_tus:8.2::baseos", "cpe:/o:redhat:rhel_aus:8.2", "p-cpe:/a:redhat:enterprise_linux:openssl-devel", "p-cpe:/a:redhat:enterprise_linux:openssl-debugsource", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_e4s:8.2::baseos"], "id": "REDHAT-RHSA-2020-5422.NASL", "href": "https://www.tenable.com/plugins/nessus/144276", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:5422. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144276);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/24\");\n\n script_cve_id(\"CVE-2020-1971\");\n script_xref(name:\"RHSA\", value:\"2020:5422\");\n script_xref(name:\"IAVA\", value:\"2020-A-0566\");\n\n script_name(english:\"RHEL 8 : openssl (RHSA-2020:5422)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:5422 advisory.\n\n - openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/476.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:5422\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1903409\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1971\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(476);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2::baseos\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2::baseos\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2::baseos\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2::baseos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.2')) audit(AUDIT_OS_NOT, 'Red Hat 8.2', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'rhel_eus_8_2_baseos': [\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms',\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-baseos-eus-rpms',\n 'rhel-8-for-aarch64-baseos-eus-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-s390x-baseos-eus-rpms',\n 'rhel-8-for-s390x-baseos-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-baseos-eus-source-rpms',\n 'rhel-8-for-s390x-baseos-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-aus-rpms',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-eus-rpms',\n 'rhel-8-for-x86_64-baseos-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-tus-rpms',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2020:5422');\n}\n\npkgs = [\n {'reference':'openssl-1.1.1c-16.el8_2', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_eus_8_2_baseos']},\n {'reference':'openssl-1.1.1c-16.el8_2', 'sp':'2', 'cpu':'s390x', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_eus_8_2_baseos']},\n {'reference':'openssl-1.1.1c-16.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_eus_8_2_baseos']},\n {'reference':'openssl-debugsource-1.1.1c-16.el8_2', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_eus_8_2_baseos']},\n {'reference':'openssl-debugsource-1.1.1c-16.el8_2', 'sp':'2', 'cpu':'i686', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_eus_8_2_baseos']},\n {'reference':'openssl-debugsource-1.1.1c-16.el8_2', 'sp':'2', 'cpu':'s390x', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_eus_8_2_baseos']},\n {'reference':'openssl-debugsource-1.1.1c-16.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_eus_8_2_baseos']},\n {'reference':'openssl-devel-1.1.1c-16.el8_2', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_eus_8_2_baseos']},\n {'reference':'openssl-devel-1.1.1c-16.el8_2', 'sp':'2', 'cpu':'i686', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_eus_8_2_baseos']},\n {'reference':'openssl-devel-1.1.1c-16.el8_2', 'sp':'2', 'cpu':'s390x', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_eus_8_2_baseos']},\n {'reference':'openssl-devel-1.1.1c-16.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_eus_8_2_baseos']},\n {'reference':'openssl-libs-1.1.1c-16.el8_2', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_eus_8_2_baseos']},\n {'reference':'openssl-libs-1.1.1c-16.el8_2', 'sp':'2', 'cpu':'i686', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_eus_8_2_baseos']},\n {'reference':'openssl-libs-1.1.1c-16.el8_2', 'sp':'2', 'cpu':'s390x', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_eus_8_2_baseos']},\n {'reference':'openssl-libs-1.1.1c-16.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_eus_8_2_baseos']},\n {'reference':'openssl-perl-1.1.1c-16.el8_2', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_eus_8_2_baseos']},\n {'reference':'openssl-perl-1.1.1c-16.el8_2', 'sp':'2', 'cpu':'s390x', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_eus_8_2_baseos']},\n {'reference':'openssl-perl-1.1.1c-16.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_eus_8_2_baseos']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssl / openssl-debugsource / openssl-devel / openssl-libs / etc');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-15T01:32:55", "description": "The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the\nCESA-2020:5566 advisory.\n\n - openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 1, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-01-14T00:00:00", "title": "CentOS 7 : openssl (CESA-2020:5566)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-1971"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:centos:centos:openssl-perl", "p-cpe:/a:centos:centos:openssl-devel", "p-cpe:/a:centos:centos:openssl-libs", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:openssl", "p-cpe:/a:centos:centos:openssl-static"], "id": "CENTOS_RHSA-2020-5566.NASL", "href": "https://www.tenable.com/plugins/nessus/144971", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:5566 and\n# CentOS Errata and Security Advisory 2020:5566 respectively.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144971);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2020-1971\");\n script_xref(name:\"RHSA\", value:\"2020:5566\");\n\n script_name(english:\"CentOS 7 : openssl (CESA-2020:5566)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the\nCESA-2020:5566 advisory.\n\n - openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.centos.org/pipermail/centos-announce/2020-December/048211.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0681d034\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/476.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1971\");\n script_cwe_id(476);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'CentOS 7.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'openssl-1.0.2k-21.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'openssl-devel-1.0.2k-21.el7_9', 'sp':'9', 'cpu':'i686', 'release':'CentOS-7'},\n {'reference':'openssl-devel-1.0.2k-21.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'openssl-libs-1.0.2k-21.el7_9', 'sp':'9', 'cpu':'i686', 'release':'CentOS-7'},\n {'reference':'openssl-libs-1.0.2k-21.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'openssl-perl-1.0.2k-21.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'openssl-static-1.0.2k-21.el7_9', 'sp':'9', 'cpu':'i686', 'release':'CentOS-7'},\n {'reference':'openssl-static-1.0.2k-21.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssl / openssl-devel / openssl-libs / etc');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-25T13:59:09", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:5476 advisory.\n\n - openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 3, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-12-18T00:00:00", "title": "RHEL 8 : openssl (RHSA-2020:5476)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-1971"], "modified": "2020-12-18T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:openssl-libs", "cpe:/o:redhat:enterprise_linux:8::baseos", "p-cpe:/a:redhat:enterprise_linux:openssl-perl", "p-cpe:/a:redhat:enterprise_linux:openssl", "p-cpe:/a:redhat:enterprise_linux:openssl-devel", "p-cpe:/a:redhat:enterprise_linux:openssl-debugsource", "cpe:/o:redhat:enterprise_linux:8"], "id": "REDHAT-RHSA-2020-5476.NASL", "href": "https://www.tenable.com/plugins/nessus/144380", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:5476. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144380);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/24\");\n\n script_cve_id(\"CVE-2020-1971\");\n script_xref(name:\"RHSA\", value:\"2020:5476\");\n script_xref(name:\"IAVA\", value:\"2020-A-0566\");\n\n script_name(english:\"RHEL 8 : openssl (RHSA-2020:5476)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:5476 advisory.\n\n - openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/476.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:5476\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1903409\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1971\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(476);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8::baseos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'enterprise_linux_8_baseos': [\n 'rhel-8-for-aarch64-baseos-debug-rpms',\n 'rhel-8-for-aarch64-baseos-rpms',\n 'rhel-8-for-aarch64-baseos-source-rpms',\n 'rhel-8-for-s390x-baseos-debug-rpms',\n 'rhel-8-for-s390x-baseos-rpms',\n 'rhel-8-for-s390x-baseos-source-rpms',\n 'rhel-8-for-x86_64-baseos-debug-rpms',\n 'rhel-8-for-x86_64-baseos-rpms',\n 'rhel-8-for-x86_64-baseos-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2020:5476');\n}\n\npkgs = [\n {'reference':'openssl-1.1.1g-12.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_baseos']},\n {'reference':'openssl-1.1.1g-12.el8_3', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_baseos']},\n {'reference':'openssl-1.1.1g-12.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_baseos']},\n {'reference':'openssl-debugsource-1.1.1g-12.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_baseos']},\n {'reference':'openssl-debugsource-1.1.1g-12.el8_3', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_baseos']},\n {'reference':'openssl-debugsource-1.1.1g-12.el8_3', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_baseos']},\n {'reference':'openssl-debugsource-1.1.1g-12.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_baseos']},\n {'reference':'openssl-devel-1.1.1g-12.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_baseos']},\n {'reference':'openssl-devel-1.1.1g-12.el8_3', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_baseos']},\n {'reference':'openssl-devel-1.1.1g-12.el8_3', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_baseos']},\n {'reference':'openssl-devel-1.1.1g-12.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_baseos']},\n {'reference':'openssl-libs-1.1.1g-12.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_baseos']},\n {'reference':'openssl-libs-1.1.1g-12.el8_3', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_baseos']},\n {'reference':'openssl-libs-1.1.1g-12.el8_3', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_baseos']},\n {'reference':'openssl-libs-1.1.1g-12.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_baseos']},\n {'reference':'openssl-perl-1.1.1g-12.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_baseos']},\n {'reference':'openssl-perl-1.1.1g-12.el8_3', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_baseos']},\n {'reference':'openssl-perl-1.1.1g-12.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_baseos']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssl / openssl-debugsource / openssl-devel / openssl-libs / etc');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-17T04:44:24", "description": "The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a\nvulnerability as referenced in the 1.0.2x advisory.\n\n - The X.509 GeneralName type is a generic type for representing different types of names. One of those name\n types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different\n instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both\n GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a\n possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1)\n Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in\n an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp\n authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an\n attacker can control both items being compared then that attacker could trigger a crash. For example if\n the attacker can trick a client or server into checking a malicious certificate against a malicious CRL\n then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a\n certificate. This checking happens prior to the signatures on the certificate and CRL being verified.\n OpenSSL's s_server, s_client and verify tools have support for the -crl_download option which implements\n automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an\n unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of\n EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will\n accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue.\n Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected\n 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w). (CVE-2020-1971)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 3, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-12-10T00:00:00", "title": "OpenSSL 1.0.2 < 1.0.2x Null Pointer Dereference Vulnerability", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-1971"], "modified": "2020-12-10T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_1_0_2X.NASL", "href": "https://www.tenable.com/plugins/nessus/144053", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144053);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/16\");\n\n script_cve_id(\"CVE-2020-1971\");\n script_xref(name:\"IAVA\", value:\"2020-A-0566\");\n\n script_name(english:\"OpenSSL 1.0.2 < 1.0.2x Null Pointer Dereference Vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote service is affected by a null pointer dereference vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a\nvulnerability as referenced in the 1.0.2x advisory.\n\n - The X.509 GeneralName type is a generic type for representing different types of names. One of those name\n types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different\n instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both\n GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a\n possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1)\n Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in\n an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp\n authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an\n attacker can control both items being compared then that attacker could trigger a crash. For example if\n the attacker can trick a client or server into checking a malicious certificate against a malicious CRL\n then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a\n certificate. This checking happens prior to the signatures on the certificate and CRL being verified.\n OpenSSL's s_server, s_client and verify tools have support for the -crl_download option which implements\n automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an\n unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of\n EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will\n accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue.\n Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected\n 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w). (CVE-2020-1971)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://github.com/openssl/openssl/commit/2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?101e8ed5\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20201208.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to OpenSSL version 1.0.2x or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1971\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude('openssl_version.inc');\n\nopenssl_check_version(fixed:'1.0.2x', min:'1.0.2', severity:SECURITY_WARNING);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-17T07:15:36", "description": "The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by a\nvulnerability as referenced in the USN-4662-1 advisory.\n\n - The X.509 GeneralName type is a generic type for representing different types of names. One of those name\n types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different\n instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both\n GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a\n possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1)\n Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in\n an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp\n authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an\n attacker can control both items being compared then that attacker could trigger a crash. For example if\n the attacker can trick a client or server into checking a malicious certificate against a malicious CRL\n then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a\n certificate. This checking happens prior to the signatures on the certificate and CRL being verified.\n OpenSSL's s_server, s_client and verify tools have support for the -crl_download option which implements\n automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an\n unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of\n EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will\n accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue.\n Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected\n 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w). (CVE-2020-1971)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 4, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-12-09T00:00:00", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : OpenSSL vulnerability (USN-4662-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-1971"], "modified": "2020-12-09T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0", "p-cpe:/a:canonical:ubuntu_linux:openssl", "cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:openssl1.0", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0-udeb", "p-cpe:/a:canonical:ubuntu_linux:libcrypto1.1-udeb", "p-cpe:/a:canonical:ubuntu_linux:libssl-dev", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libssl1.0-dev", "p-cpe:/a:canonical:ubuntu_linux:libcrypto1.0.0-udeb", "cpe:/o:canonical:ubuntu_linux:20.10", "p-cpe:/a:canonical:ubuntu_linux:libssl1.1-udeb", "p-cpe:/a:canonical:ubuntu_linux:libssl1.1"], "id": "UBUNTU_USN-4662-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143587", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4662-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143587);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/16\");\n\n script_cve_id(\"CVE-2020-1971\");\n script_xref(name:\"USN\", value:\"4662-1\");\n script_xref(name:\"IAVA\", value:\"2020-A-0566\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : OpenSSL vulnerability (USN-4662-1)\");\n script_summary(english:\"Checks the dpkg output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by a\nvulnerability as referenced in the USN-4662-1 advisory.\n\n - The X.509 GeneralName type is a generic type for representing different types of names. One of those name\n types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different\n instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both\n GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a\n possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1)\n Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in\n an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp\n authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an\n attacker can control both items being compared then that attacker could trigger a crash. For example if\n the attacker can trick a client or server into checking a malicious certificate against a malicious CRL\n then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a\n certificate. This checking happens prior to the signatures on the certificate and CRL being verified.\n OpenSSL's s_server, s_client and verify tools have support for the -crl_download option which implements\n automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an\n unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of\n EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will\n accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue.\n Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected\n 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w). (CVE-2020-1971)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4662-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1971\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcrypto1.0.0-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcrypto1.1-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl1.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl1.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl1.1-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openssl1.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|20\\.04|20\\.10)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04 / 20.04 / 20.10', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\npkgs = [\n {'osver': '16.04', 'pkgname': 'libcrypto1.0.0-udeb', 'pkgver': '1.0.2g-1ubuntu4.18'},\n {'osver': '16.04', 'pkgname': 'libssl-dev', 'pkgver': '1.0.2g-1ubuntu4.18'},\n {'osver': '16.04', 'pkgname': 'libssl1.0.0', 'pkgver': '1.0.2g-1ubuntu4.18'},\n {'osver': '16.04', 'pkgname': 'libssl1.0.0-udeb', 'pkgver': '1.0.2g-1ubuntu4.18'},\n {'osver': '16.04', 'pkgname': 'openssl', 'pkgver': '1.0.2g-1ubuntu4.18'},\n {'osver': '18.04', 'pkgname': 'libcrypto1.0.0-udeb', 'pkgver': '1.0.2n-1ubuntu5.5'},\n {'osver': '18.04', 'pkgname': 'libcrypto1.1-udeb', 'pkgver': '1.1.1-1ubuntu2.1~18.04.7'},\n {'osver': '18.04', 'pkgname': 'libssl-dev', 'pkgver': '1.1.1-1ubuntu2.1~18.04.7'},\n {'osver': '18.04', 'pkgname': 'libssl1.0-dev', 'pkgver': '1.0.2n-1ubuntu5.5'},\n {'osver': '18.04', 'pkgname': 'libssl1.0.0', 'pkgver': '1.0.2n-1ubuntu5.5'},\n {'osver': '18.04', 'pkgname': 'libssl1.0.0-udeb', 'pkgver': '1.0.2n-1ubuntu5.5'},\n {'osver': '18.04', 'pkgname': 'libssl1.1', 'pkgver': '1.1.1-1ubuntu2.1~18.04.7'},\n {'osver': '18.04', 'pkgname': 'libssl1.1-udeb', 'pkgver': '1.1.1-1ubuntu2.1~18.04.7'},\n {'osver': '18.04', 'pkgname': 'openssl', 'pkgver': '1.1.1-1ubuntu2.1~18.04.7'},\n {'osver': '18.04', 'pkgname': 'openssl1.0', 'pkgver': '1.0.2n-1ubuntu5.5'},\n {'osver': '20.04', 'pkgname': 'libcrypto1.1-udeb', 'pkgver': '1.1.1f-1ubuntu2.1'},\n {'osver': '20.04', 'pkgname': 'libssl-dev', 'pkgver': '1.1.1f-1ubuntu2.1'},\n {'osver': '20.04', 'pkgname': 'libssl1.1', 'pkgver': '1.1.1f-1ubuntu2.1'},\n {'osver': '20.04', 'pkgname': 'libssl1.1-udeb', 'pkgver': '1.1.1f-1ubuntu2.1'},\n {'osver': '20.04', 'pkgname': 'openssl', 'pkgver': '1.1.1f-1ubuntu2.1'},\n {'osver': '20.10', 'pkgname': 'libcrypto1.1-udeb', 'pkgver': '1.1.1f-1ubuntu4.1'},\n {'osver': '20.10', 'pkgname': 'libssl-dev', 'pkgver': '1.1.1f-1ubuntu4.1'},\n {'osver': '20.10', 'pkgname': 'libssl1.1', 'pkgver': '1.1.1f-1ubuntu4.1'},\n {'osver': '20.10', 'pkgname': 'libssl1.1-udeb', 'pkgver': '1.1.1f-1ubuntu4.1'},\n {'osver': '20.10', 'pkgname': 'openssl', 'pkgver': '1.1.1f-1ubuntu4.1'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libcrypto1.0.0-udeb / libcrypto1.1-udeb / libssl-dev / libssl1.0-dev / etc');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}]}
