Lucene search
Copyright (C) 2015 Greenbone Networks GmbHOPENVAS:1361412562310120189HistorySep 08, 2015 - 12:00 a.m.
Amazon Linux: Security Advisory (ALAS-2014-429)
2015-09-0800:00:00
Copyright (C) 2015 Greenbone Networks GmbH
plugins.openvas.org
11
3.4 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
5.4 Medium
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.975 High
EPSS
Percentile
100.0%
The remote host is missing an update for the
# Copyright (C) 2015 Greenbone Networks GmbH
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.120189");
script_cve_id("CVE-2014-3566");
script_tag(name:"creation_date", value:"2015-09-08 11:19:32 +0000 (Tue, 08 Sep 2015)");
script_version("2021-10-15T11:02:56+0000");
script_tag(name:"last_modification", value:"2021-10-15 11:02:56 +0000 (Fri, 15 Oct 2021)");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:N/A:N");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2021-06-16 12:15:00 +0000 (Wed, 16 Jun 2021)");
script_name("Amazon Linux: Security Advisory (ALAS-2014-429)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2015 Greenbone Networks GmbH");
script_family("Amazon Linux Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/amazon_linux", "ssh/login/release");
script_xref(name:"Advisory-ID", value:"ALAS-2014-429");
script_xref(name:"URL", value:"https://alas.aws.amazon.com/ALAS-2014-429.html");
script_tag(name:"summary", value:"The remote host is missing an update for the 'nss' package(s) announced via the ALAS-2014-429 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.");
script_tag(name:"affected", value:"'nss' package(s) on Amazon Linux.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "AMAZON") {
if(!isnull(res = isrpmvuln(pkg:"nss", rpm:"nss~3.16.2~7.57.amzn1", rls:"AMAZON"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"nss-debuginfo", rpm:"nss-debuginfo~3.16.2~7.57.amzn1", rls:"AMAZON"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"nss-devel", rpm:"nss-devel~3.16.2~7.57.amzn1", rls:"AMAZON"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"nss-pkcs11-devel", rpm:"nss-pkcs11-devel~3.16.2~7.57.amzn1", rls:"AMAZON"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"nss-sysinit", rpm:"nss-sysinit~3.16.2~7.57.amzn1", rls:"AMAZON"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"nss-tools", rpm:"nss-tools~3.16.2~7.57.amzn1", rls:"AMAZON"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
ibm
ibm
fedora
fedora
[SECURITY] Fedora 22 Update: fossil-1.33-1.fc22
2015-10-15 03:51:23
[SECURITY] Fedora 21 Update: subscription-manager-1.13.6-1.fc21
2014-11-10 06:34:40
[SECURITY] Fedora 19 Update: python-rhsm-1.13.6-1.fc19
2014-11-07 02:33:12
nessus
nessus
Fedora 19 : python-rhsm-1.13.6-1.fc19 (2014-13794)
2014-11-07 00:00:00
Fedora 21 : claws-mail-3.11.1-2.fc21 / claws-mail-plugins-3.11.1-1.fc21 / libetpan-1.6-1.fc21 (2014-14217) (POODLE)
2014-11-11 00:00:00
AIX 7.1 TL 2 : nettcp (IV73974) (POODLE)
2015-06-19 00:00:00
suse
suse
Security update for suseRegister (important)
2015-01-05 21:04:43
redhat
redhat
(RHSA-2014:1653) Moderate: openssl security update
2014-10-16 00:00:00
(RHSA-2015:1546) Important: node.js security update
2015-08-04 00:00:00
openvas
openvas
Fedora Update for asterisk FEDORA-2014-15621
2015-01-05 00:00:00
Debian: Security Advisory (DSA-3489-1)
2016-03-08 00:00:00
Fedora Update for nodejs FEDORA-2014-15411
2015-01-05 00:00:00
centos
centos
openssl security update
2014-10-16 15:21:39
nss security update
2014-12-03 22:45:56
cisco
cisco
SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
2014-10-15 18:30:00
seebug
seebug
SSL 3.0 POODLE(CVE-2014-3566)
2017-02-17 00:00:00
osv
osv
lighttpd - security update
2015-07-25 00:00:00
hackerone
hackerone
New Relic: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
2017-03-26 19:08:23
X (Formerly Twitter): POODLE SSLv3 bug on multiple twitter smtp servers (mx3.twitter.com,199.59.148.204,199.16.156.108 and 199.59.148.204)
2017-11-09 21:44:16
Semrush: SSLv3 Poodle Attack on Ip Of semrush
2018-02-22 16:43:36
citrix
citrix
CVE-2014-3566 - Citrix Security Advisory for SSLv3 Protocol Flaw
2014-10-14 04:00:00
f5
f5
K15702 : SSLv3 vulnerability CVE-2014-3566
2015-09-18 00:00:00
veracode
veracode
Information Disclosure
2017-02-07 00:05:45
POODLE Attack
2017-05-03 05:12:56
cert
cert
POODLE vulnerability in SSL 3.0
2014-10-17 00:00:00
amazon
amazon
Important: openssl
2014-10-14 22:32:00
hp
hp
securityvulns
securityvulns
APPLE-SA-2014-10-16-2 Security Update 2014-005
2014-10-18 00:00:00
APPLE-SA-2014-10-16-5 OS X Server v2.2.5
2014-10-18 00:00:00
debiancve
debiancve
CVE-2014-3566
2014-10-15 00:55:00
freebsd
freebsd
davmail -- fix potential CVE-2014-3566 vulnerability (POODLE)
2014-10-27 00:00:00
paloalto
paloalto
SSL 3.0 MITM Attack
2014-10-20 07:00:00
threatpost
threatpost
OpenSSL Releases Patch for POODLE Attack
2014-10-16 10:29:53
ubuntucve
ubuntucve
CVE-2014-3566
2014-10-14 00:00:00
checkpoint_advisories
checkpoint_advisories
Secure Socket Layer (SSL) Version 3.0 (CVE-2014-3566)
2014-10-15 00:00:00
3.4 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
5.4 Medium
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.975 High
EPSS
Percentile
100.0%
Related for OPENVAS:1361412562310120189