DATABASE RESOURCES PRICING ABOUT US

{"id": "OPENVAS:1361412562310143949", "type": "openvas", "bulletinFamily": "scanner", "title": "Huawei Data Communication: Multiple OpenSSL Vulnerabilities in January 2017 (huawei-sa-20170503-01-openssl)", "description": "On January 26, 2017, the OpenSSL Software Foundation released a security advisory that included three new vulnerabilities.", "published": "2020-05-20T00:00:00", "modified": "2020-06-30T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310143949", "reporter": "Copyright (C) 2020 Greenbone Networks GmbH", "references": ["https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170503-01-openssl-en"], "cvelist": ["CVE-2017-3731", "CVE-2017-3732", "CVE-2017-3730"], "lastseen": "2020-07-21T19:55:20", "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "aix", "idList": ["OPENSSL_ADVISORY23.ASC"]}, {"type": "amazon", "idList": ["ALAS-2017-803", "ALAS-2018-1016", "ALAS2-2018-1004"]}, {"type": "archlinux", "idList": ["ASA-201701-36", "ASA-201701-37"]}, {"type": "centos", "idList": ["CESA-2017:0286"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2017-0151", "CPAI-2017-0153"]}, {"type": "cisco", "idList": ["CISCO-SA-20170130-OPENSSL"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:387B2BBB51760E1FFD4562D4008446F7"]}, {"type": "cve", "idList": ["CVE-2017-3730", "CVE-2017-3731", "CVE-2017-3732", "CVE-2017-3738"]}, {"type": "debian", "idList": ["DEBIAN:DLA-814-1:045BE", "DEBIAN:DLA-814-1:7031E", "DEBIAN:DSA-3773-1:2A1F5"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-3730", "DEBIANCVE:CVE-2017-3731", "DEBIANCVE:CVE-2017-3732", "DEBIANCVE:CVE-2017-3738"]}, {"type": "exploitdb", "idList": ["EDB-ID:41192"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:0361481628309A1D7E4A332182E03C24"]}, {"type": "f5", "idList": ["F5:K15551553", "F5:K34681653", "F5:K37526132", "F5:K44512851"]}, {"type": "fedora", "idList": ["FEDORA:6D641613A08A", "FEDORA:AB2DD6067A04"]}, {"type": "fortinet", "idList": ["FG-IR-17-019"]}, {"type": "freebsd", "idList": ["D455708A-E3D3-11E6-9940-B499BAEBFEAF"]}, {"type": "gentoo", "idList": ["GLSA-201702-07", "GLSA-201802-04"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20170503-01-OPENSSL"]}, {"type": "ibm", "idList": ["068E4774F9835C8E080EE324144DDF1D362B4CFF31E92E6F3B859DDEBD2C9E8C", "06FAF3AD79C8BAC8455C602C3F4C354C0CD9450DE060FB4D831ED000993782B4", "072EBEFE4EF574F4A87AC95BEA1237C43CF6D39DDD94C6BD9B965A322BB8CD15", "0DA16010754F6A3A66E6070FF741D701A7AD021EAE93340A6584612005BFDA0C", "0E703A42B01F9DF3E0FEC04EEA4F7733F5A313C86865501C0F8A79378E425C34", "0F4490A26A7A5960275AF6437143D350A19CD931C617E64E2575EA3E557FDA61", "0F73246124CA58D05064BB5D07082DCA6F2A1D48630CAAC82BCFFB4A71F45CA7", "1552258BC602B501CB144C17FE55DEC12CEDE82B9F4351E9E4F47BE8C7003BA9", "1BFF63EB8AF39056E08427B06D34E43B32E43FBCC74FB2A85F32E708984FD60F", "2614071BF8D5B0482694D82BE1651280FCE95089D3BF507FE1CD1ED3591D2446", "28F09F928D8A64947630E0341FDF6E6F1981E04939D0DE4237070C2BDEC2DDA7", "2BB93AE1C7A3B73A6491F3A66D7F39AEF96849CFFB0026B650053C816A375F8C", "2D6ABFD773A139FAF4A5896B0D244FEA196722BEDC26C16CCA61755624C6067D", "2F4353DF684AD6726CB9491220A703D4AD06D4406D7B35BEBCB2D4EE11863E10", "32C5F3A427C23B34350EBCA676883F18871AA834AA2E92920588454B1810F4E9", "374411ADB66A6B6C60B3EE4DE9977ADF2AE7482BB4DDC9927957858BCCD39B02", "399718E68B1AC921F1F63310793CB30CE98BCB15C409BBB99985FB5BE97A027F", "3C34CA137D675C01FA30FF52E4840DE4F8835BDD73CFE7BE14C18869DE46A7B2", "3D737E91C4B3785D05EA6B518DF81A98A3D897F7446C9E2969F3A9E22A7F3BF4", "3DF4EFFCBD4398CD9D2C6995C59DEC9020B7665B1A75D2B23F0CFA94C34BBB8A", "3E3AF8AC7BA63076BEE8FFB670B3A3F27E0903C83526E54496E50EB2DF74B875", "411DE209066A00259E38D292C22264C2EDA3B961B523920D589433F42FB534BC", "4337F9AE4A5A2285A37D88E12A5DAC941D106D987FD93F7005C756BEB07720F5", "470FB53E20DCF01D3FF4FB7251C5868A5D215FF7480131C88B1F5C06E159D01A", "4C98F5463E3FBB67682E7F864F699DD4A99514832D6E44999F6672401F35C8B0", "5641564DE1A4B9249AC0EED2F265EE204961C428F093EC99321D93DA0AA23C3E", "5711509DD871227FC9F7CD530DA0E06F21DDA1D522E7B1C76AC95D3AD5F6BC07", "5B0B2EDD5203252F048F6F7FEAB4D8B03C3C046A6B06FEEAD861F79A36B2F860", "5B4C19B2CA9D2714AEF1546FC810D709406148AD04288568A5EFCF5FDEF9B2D5", "5C71C4B21EF8CF2C7925B0511520A2651B8EF89C97FD0A4F71D6C559935F0CC2", "6CDA9CBBD4E668C70A53BD4F7D7CDE00CF73C49E1D8C5300C858682BFBB02BCB", "6DB274E6F7EB4D6F538135EC07CF4443980A5C2FC8C1652E16833E39D5F430D2", "73AC0A21A1C1C6C3987AD6559B838B31C02E7FC2112C00D32E18ABA3B130AC8F", "765EE754DDB2AFC25A4F81B453619E8DE782835F4B2ACED4DF8CE43B5D4C10B8", "78B5CDD949B0594AC0F181656CB6536E0B075D4B064576C915C9BFAF10028314", "79C9308A38227EABEE316B0407CBC46021561F829AEBF9659F93085D4FC63547", "7A811732B34C1BAA3F2209EA69EE01FCACF762E53C22EAE8A8FB7A45B4E7164D", "7BD03C97D3450FEAE4EB4F8F33140691B9F85B4915C83AFD5212FE881A12ADDA", "7C630DEEF9C025461097DE30AF143B45E948D8E848AEF027D365F38629529B0E", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "7E4E851053AF5C2BFADF66AC8494971BF986538EB9E1BEE4C5D8B83D2DB1BBB0", "7FE72ED4C858FD4F010CC95764D03AAC86CD4C73FE6C4B388FE981C9E76DD0F6", "8215E02FB88590F4B93468E9B3C6A2785DF30F06545A788005F8AA267BB66470", "8325E2E8632F22E10CD653162D8EFC2BD56BD809EC2298B08EF585D287E1CFA8", "838A16B0CE06CFADC4E063690DD0FFF6D0DC192AB216FFCF35FC2AB89203341C", "8451DCEAC7362310C8EAA923574AFEAD09CA58D139A870AE0ED1E3D11764573B", "85C244F40F078C64D61F63F2C6CB1A6851B539CC7B4530BE8884CFAD733EEA2C", "87B26C2B63AF8A971A79B4CB2207EC51AF74A57FD839002466AFD594F7918F65", "8A3C4FBF20635DD01A5B58269ABD76FF6451A13FCBB437C76C92D2484A5C9ECA", "9765CC2CD4E8CF43C86EE7859F7012EB2A38E6A4A80E55865CD6E4E883D3188A", "9872D764206750F6FD9C7F555D6B4C23926B755B4AE368CDD8485546CDEBC462", "98C2299E82C81E1CC3EFB8629E8262393014376C64F3F09018090397A1EA00AE", "9C1D1FE90E2F187821C270EFC3B5F3A57AF88428D8DB76F072CD050048739C9F", "9CCEB90B89301ED91DF7A501EF3103FD54D3AD611D342CF6E4B19E5105E84E35", "9D369F46B0635D31A8A683338B578CAD380D46F2A6EAA8E945524F1CAD77AC5B", "9D74E16E695D45F37788D786140C9FB31C6F44CCE29B81D1A1A36FDFC8AFFEE7", "A40A589B8B7C643E28A9A4004401F03C17A0AC69DEA5C00BDCF2D7C08F573EA9", "A4167E89DAF98623836F64826EDC7413C8B06B29A2E76A886419750438EAEA04", "A940972EE8C6FDFEAA789156E684C0D5729686CEDFD51FCF6C875BE8FF25FBF6", "ABF8825C48969D423E885B7CCB57BDB86E27F87DD082837A7884ABA77320FDB1", "ACF676405BBB5AE27485D9F48AD72AC6E8FE2D60EE0D4B0D45374459BCE07DA3", "B36A668C28C4D760F6B565A18CA1708BA647B0486720FF7FEE833AC59F8D4800", "B7FF1129A02D2738AED73A8C157F3D6D872B530527C875906B3678301D70ECBB", "B8E199CFC7A9C8DCF033928312B9AE0E344AB91916C93723350723B89FCB619A", "BC7F561FAB80D5D0A48021AB45201595C02030C9CECEBEB548DFB50B6376384A", "BFFC97D9B867396253756A09ED28B13F581A2B14A0637B4684951D9BD6071488", "C18E4772030D674D152D69B21575B31602E8081D2A7D63F34DF5712FA898D8EA", "C1DE62607E696F3135AA44A9ED964385998509307175EDF6F47BDAEC9E4F6C06", "C2E8B6DDE464206AEDDA1C71AA033CD48E5CBB40D6C71D0239B45AA056C35190", "C7752951E8085C186BF5D89E852FCD41F36C211BD9364B8CA87F6E4FF8AFF924", "C810968492FABE70B0CBF249C3674187F1C428AC5C884D1DBAAB3F0B6A3A7FC9", "C976F3FB2440651533AB7414A4F76FC3C66CAF49895BE704575E993E6B5F6D48", "CC714D6CB93526CA67C3B1AF953783F7648CF4A4936616886992C0290C5D5B18", "CF8080897BA997E374072C563D7B6C6088F56DDA07F407BD98DF25411FE5E09C", "D5AA5A836C6CC887766560D5C0DEA7A00ECE08E7210420C4B9BBFF45EA1FF9F6", "D70C0CFD2132EBB5AAF3CF53E301E73B5E5845FB7B0FC143B5DBE6CBAF3A884B", "DC6CFA97AFC11ECA8AC903B07B25377D9849F6E270CE2A8494F78E7B651A0389", "DDAC6B14B8934B2E6C225A197BD36CA0AC38FD8684F572F5702537FFE8240DAB", "DDBD4BDAEE1412B8C8199BA8BCDE15F2A42D1C2982D2BFF3B062BFCD642CDD23", "DEAFA2DB54593AA80919E191E6F6089E8FC07DD6414224DF7420DF6F55DF4BC8", "E298AFAE6C10545EEFE2EDCB1E58ACEB81769C82FC173BB89206A046496B5501", "ED421E5B06D77F465CCEA96D8345D19C2837ECC2D4297803042D83E3B60C624B", "EDB34CD93CDAF5921CF795AC72A6405C79962D06DE79535AF74133F2884DA4EB", "EF2B4F4110ACF96FDC34CF6D7B916C577277400859F5F464947088E0CE635995", "EF8F0A9CABE55A98975A5E586449578AFBE0581CC3BBC4848706891FDC02ED1D", "EFC96C84FC6627E09277E1FB61859CD2CA1859DFD91107C5D299A533D68503BF", "F0864C914EFB62F7C48822F52BDF423B57466738327736DD211AEFBE34B7C109", "F4BDACE4C2BD969BE014F58FD96BAC012DCB9FD40640A048ED223245FEA36AB5", "F7862E3AFF4165C1E96904B0CC478B568FD7C29638F30D7255C5D201546C0450", "F90FD904FE2AD66DEF4FDDFD5D99DDE1F5E9A79893EE2F3ADB1619E2F648B6FC"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/ALPINE-LINUX-CVE-2017-3738/", "MSF:ILITIES/AMAZON-LINUX-AMI-2-CVE-2017-3738/", "MSF:ILITIES/AMAZON_LINUX-CVE-2017-3738/", "MSF:ILITIES/CENTOS_LINUX-CVE-2017-3738/", "MSF:ILITIES/DEBIAN-CVE-2017-3738/", "MSF:ILITIES/FREEBSD-CVE-2017-3738/", "MSF:ILITIES/GENTOO-LINUX-CVE-2017-3738/", "MSF:ILITIES/HTTP-OPENSSL-CVE-2017-3738/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2017-3738/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP3-CVE-2017-3738/", "MSF:ILITIES/IBM-HTTP_SERVER-CVE-2017-3732/", "MSF:ILITIES/ORACLE-SOLARIS-CVE-2017-3738/", "MSF:ILITIES/ORACLE_LINUX-CVE-2017-3738/", "MSF:ILITIES/REDHAT_LINUX-CVE-2017-3738/", "MSF:ILITIES/SUSE-CVE-2017-3738/", "MSF:ILITIES/UBUNTU-CVE-2017-3738/"]}, {"type": "myhack58", "idList": ["MYHACK58:62201786348"]}, {"type": "nessus", "idList": ["9933.PRM", "9934.PRM", "AIX_OPENSSL_ADVISORY23.NASL", "ALA_ALAS-2017-803.NASL", "CENTOS_RHSA-2017-0286.NASL", "DEBIAN_DLA-814.NASL", "DEBIAN_DSA-3773.NASL", "EULEROS_SA-2017-1029.NASL", "EULEROS_SA-2017-1030.NASL", "F5_BIGIP_SOL37526132.NASL", "F5_BIGIP_SOL44512851.NASL", "FEDORA_2017-3451DBEC48.NASL", "FEDORA_2017-E853B4144F.NASL", "FREEBSD_PKG_D455708AE3D311E69940B499BAEBFEAF.NASL", "GENTOO_GLSA-201702-07.NASL", "GENTOO_GLSA-201802-04.NASL", "IBM_HTTP_SERVER_569301.NASL", "JUNIPER_JSA10775.NASL", "MYSQL_5_6_36.NASL", "MYSQL_5_6_36_RPM.NASL", "MYSQL_5_6_37.NASL", "MYSQL_5_6_37_RPM.NASL", "MYSQL_5_7_18.NASL", "MYSQL_5_7_18_RPM.NASL", "MYSQL_5_7_19.NASL", "MYSQL_5_7_19_RPM.NASL", "MYSQL_ENTERPRISE_MONITOR_3_3_3_1199.NASL", "OPENSSL_1_0_2K.NASL", "OPENSSL_1_1_0D.NASL", "OPENSUSE-2017-1196.NASL", "OPENSUSE-2017-1381.NASL", "OPENSUSE-2017-255.NASL", "OPENSUSE-2017-256.NASL", "OPENSUSE-2017-284.NASL", "OPENSUSE-2017-442.NASL", "OPENSUSE-2017-866.NASL", "OPENSUSE-2018-168.NASL", "ORACLELINUX_ELSA-2017-0286.NASL", "ORACLEVM_OVMSA-2017-0042.NASL", "ORACLE_ACCESS_MANAGER_CPU_JAN_2018.NASL", "ORACLE_ENTERPRISE_MANAGER_JUL_2017_CPU.NASL", "ORACLE_HTTP_SERVER_CPU_JAN_2018.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_APR_2017_CPU.NASL", "PALO_ALTO_PAN-OS_7_0_15.NASL", "REDHAT-RHSA-2017-0286.NASL", "REDHAT-RHSA-2018-2185.NASL", "REDHAT-RHSA-2018-2186.NASL", "REDHAT-RHSA-2018-2568.NASL", "REDHAT-RHSA-2018-2575.NASL", "REDHAT-RHSA-2018-2713.NASL", "SECURITYCENTER_5_4_3_TNS_2017_04.NASL", "SECURITYCENTER_OPENSSL_1_0_2K.NASL", "SLACKWARE_SSA_2017-041-02.NASL", "SL_20170220_OPENSSL_ON_SL6_X.NASL", "SUN_JAVA_WEB_SERVER_7_0_27.NASL", "SUSE_SU-2017-0431-1.NASL", "SUSE_SU-2017-0441-1.NASL", "SUSE_SU-2017-0461-1.NASL", "SUSE_SU-2017-0855-1.NASL", "SUSE_SU-2017-3343-1.NASL", "SUSE_SU-2018-0112-1.NASL", "SUSE_SU-2018-2839-1.NASL", "SUSE_SU-2018-2839-2.NASL", "SUSE_SU-2018-3082-1.NASL", "UBUNTU_USN-3181-1.NASL", "VIRTUOZZO_VZLSA-2017-0286.NASL", "VMWARE_ESXI_6_0_BUILD_5485776_REMOTE.NASL"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2017-3730", "OPENSSL:CVE-2017-3731", "OPENSSL:CVE-2017-3732", "OPENSSL:CVE-2017-3738"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310106828", "OPENVAS:1361412562310106949", "OPENVAS:1361412562310140168", "OPENVAS:1361412562310703773", "OPENVAS:1361412562310810542", "OPENVAS:1361412562310810545", "OPENVAS:1361412562310810546", "OPENVAS:1361412562310811440", "OPENVAS:1361412562310811441", "OPENVAS:1361412562310811989", "OPENVAS:1361412562310811990", "OPENVAS:1361412562310843029", "OPENVAS:1361412562310851633", "OPENVAS:1361412562310851665", "OPENVAS:1361412562310851703", "OPENVAS:1361412562310871760", "OPENVAS:1361412562310872342", "OPENVAS:1361412562310872359", "OPENVAS:1361412562310882659", "OPENVAS:1361412562310882660", "OPENVAS:1361412562310890814", "OPENVAS:1361412562311220171029", "OPENVAS:1361412562311220171030", "OPENVAS:703773"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2017", "ORACLE:CPUAPR2017-3236618", "ORACLE:CPUAPR2019", "ORACLE:CPUAPR2019-5072813", "ORACLE:CPUJAN2018", "ORACLE:CPUJAN2018-3236628", "ORACLE:CPUJUL2017", "ORACLE:CPUJUL2017-3236622", "ORACLE:CPUJUL2018", "ORACLE:CPUJUL2018-4258247", "ORACLE:CPUOCT2017", "ORACLE:CPUOCT2017-3236626"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-0286", "ELSA-2017-3518", "ELSA-2017-3519", "ELSA-2019-4747", "ELSA-2021-9150"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:140804", "PACKETSTORM:143369"]}, {"type": "paloalto", "idList": ["PAN-SA-2017-0012"]}, {"type": "redhat", "idList": ["RHSA-2017:0286", "RHSA-2018:2185", "RHSA-2018:2186", "RHSA-2018:2187", "RHSA-2018:2568", "RHSA-2018:2575", "RHSA-2018:2713"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-3730"]}, {"type": "slackware", "idList": ["SSA-2017-041-02"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:2868-1", "OPENSUSE-SU-2017:3345-1", "OPENSUSE-SU-2018:0458-1", "SUSE-SU-2017:2700-1", "SUSE-SU-2017:2701-1", "SUSE-SU-2017:3343-1", "SUSE-SU-2018:0112-1"]}, {"type": "symantec", "idList": ["SMNTC-1395"]}, {"type": "ubuntu", "idList": ["USN-3181-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-3730", "UB:CVE-2017-3731", "UB:CVE-2017-3732"]}, {"type": "zdt", "idList": ["1337DAY-ID-26827"]}]}, "score": {"value": 7.3, "vector": "NONE"}, "backreferences": {"references": [{"type": "aix", "idList": ["OPENSSL_ADVISORY23.ASC"]}, {"type": "amazon", "idList": ["ALAS2-2018-1004"]}, {"type": "archlinux", "idList": ["ASA-201701-36"]}, {"type": "centos", "idList": ["CESA-2017:0286"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2017-0151", "CPAI-2017-0153"]}, {"type": "cisco", "idList": ["CISCO-SA-20170130-OPENSSL"]}, {"type": "cve", "idList": ["CVE-2017-3730", "CVE-2017-3731"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-3730", "DEBIANCVE:CVE-2017-3731"]}, {"type": "exploitdb", "idList": ["EDB-ID:41192"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:0361481628309A1D7E4A332182E03C24"]}, {"type": "f5", "idList": ["F5:K15551553", "F5:K37526132"]}, {"type": "fedora", "idList": ["FEDORA:AB2DD6067A04"]}, {"type": "fortinet", "idList": ["FG-IR-17-019"]}, {"type": "gentoo", "idList": ["GLSA-201802-04"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20170503-01-OPENSSL"]}, {"type": "ibm", "idList": ["1BFF63EB8AF39056E08427B06D34E43B32E43FBCC74FB2A85F32E708984FD60F", "7E4E851053AF5C2BFADF66AC8494971BF986538EB9E1BEE4C5D8B83D2DB1BBB0", "9CCEB90B89301ED91DF7A501EF3103FD54D3AD611D342CF6E4B19E5105E84E35", "C810968492FABE70B0CBF249C3674187F1C428AC5C884D1DBAAB3F0B6A3A7FC9", "C976F3FB2440651533AB7414A4F76FC3C66CAF49895BE704575E993E6B5F6D48", "EFC96C84FC6627E09277E1FB61859CD2CA1859DFD91107C5D299A533D68503BF", "F0864C914EFB62F7C48822F52BDF423B57466738327736DD211AEFBE34B7C109"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/AMAZON_LINUX-CVE-2017-3738/", "MSF:ILITIES/CENTOS_LINUX-CVE-2017-3738/"]}, {"type": "myhack58", "idList": ["MYHACK58:62201786348"]}, {"type": "nessus", "idList": ["F5_BIGIP_SOL37526132.NASL", "GENTOO_GLSA-201802-04.NASL", "OPENSUSE-2017-1196.NASL", "SECURITYCENTER_5_4_3_TNS_2017_04.NASL"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2017-3730"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310106828", "OPENVAS:1361412562310140168", "OPENVAS:1361412562310810542", "OPENVAS:1361412562310810545", "OPENVAS:1361412562310810546", "OPENVAS:1361412562310811989", "OPENVAS:1361412562310811990"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2018"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-3518"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:140804"]}, {"type": "paloalto", "idList": ["PAN-SA-2017-0012"]}, {"type": "redhat", "idList": ["RHSA-2018:2575"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-3730"]}, {"type": "slackware", "idList": ["SSA-2017-041-02"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:2868-1", "SUSE-SU-2017:2700-1"]}, {"type": "symantec", "idList": ["SMNTC-1395"]}, {"type": "ubuntu", "idList": ["USN-3181-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-3730", "UB:CVE-2017-3731"]}, {"type": "zdt", "idList": ["1337DAY-ID-26827"]}]}, "exploitation": null, "vulnersScore": 7.3}, "pluginID": "1361412562310143949", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.143949\");\n script_version(\"2020-06-30T16:53:05+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-30 16:53:05 +0000 (Tue, 30 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-05-20 07:21:29 +0000 (Wed, 20 May 2020)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_cve_id(\"CVE-2017-3730\", \"CVE-2017-3731\", \"CVE-2017-3732\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Huawei Data Communication: Multiple OpenSSL Vulnerabilities in January 2017 (huawei-sa-20170503-01-openssl)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei\");\n script_dependencies(\"gb_huawei_vrp_network_device_consolidation.nasl\");\n script_mandatory_keys(\"huawei/vrp/detected\");\n\n script_tag(name:\"summary\", value:\"On January 26, 2017, the OpenSSL Software Foundation released a security advisory that included three new vulnerabilities.\");\n\n script_tag(name:\"insight\", value:\"On January 26, 2017, the OpenSSL Software Foundation released a security advisory that included three new vulnerabilities.If a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack. (Vulnerability ID: HWPSIRT-2017-02005)This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-3730.If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. (Vulnerability ID: HWPSIRT-2017-02006)This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-3731.There is a vulnerability in the x86_64 Montgomery squaring procedure, if DH parameters are used and a private key is shared between multiple clients, a successful exploit could allow the attacker to access sensitive private key information. (Vulnerability ID: HWPSIRT-2017-02007)This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-3732.Huawei has released software updates to fix these vulnerabilities. This advisory is available in the linked references.\");\n\n script_tag(name:\"impact\", value:\"A successful exploit may cause OpenSSL to crash when connecting to a malicious server.\");\n\n script_tag(name:\"affected\", value:\"AC6005 versions V200R007C10SPC200 V200R007C10SPC300 V200R007C10SPC300PWE V200R007C10SPH201 V200R007C10SPH301 V200R007C10SPH301PWE\n\n AC6605 versions V200R007C10SPC200 V200R007C10SPC300 V200R007C10SPC300PWE V200R007C10SPH201 V200R007C10SPH301 V200R007C10SPH301PWE\n\n AP2000 versions V200R007C10SPC200 V200R007C10SPC300 V200R007C10SPC500 V200R007C10SPC600\n\n AP3000 versions V200R007C10SPC200 V200R007C10SPC300 V200R007C10SPC500 V200R007C10SPC600\n\n AP4000 versions V200R007C10SPC200 V200R007C10SPC300 V200R007C10SPC500 V200R007C10SPC600\n\n AP6000 versions V200R007C10SPC200 V200R007C10SPC300 V200R007C10SPC500 V200R007C10SPC600\n\n AP7000 versions V200R007C10SPC200 V200R007C10SPC300 V200R007C10SPC500 V200R007C10SPC600\n\n IPS Module versions V500R001C30 V500R001C50 V500R001C50PWE\n\n NGFW Module versions V500R002C00 V500R002C10 V500R002C10PWE\n\n OceanStor 9000 versions V300R005C00\n\n OceanStor Backup Software versions V200R001C00\n\n RH5885 V3 versions V100R003C01 V100R003C10\n\n Secospace AntiDDoS8000 versions V500R001C60SPC501 V500R001C60SPC600 V500R001C60SPH601 V500R005C00SPC100\n\n Secospace AntiDDoS8030 versions V500R001C60SPC100 V500R001C60SPC300 V500R001C60SPC500 V500R001C80\n\n Secospace USG6600 versions V500R001C30 V500R001C50 V500R001C50PWE\n\n UPS2000 versions V100R002C02 V200R001C31 V200R001C90\n\n USG9500 versions V500R001C30SPC100 V500R001C30SPC200\n\n eSpace VCN3000 versions V100R002C10SPC103 V100R002C20SPC207.\");\n\n script_tag(name:\"solution\", value:\"See the referenced vendor advisory for a solution.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_xref(name:\"URL\", value:\"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170503-01-openssl-en\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ncpe_list = make_list(\"cpe:/o:huawei:ac6005_firmware\",\n \"cpe:/o:huawei:ac6605_firmware\",\n \"cpe:/o:huawei:ap2000_firmware\",\n \"cpe:/o:huawei:ap3000_firmware\",\n \"cpe:/o:huawei:ap4000_firmware\",\n \"cpe:/o:huawei:ap6000_firmware\",\n \"cpe:/o:huawei:ap7000_firmware\",\n \"cpe:/o:huawei:ips_module_firmware\",\n \"cpe:/o:huawei:ngfw_module_firmware\",\n \"cpe:/o:huawei:oceanstor_9000_firmware\",\n \"cpe:/o:huawei:oceanstor_backup_firmware\",\n \"cpe:/o:huawei:rh5885_v3_firmware\",\n \"cpe:/o:huawei:antiddos8000_firmware\",\n \"cpe:/o:huawei:antiddos8030_firmware\",\n \"cpe:/o:huawei:usg6600_firmware\",\n \"cpe:/o:huawei:ups2000_firmware\",\n \"cpe:/o:huawei:usg9500_firmware\",\n \"cpe:/o:huawei:espace_vcn3000_firmware\");\n\nif (!infos = get_app_version_from_list(cpe_list: cpe_list, nofork: TRUE))\n exit(0);\n\ncpe = infos[\"cpe\"];\nversion = toupper(infos[\"version\"]);\npatch = get_kb_item(\"huawei/vrp/patch\");\n\nif (cpe == \"cpe:/o:huawei:ac6005_firmware\") {\n if(version == \"V200R007C10SPC200\" || version == \"V200R007C10SPC300\" || version == \"V200R007C10SPC300PWE\" || version == \"V200R007C10SPH201\" || version == \"V200R007C10SPH301\" || version == \"V200R007C10SPH301PWE\") {\n if (!patch || version_is_less(version: patch, test_version: \"v200r007c20spc200\")) {\n report = report_fixed_ver(installed_version: version, installed_patch: patch, fixed_version: \"v200r007c20spc200\");\n security_message(port: 0, data: report);\n exit(0);\n }\n }\n}\nelse if (cpe == \"cpe:/o:huawei:ac6605_firmware\") {\n if(version == \"V200R007C10SPC200\" || version == \"V200R007C10SPC300\" || version == \"V200R007C10SPC300PWE\" || version == \"V200R007C10SPH201\" || version == \"V200R007C10SPH301\" || version == \"V200R007C10SPH301PWE\") {\n if (!patch || version_is_less(version: patch, test_version: \"v200r007c20spc200\")) {\n report = report_fixed_ver(installed_version: version, installed_patch: patch, fixed_version: \"v200r007c20spc200\");\n security_message(port: 0, data: report);\n exit(0);\n }\n }\n}\nelse if (cpe == \"cpe:/o:huawei:ap2000_firmware\") {\n if(version == \"V200R007C10SPC200\" || version == \"V200R007C10SPC300\" || version == \"V200R007C10SPC500\" || version == \"V200R007C10SPC600\") {\n if (!patch || version_is_less(version: patch, test_version: \"V200R007C20SPC200\")) {\n report = report_fixed_ver(installed_version: version, installed_patch: patch, fixed_version: \"V200R007C20SPC200\");\n security_message(port: 0, data: report);\n exit(0);\n }\n }\n}\nelse if (cpe == \"cpe:/o:huawei:ap3000_firmware\") {\n if(version == \"V200R007C10SPC200\" || version == \"V200R007C10SPC300\" || version == \"V200R007C10SPC500\" || version == \"V200R007C10SPC600\") {\n if (!patch || version_is_less(version: patch, test_version: \"V200R007C20SPC200\")) {\n report = report_fixed_ver(installed_version: version, installed_patch: patch, fixed_version: \"V200R007C20SPC200\");\n security_message(port: 0, data: report);\n exit(0);\n }\n }\n}\nelse if (cpe == \"cpe:/o:huawei:ap4000_firmware\") {\n if(version == \"V200R007C10SPC200\" || version == \"V200R007C10SPC300\" || version == \"V200R007C10SPC500\" || version == \"V200R007C10SPC600\") {\n if (!patch || version_is_less(version: patch, test_version: \"V200R007C20SPC200\")) {\n report = report_fixed_ver(installed_version: version, installed_patch: patch, fixed_version: \"V200R007C20SPC200\");\n security_message(port: 0, data: report);\n exit(0);\n }\n }\n}\nelse if (cpe == \"cpe:/o:huawei:ap6000_firmware\") {\n if(version == \"V200R007C10SPC200\" || version == \"V200R007C10SPC300\" || version == \"V200R007C10SPC500\" || version == \"V200R007C10SPC600\") {\n if (!patch || version_is_less(version: patch, test_version: \"v200r007c20spc200\")) {\n report = report_fixed_ver(installed_version: version, installed_patch: patch, fixed_version: \"v200r007c20spc200\");\n security_message(port: 0, data: report);\n exit(0);\n }\n }\n}\nelse if (cpe == \"cpe:/o:huawei:ap7000_firmware\") {\n if(version == \"V200R007C10SPC200\" || version == \"V200R007C10SPC300\" || version == \"V200R007C10SPC500\" || version == \"V200R007C10SPC600\") {\n if (!patch || version_is_less(version: patch, test_version: \"v200r007c20spc200\")) {\n report = report_fixed_ver(installed_version: version, installed_patch: patch, fixed_version: \"v200r007c20spc200\");\n security_message(port: 0, data: report);\n exit(0);\n }\n }\n}\nelse if (cpe == \"cpe:/o:huawei:ips_module_firmware\") {\n if(version == \"V500R001C30\" || version == \"V500R001C50\" || version == \"V500R001C50PWE\") {\n if (!patch || version_is_less(version: patch, test_version: \"V5R5C00SPC100\")) {\n report = report_fixed_ver(installed_version: version, installed_patch: patch, fixed_version: \"V5R5C00SPC100\");\n security_message(port: 0, data: report);\n exit(0);\n }\n }\n}\nelse if (cpe == \"cpe:/o:huawei:ngfw_module_firmware\") {\n if(version == \"V500R002C00\" || version == \"V500R002C10\" || version == \"V500R002C10PWE\") {\n if (!patch || version_is_less(version: patch, test_version: \"V5R5C00SPC100\")) {\n report = report_fixed_ver(installed_version: version, installed_patch: patch, fixed_version: \"V5R5C00SPC100\");\n security_message(port: 0, data: report);\n exit(0);\n }\n }\n}\nelse if (cpe == \"cpe:/o:huawei:oceanstor_9000_firmware\") {\n if(version == \"V300R005C00\") {\n if (!patch || version_is_less(version: patch, test_version: \"V300R006C00SPC100\")) {\n report = report_fixed_ver(installed_version: version, installed_patch: patch, fixed_version: \"V300R006C00SPC100\");\n security_message(port: 0, data: report);\n exit(0);\n }\n }\n}\nelse if (cpe == \"cpe:/o:huawei:oceanstor_backup_firmware\") {\n if(version == \"V200R001C00\") {\n if (!patch || version_is_less(version: patch, test_version: \"V200R001C00SPC203\")) {\n report = report_fixed_ver(installed_version: version, installed_patch: patch, fixed_version: \"V200R001C00SPC203\");\n security_message(port: 0, data: report);\n exit(0);\n }\n }\n}\nelse if (cpe == \"cpe:/o:huawei:rh5885_v3_firmware\") {\n if(version == \"V100R003C01\" || version == \"V100R003C10\") {\n if (!patch || version_is_less(version: patch, test_version: \"V100R003C10SPC111\")) {\n report = report_fixed_ver(installed_version: version, installed_patch: patch, fixed_version: \"V100R003C10SPC111\");\n security_message(port: 0, data: report);\n exit(0);\n }\n }\n}\nelse if (cpe == \"cpe:/o:huawei:antiddos8000_firmware\") {\n if(version == \"V500R001C60SPC501\" || version == \"V500R001C60SPC600\" || version == \"V500R001C60SPH601\" || version == \"V500R005C00SPC100\") {\n if (!patch || version_is_less(version: patch, test_version: \"V500R005C00SPC300\")) {\n report = report_fixed_ver(installed_version: version, installed_patch: patch, fixed_version: \"V500R005C00SPC300\");\n security_message(port: 0, data: report);\n exit(0);\n }\n }\n}\nelse if (cpe == \"cpe:/o:huawei:antiddos8030_firmware\") {\n if(version == \"V500R001C60SPC100\" || version == \"V500R001C60SPC300\" || version == \"V500R001C60SPC500\" || version == \"V500R001C80\") {\n if (!patch || version_is_less(version: patch, test_version: \"V500R005C00\")) {\n report = report_fixed_ver(installed_version: version, installed_patch: patch, fixed_version: \"V500R005C00\");\n security_message(port: 0, data: report);\n exit(0);\n }\n }\n}\nelse if (cpe == \"cpe:/o:huawei:usg6600_firmware\") {\n if(version == \"V500R001C30\" || version == \"V500R001C50\" || version == \"V500R001C50PWE\") {\n if (!patch || version_is_less(version: patch, test_version: \"V500R001C30SPC600\")) {\n report = report_fixed_ver(installed_version: version, installed_patch: patch, fixed_version: \"V500R001C30SPC600\");\n security_message(port: 0, data: report);\n exit(0);\n }\n }\n}\nelse if (cpe == \"cpe:/o:huawei:ups2000_firmware\") {\n if(version == \"V100R002C02\" || version == \"V200R001C31\" || version == \"V200R001C90\") {\n if (!patch || version_is_less(version: patch, test_version: \"V100R002C02SPC302\")) {\n report = report_fixed_ver(installed_version: version, installed_patch: patch, fixed_version: \"V100R002C02SPC302\");\n security_message(port: 0, data: report);\n exit(0);\n }\n }\n}\nelse if (cpe == \"cpe:/o:huawei:usg9500_firmware\") {\n if(version == \"V500R001C30SPC100\" || version == \"V500R001C30SPC200\") {\n if (!patch || version_is_less(version: patch, test_version: \"V500R001C30SPC600\")) {\n report = report_fixed_ver(installed_version: version, installed_patch: patch, fixed_version: \"V500R001C30SPC600\");\n security_message(port: 0, data: report);\n exit(0);\n }\n }\n}\nelse if (cpe == \"cpe:/o:huawei:espace_vcn3000_firmware\") {\n if(version == \"V100R002C10SPC103\" || version == \"V100R002C20SPC207\") {\n if (!patch || version_is_less(version: patch, test_version: \"V100R002C30\")) {\n report = report_fixed_ver(installed_version: version, installed_patch: patch, fixed_version: \"V100R002C30\");\n security_message(port: 0, data: report);\n exit(0);\n }\n }\n}\n\nexit(99);\n", "naslFamily": "Huawei", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647589307, "score": 0}}

{"nessus": [{"lastseen": "2021-08-19T12:37:57", "description": "According to its banner, the version of OpenSSL on the remote host is version 1.1.0 prior to 1.1.0d and is affected by multiple vulnerabilities :\n\n - A NULL pointer dereference flaw exists in 'ssl/statem/statem_clnt.c' that is triggered during the handling of parameters for the DHE or ECDHE key exchanges. This may allow a remote attacker to crash a process linked against the library. (CVE-2017-3730)\n - An out-of-bounds read flaw exists in 'crypto/evp/e_chacha20_poly1305.c' that is triggered during the handling of packets when using the CHACHA20/POLY1305 cipher. This may allow a remote attacker to crash a process linked against the library. (CVE-2017-3731)\n - A carry propagating flaw exists in the Montgomery squaring procedure in 'crypto/bn/asm/x86_64-mont5.pl'. This may cause 'BN_mod_exp' to produce incorrect results, which may potentially allow an attacker to derive information regarding private keys. (CVE-2017-3732)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-02-02T00:00:00", "type": "nessus", "title": "OpenSSL 1.1.0 < 1.1.0d Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3731", "CVE-2017-3732", "CVE-2017-3730"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*"], "id": "9933.PRM", "href": "https://www.tenable.com/plugins/nnm/9933", "sourceData": "Binary data 9933.prm", "cvss": {"score": 7.8, "vector": "CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:38:06", "description": "The remote host is affected by the vulnerability described in GLSA-201702-07 (OpenSSL: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker is able to crash applications linked against OpenSSL or could obtain sensitive private-key information via an attack against the Diffie-Hellman (DH) ciphersuite.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-02-15T00:00:00", "type": "nessus", "title": "GLSA-201702-07 : OpenSSL: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7055", "CVE-2017-3730", "CVE-2017-3731", "CVE-2017-3732"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:openssl", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201702-07.NASL", "href": "https://www.tenable.com/plugins/nessus/97183", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201702-07.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97183);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-7055\", \"CVE-2017-3730\", \"CVE-2017-3731\", \"CVE-2017-3732\");\n script_xref(name:\"GLSA\", value:\"201702-07\");\n\n script_name(english:\"GLSA-201702-07 : OpenSSL: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201702-07\n(OpenSSL: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in OpenSSL. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker is able to crash applications linked against OpenSSL\n or could obtain sensitive private-key information via an attack against\n the Diffie-Hellman (DH) ciphersuite.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201702-07\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All OpenSSL users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/openssl-1.0.2k'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-libs/openssl\", unaffected:make_list(\"ge 1.0.2k\"), vulnerable:make_list(\"lt 1.0.2k\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenSSL\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:38:07", "description": "The OpenSSL project reports :\n\n- Truncated packet could crash via OOB read (CVE-2017-3731)\n\n- Bad (EC)DHE parameters cause a client crash (CVE-2017-3730)\n\n- BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)\n\n- Montgomery multiplication may produce incorrect results (CVE-2016-7055)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-01-27T00:00:00", "type": "nessus", "title": "FreeBSD : OpenSSL -- multiple vulnerabilities (d455708a-e3d3-11e6-9940-b499baebfeaf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7055", "CVE-2017-3730", "CVE-2017-3731", "CVE-2017-3732"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:linux-c6-openssl", "p-cpe:/a:freebsd:freebsd:linux-c7-openssl-libs", "p-cpe:/a:freebsd:freebsd:openssl", "p-cpe:/a:freebsd:freebsd:openssl-devel", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_D455708AE3D311E69940B499BAEBFEAF.NASL", "href": "https://www.tenable.com/plugins/nessus/96821", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96821);\n script_version(\"3.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-7055\", \"CVE-2017-3730\", \"CVE-2017-3731\", \"CVE-2017-3732\");\n script_xref(name:\"FreeBSD\", value:\"SA-17:02.openssl\");\n\n script_name(english:\"FreeBSD : OpenSSL -- multiple vulnerabilities (d455708a-e3d3-11e6-9940-b499baebfeaf)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The OpenSSL project reports :\n\n- Truncated packet could crash via OOB read (CVE-2017-3731)\n\n- Bad (EC)DHE parameters cause a client crash (CVE-2017-3730)\n\n- BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)\n\n- Montgomery multiplication may produce incorrect results\n(CVE-2016-7055)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20170126.txt\"\n );\n # https://vuxml.freebsd.org/freebsd/d455708a-e3d3-11e6-9940-b499baebfeaf.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?155a5dba\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-c6-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-c7-openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"openssl<1.0.2k,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"openssl-devel<1.1.0d\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-c6-openssl<1.0.1e_13\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-c7-openssl-libs<1.0.1e_3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-03-27T15:28:38", "description": "According to its banner, the version of OpenSSL running on the remote host is 1.1.0 prior to 1.1.0d. It is, therefore, affected by multiple vulnerabilities :\n\n - A NULL pointer dereference flaw exists within file ssl/statem/statem_clnt.c when handling parameters for the DHE or ECDHE key exchanges. An unauthenticated, remote attacker can exploit this, via specially crafted parameters, to cause a denial of service condition.\n (CVE-2017-3730)\n\n - An out-of-bounds read error exists when handling packets using the CHACHA20/POLY1305 or RC4-MD5 ciphers. An unauthenticated, remote attacker can exploit this, via specially crafted truncated packets, to cause a denial of service condition. (CVE-2017-3731)\n\n - A carry propagating error exists in the x86_64 Montgomery squaring implementation that may cause the BN_mod_exp() function to produce incorrect results. An unauthenticated, remote attacker with sufficient resources can exploit this to obtain sensitive information regarding private keys. Note that this issue is very similar to CVE-2015-3193. Moreover, the attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example, this can occur by default in OpenSSL DHE based SSL/TLS cipher suites. (CVE-2017-3732)", "cvss3": {"score": 5.9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2017-01-30T00:00:00", "type": "nessus", "title": "OpenSSL 1.1.0 < 1.1.0d Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3193", "CVE-2017-3730", "CVE-2017-3731", "CVE-2017-3732"], "modified": "2019-11-13T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_1_1_0D.NASL", "href": "https://www.tenable.com/plugins/nessus/96874", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96874);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/13\");\n\n script_cve_id(\"CVE-2017-3730\", \"CVE-2017-3731\", \"CVE-2017-3732\");\n script_bugtraq_id(95812, 95813, 95814);\n\n script_name(english:\"OpenSSL 1.1.0 < 1.1.0d Multiple Vulnerabilities\");\n script_summary(english:\"Performs a banner check.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A service running on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of OpenSSL running on the remote\nhost is 1.1.0 prior to 1.1.0d. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A NULL pointer dereference flaw exists within file\n ssl/statem/statem_clnt.c when handling parameters for\n the DHE or ECDHE key exchanges. An unauthenticated,\n remote attacker can exploit this, via specially crafted\n parameters, to cause a denial of service condition.\n (CVE-2017-3730)\n\n - An out-of-bounds read error exists when handling packets\n using the CHACHA20/POLY1305 or RC4-MD5 ciphers. An\n unauthenticated, remote attacker can exploit this, via\n specially crafted truncated packets, to cause a denial\n of service condition. (CVE-2017-3731)\n\n - A carry propagating error exists in the x86_64\n Montgomery squaring implementation that may cause the\n BN_mod_exp() function to produce incorrect results. An\n unauthenticated, remote attacker with sufficient\n resources can exploit this to obtain sensitive\n information regarding private keys. Note that this issue\n is very similar to CVE-2015-3193. Moreover, the attacker\n would additionally need online access to an unpatched\n system using the target private key in a scenario with\n persistent DH parameters and a private key that is\n shared between multiple clients. For example, this can\n occur by default in OpenSSL DHE based SSL/TLS cipher\n suites. (CVE-2017-3732)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20170126.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to OpenSSL version 1.1.0d or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-3732\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:'1.1.0d', min:\"1.1.0\", severity:SECURITY_WARNING);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:37:56", "description": "According to its banner, the version of OpenSSL on the remote host is version 1.0.2 prior to 1.0.2k and is affected by multiple vulnerabilities :\n\n - An out-of-bounds read flaw exists in 'crypto/evp/e_chacha20_poly1305.c' that is triggered during the handling of packets when using the CHACHA20/POLY1305 cipher. This may allow a remote attacker to crash a process linked against the library. (CVE-2017-3731)\n - A carry propagating flaw exists in the Montgomery squaring procedure in 'crypto/bn/asm/x86_64-mont5.pl'. This may cause 'BN_mod_exp' to produce incorrect results, which may potentially allow an attacker to derive information regarding private keys. (CVE-2017-3732)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-02-02T00:00:00", "type": "nessus", "title": "OpenSSL 1.0.2 < 1.0.2k Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3731", "CVE-2017-3732"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*"], "id": "9934.PRM", "href": "https://www.tenable.com/plugins/nnm/9934", "sourceData": "Binary data 9934.prm", "cvss": {"score": 7.8, "vector": "CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-06-16T16:11:49", "description": "This update for nodejs6 fixes the following issues: New upstream LTS release 6.9.5. The embedded openssl sources were updated to 1.0.2k (CVE-2017-3731, CVE-2017-3732, CVE-2016-7055, bsc#1022085, bsc#1022086, bsc#1009528) Other fixes :\n\n - Add basic check that Node.js loads successfully to spec file\n\n - New upstream LTS release 6.9.3\n\n - build: shared library support is now working for AIX builds\n\n - deps/npm: upgrade npm to 3.10.10\n\n - deps/V8: destructuring of arrow function arguments via computed property no longer throws\n\n - inspector: /json/version returns object, not an object wrapped in an array\n\n - module: using --debug-brk and --eval together now works as expected\n\n - process: improve performance of nextTick up to 20%\n\n - repl: the division operator will no longer be accidentally parsed as regex\n\n - repl: improved support for generator functions\n\n - timers: recanceling a cancelled timers will no longer throw\n\n - New upstream LTS version 6.9.2\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2019-01-02T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : nodejs6 (SUSE-SU-2017:0431-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7055", "CVE-2017-3731", "CVE-2017-3732"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:nodejs6", "p-cpe:/a:novell:suse_linux:nodejs6-debuginfo", "p-cpe:/a:novell:suse_linux:nodejs6-debugsource", "p-cpe:/a:novell:suse_linux:nodejs6-devel", "p-cpe:/a:novell:suse_linux:npm6", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-0431-1.NASL", "href": "https://www.tenable.com/plugins/nessus/119992", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0431-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119992);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-7055\", \"CVE-2017-3731\", \"CVE-2017-3732\");\n\n script_name(english:\"SUSE SLES12 Security Update : nodejs6 (SUSE-SU-2017:0431-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for nodejs6 fixes the following issues: New upstream LTS\nrelease 6.9.5. The embedded openssl sources were updated to 1.0.2k\n(CVE-2017-3731, CVE-2017-3732, CVE-2016-7055, bsc#1022085,\nbsc#1022086, bsc#1009528) Other fixes :\n\n - Add basic check that Node.js loads successfully to spec\n file\n\n - New upstream LTS release 6.9.3\n\n - build: shared library support is now working for AIX\n builds\n\n - deps/npm: upgrade npm to 3.10.10\n\n - deps/V8: destructuring of arrow function arguments via\n computed property no longer throws\n\n - inspector: /json/version returns object, not an object\n wrapped in an array\n\n - module: using --debug-brk and --eval together now works\n as expected\n\n - process: improve performance of nextTick up to 20%\n\n - repl: the division operator will no longer be\n accidentally parsed as regex\n\n - repl: improved support for generator functions\n\n - timers: recanceling a cancelled timers will no longer\n throw\n\n - New upstream LTS version 6.9.2\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1009528\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022085\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7055/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3731/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3732/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170431-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?10aa8bc7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Web Scripting 12:zypper in -t patch\nSUSE-SLE-Module-Web-Scripting-12-2017-221=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-3732\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs6-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs6-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs6-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:npm6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"nodejs6-6.9.5-7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"nodejs6-debuginfo-6.9.5-7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"nodejs6-debugsource-6.9.5-7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"nodejs6-devel-6.9.5-7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"npm6-6.9.5-7.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nodejs6\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-06-16T16:14:56", "description": "nodejs was updated to LTS release 4.7.3 to fix the following issues :\n\n - deps: upgrade embedded openssl sources to 1.0.2k (CVE-2017-3731, CVE-2017-3732, CVE-2016-7055, boo#1022085, boo#1022086, boo#1009528)\n\nChanges in LTS release 4.7.1 :\n\n - build: shared library support is now working for AIX builds\n\n - repl: passing options to the repl will no longer overwrite defaults\n\n - timers: recanceling a cancelled timers will no longer throw\n\nChanges in LTS release 4.7.0 :\n\n - build: introduce the configure --shared option for embedders\n\n - debugger: make listen address configurable in debugger server\n\n - dgram: generalized send queue to handle close, fixing a potential throw when dgram socket is closed in the listening event handler\n\n - http: introduce the 451 status code 'Unavailable For Legal Reasons'\n\n - gtest: the test reporter now outputs tap comments as yamlish\n\n - tls: introduce secureContext for tls.connect (useful for caching client certificates, key, and CA certificates)\n\n - tls: fix memory leak when writing data to TLSWrap instance during handshake\n\n - src: node no longer aborts when c-ares initialization fails\n\nChanges in LTS release 4.6.2 :\n\n - build: it is now possible to build the documentation from the release tarball\n\n - buffer: Buffer.alloc() will no longer incorrectly return a zero filled buffer when an encoding is passed\n\n - deps/npm: upgrade npm in LTS to 2.15.11\n\n - repl: enable tab completion for global properties\n\n - url: url.format() will now encode all '#' in search", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-02-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : nodejs (openSUSE-2017-284)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7055", "CVE-2017-3731", "CVE-2017-3732"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:nodejs", "p-cpe:/a:novell:opensuse:nodejs-debuginfo", "p-cpe:/a:novell:opensuse:nodejs-debugsource", "p-cpe:/a:novell:opensuse:nodejs-devel", "p-cpe:/a:novell:opensuse:npm", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2017-284.NASL", "href": "https://www.tenable.com/plugins/nessus/97292", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-284.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97292);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-7055\", \"CVE-2017-3731\", \"CVE-2017-3732\");\n\n script_name(english:\"openSUSE Security Update : nodejs (openSUSE-2017-284)\");\n script_summary(english:\"Check for the openSUSE-2017-284 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"nodejs was updated to LTS release 4.7.3 to fix the following issues :\n\n - deps: upgrade embedded openssl sources to 1.0.2k\n (CVE-2017-3731, CVE-2017-3732, CVE-2016-7055,\n boo#1022085, boo#1022086, boo#1009528)\n\nChanges in LTS release 4.7.1 :\n\n - build: shared library support is now working for AIX\n builds\n\n - repl: passing options to the repl will no longer\n overwrite defaults\n\n - timers: recanceling a cancelled timers will no longer\n throw\n\nChanges in LTS release 4.7.0 :\n\n - build: introduce the configure --shared option for\n embedders\n\n - debugger: make listen address configurable in debugger\n server\n\n - dgram: generalized send queue to handle close, fixing a\n potential throw when dgram socket is closed in the\n listening event handler\n\n - http: introduce the 451 status code 'Unavailable For\nLegal Reasons'\n\n - gtest: the test reporter now outputs tap comments as\n yamlish\n\n - tls: introduce secureContext for tls.connect (useful for\n caching client certificates, key, and CA certificates)\n\n - tls: fix memory leak when writing data to TLSWrap\n instance during handshake\n\n - src: node no longer aborts when c-ares initialization\n fails\n\nChanges in LTS release 4.6.2 :\n\n - build: it is now possible to build the documentation\n from the release tarball\n\n - buffer: Buffer.alloc() will no longer incorrectly return\n a zero filled buffer when an encoding is passed\n\n - deps/npm: upgrade npm in LTS to 2.15.11\n\n - repl: enable tab completion for global properties\n\n - url: url.format() will now encode all '#' in search\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1009528\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1022085\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1022086\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected nodejs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:npm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"nodejs-4.7.3-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"nodejs-debuginfo-4.7.3-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"nodejs-debugsource-4.7.3-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"nodejs-devel-4.7.3-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"npm-4.7.3-39.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nodejs / nodejs-debuginfo / nodejs-debugsource / nodejs-devel / npm\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-16T16:15:26", "description": "Minor upstream release fixing CVE-2016-8610, CVE-2017-3731, CVE-2017-3732.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-02-08T00:00:00", "type": "nessus", "title": "Fedora 25 : 1:openssl (2017-3451dbec48)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8610", "CVE-2017-3731", "CVE-2017-3732"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:openssl", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-3451DBEC48.NASL", "href": "https://www.tenable.com/plugins/nessus/97054", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-3451dbec48.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97054);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-8610\", \"CVE-2017-3731\", \"CVE-2017-3732\");\n script_xref(name:\"FEDORA\", value:\"2017-3451dbec48\");\n\n script_name(english:\"Fedora 25 : 1:openssl (2017-3451dbec48)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Minor upstream release fixing CVE-2016-8610, CVE-2017-3731,\nCVE-2017-3732.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-3451dbec48\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 1:openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"openssl-1.0.2k-1.fc25\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:openssl\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-16T16:14:12", "description": "Minor upstream release fixing CVE-2016-8610, CVE-2017-3731, CVE-2017-3732.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-02-15T00:00:00", "type": "nessus", "title": "Fedora 24 : 1:openssl (2017-e853b4144f)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8610", "CVE-2017-3731", "CVE-2017-3732"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:openssl", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2017-E853B4144F.NASL", "href": "https://www.tenable.com/plugins/nessus/97180", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-e853b4144f.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97180);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-8610\", \"CVE-2017-3731\", \"CVE-2017-3732\");\n script_xref(name:\"FEDORA\", value:\"2017-e853b4144f\");\n\n script_name(english:\"Fedora 24 : 1:openssl (2017-e853b4144f)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Minor upstream release fixing CVE-2016-8610, CVE-2017-3731,\nCVE-2017-3732.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-e853b4144f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 1:openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"openssl-1.0.2k-1.fc24\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:openssl\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-16T16:12:44", "description": "This update for nodejs4 fixes the following issues :\n\n - New upstream LTS release 4.7.3 The embedded openssl sources were updated to 1.0.2k (CVE-2017-3731, CVE-2017-3732, CVE-2016-7055, bsc#1022085, bsc#1022086, bsc#1009528)\n\n - No changes in LTS version 4.7.2\n\n - New upstream LTS release 4.7.1\n\n - build: shared library support is now working for AIX builds\n\n - repl: passing options to the repl will no longer overwrite defaults\n\n - timers: recanceling a cancelled timers will no longer throw\n\n - New upstream LTS version 4.7.0\n\n - build: introduce the configure --shared option for embedders\n\n - debugger: make listen address configurable in debugger server\n\n - dgram: generalized send queue to handle close, fixing a potential throw when dgram socket is closed in the listening event handler\n\n - http: introduce the 451 status code 'Unavailable For Legal Reasons'\n\n - gtest: the test reporter now outputs tap comments as yamlish\n\n - tls: introduce secureContext for tls.connect (useful for caching client certificates, key, and CA certificates)\n\n - tls: fix memory leak when writing data to TLSWrap instance during handshake\n\n - src: node no longer aborts when c-ares initialization fails\n\n - ported and updated system CA store for the new node crypto code\n\n - New upstream LTS version 4.6.2\n\n - build :\n\n + It is now possible to build the documentation from the release tarball.\n\n - buffer :\n\n + Buffer.alloc() will no longer incorrectly return a zero filled buffer when an encoding is passed.\n\n - deps :\n\n + Upgrade npm in LTS to 2.15.11.\n\n - repl :\n\n + Enable tab completion for global properties.\n\n - url :\n\n + url.format() will now encode all '#' in search.\n\n - Add missing conflicts to base package. It's not possible to have concurrent nodejs installations.\n\n - enable usage of system certificate store on SLE11SP4 by requiring openssl1 (bsc#1000036)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2019-01-02T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : nodejs4 (SUSE-SU-2017:0855-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7055", "CVE-2017-3731", "CVE-2017-3732"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:nodejs4", "p-cpe:/a:novell:suse_linux:nodejs4-debuginfo", "p-cpe:/a:novell:suse_linux:nodejs4-debugsource", "p-cpe:/a:novell:suse_linux:nodejs4-devel", "p-cpe:/a:novell:suse_linux:npm4", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-0855-1.NASL", "href": "https://www.tenable.com/plugins/nessus/119996", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0855-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119996);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-7055\", \"CVE-2017-3731\", \"CVE-2017-3732\");\n\n script_name(english:\"SUSE SLES12 Security Update : nodejs4 (SUSE-SU-2017:0855-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for nodejs4 fixes the following issues :\n\n - New upstream LTS release 4.7.3 The embedded openssl\n sources were updated to 1.0.2k (CVE-2017-3731,\n CVE-2017-3732, CVE-2016-7055, bsc#1022085, bsc#1022086,\n bsc#1009528)\n\n - No changes in LTS version 4.7.2\n\n - New upstream LTS release 4.7.1\n\n - build: shared library support is now working for AIX\n builds\n\n - repl: passing options to the repl will no longer\n overwrite defaults\n\n - timers: recanceling a cancelled timers will no longer\n throw\n\n - New upstream LTS version 4.7.0\n\n - build: introduce the configure --shared option for\n embedders\n\n - debugger: make listen address configurable in debugger\n server\n\n - dgram: generalized send queue to handle close, fixing a\n potential throw when dgram socket is closed in the\n listening event handler\n\n - http: introduce the 451 status code 'Unavailable For Legal Reasons'\n\n - gtest: the test reporter now outputs tap comments as\n yamlish\n\n - tls: introduce secureContext for tls.connect (useful for\n caching client certificates, key, and CA certificates)\n\n - tls: fix memory leak when writing data to TLSWrap\n instance during handshake\n\n - src: node no longer aborts when c-ares initialization\n fails\n\n - ported and updated system CA store for the new node\n crypto code\n\n - New upstream LTS version 4.6.2\n\n - build :\n\n + It is now possible to build the documentation from the\n release tarball.\n\n - buffer :\n\n + Buffer.alloc() will no longer incorrectly return a zero\n filled buffer when an encoding is passed.\n\n - deps :\n\n + Upgrade npm in LTS to 2.15.11.\n\n - repl :\n\n + Enable tab completion for global properties.\n\n - url :\n\n + url.format() will now encode all '#' in search.\n\n - Add missing conflicts to base package. It's not possible\n to have concurrent nodejs installations.\n\n - enable usage of system certificate store on SLE11SP4 by\n requiring openssl1 (bsc#1000036)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000036\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1009528\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022085\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7055/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3731/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3732/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170855-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?39e422ea\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Web Scripting 12:zypper in -t patch\nSUSE-SLE-Module-Web-Scripting-12-2017-476=1\n\nSUSE Enterprise Storage 4:zypper in -t patch SUSE-Storage-4-2017-476=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-3732\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs4-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:npm4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"nodejs4-4.7.3-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"nodejs4-debuginfo-4.7.3-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"nodejs4-debugsource-4.7.3-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"nodejs4-devel-4.7.3-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"npm4-4.7.3-14.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nodejs4\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-06-16T16:20:00", "description": "This update for nodejs4 fixes the following issues :\n\n - New upstream LTS release 4.7.3 The embedded openssl sources were updated to 1.0.2k (CVE-2017-3731, CVE-2017-3732, CVE-2016-7055, bsc#1022085, bsc#1022086, bsc#1009528)\n\n - No changes in LTS version 4.7.2\n\n - New upstream LTS release 4.7.1\n\n - build: shared library support is now working for AIX builds\n\n - repl: passing options to the repl will no longer overwrite defaults\n\n - timers: recanceling a cancelled timers will no longer throw\n\n - New upstream LTS version 4.7.0\n\n - build: introduce the configure --shared option for embedders\n\n - debugger: make listen address configurable in debugger server\n\n - dgram: generalized send queue to handle close, fixing a potential throw when dgram socket is closed in the listening event handler\n\n - http: introduce the 451 status code 'Unavailable For Legal Reasons'\n\n - gtest: the test reporter now outputs tap comments as yamlish\n\n - tls: introduce secureContext for tls.connect (useful for caching client certificates, key, and CA certificates)\n\n - tls: fix memory leak when writing data to TLSWrap instance during handshake\n\n - src: node no longer aborts when c-ares initialization fails\n\n - ported and updated system CA store for the new node crypto code\n\n - New upstream LTS version 4.6.2\n\n - build :\n\n + It is now possible to build the documentation from the release tarball.\n\n - buffer :\n\n + Buffer.alloc() will no longer incorrectly return a zero filled buffer when an encoding is passed.\n\n - deps :\n\n + Upgrade npm in LTS to 2.15.11.\n\n - repl :\n\n + Enable tab completion for global properties.\n\n - url :\n\n + url.format() will now encode all '#' in search.\n\n - Add missing conflicts to base package. It's not possible to have concurrent nodejs installations.\n\n - enable usage of system certificate store on SLE11SP4 by requiring openssl1 (bsc#1000036)\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-04-06T00:00:00", "type": "nessus", "title": "openSUSE Security Update : nodejs4 (openSUSE-2017-442)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7055", "CVE-2017-3731", "CVE-2017-3732"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:nodejs4", "p-cpe:/a:novell:opensuse:nodejs4-debuginfo", "p-cpe:/a:novell:opensuse:nodejs4-debugsource", "p-cpe:/a:novell:opensuse:nodejs4-devel", "p-cpe:/a:novell:opensuse:npm4", "cpe:/o:novell:opensuse:42.2"], "id": "OPENSUSE-2017-442.NASL", "href": "https://www.tenable.com/plugins/nessus/99212", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-442.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99212);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-7055\", \"CVE-2017-3731\", \"CVE-2017-3732\");\n\n script_name(english:\"openSUSE Security Update : nodejs4 (openSUSE-2017-442)\");\n script_summary(english:\"Check for the openSUSE-2017-442 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for nodejs4 fixes the following issues :\n\n - New upstream LTS release 4.7.3 The embedded openssl\n sources were updated to 1.0.2k (CVE-2017-3731,\n CVE-2017-3732, CVE-2016-7055, bsc#1022085, bsc#1022086,\n bsc#1009528)\n\n - No changes in LTS version 4.7.2\n\n - New upstream LTS release 4.7.1\n\n - build: shared library support is now working for AIX\n builds\n\n - repl: passing options to the repl will no longer\n overwrite defaults\n\n - timers: recanceling a cancelled timers will no longer\n throw\n\n - New upstream LTS version 4.7.0\n\n - build: introduce the configure --shared option for\n embedders\n\n - debugger: make listen address configurable in debugger\n server\n\n - dgram: generalized send queue to handle close, fixing a\n potential throw when dgram socket is closed in the\n listening event handler\n\n - http: introduce the 451 status code 'Unavailable For\nLegal Reasons'\n\n - gtest: the test reporter now outputs tap comments as\n yamlish\n\n - tls: introduce secureContext for tls.connect (useful for\n caching client certificates, key, and CA certificates)\n\n - tls: fix memory leak when writing data to TLSWrap\n instance during handshake\n\n - src: node no longer aborts when c-ares initialization\n fails\n\n - ported and updated system CA store for the new node\n crypto code\n\n - New upstream LTS version 4.6.2\n\n - build :\n\n + It is now possible to build the documentation from the\n release tarball.\n\n - buffer :\n\n + Buffer.alloc() will no longer incorrectly return a zero\n filled buffer when an encoding is passed.\n\n - deps :\n\n + Upgrade npm in LTS to 2.15.11.\n\n - repl :\n\n + Enable tab completion for global properties.\n\n - url :\n\n + url.format() will now encode all '#' in search.\n\n - Add missing conflicts to base package. It's not possible\n to have concurrent nodejs installations.\n\n - enable usage of system certificate store on SLE11SP4 by\n requiring openssl1 (bsc#1000036)\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000036\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1009528\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1022085\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1022086\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected nodejs4 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs4-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:npm4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"nodejs4-4.7.3-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"nodejs4-debuginfo-4.7.3-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"nodejs4-debugsource-4.7.3-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"nodejs4-devel-4.7.3-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"npm4-4.7.3-5.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nodejs4 / nodejs4-debuginfo / nodejs4-debugsource / nodejs4-devel / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-16T16:14:59", "description": "This update for openssl fixes the following issues contained in the OpenSSL Security Advisory [26 Jan 2017] (bsc#1021641)\n\nSecurity issues fixed :\n\n - CVE-2016-7055: The x86_64 optimized montgomery multiplication may produce incorrect results (bsc#1009528)\n\n - CVE-2017-3731: Truncated packet could crash via OOB read (bsc#1022085)\n\n - CVE-2017-3732: BN_mod_exp may produce incorrect results on x86_64 (bsc#1022086)\n\n - Degrade the 3DES cipher to MEDIUM in SSLv2 (bsc#1001912)\n\nNon-security issues fixed :\n\n - fix crash in openssl speed (bsc#1000677)\n\n - fix X509_CERT_FILE path (bsc#1022271)\n\n - AES XTS key parts must not be identical in FIPS mode (bsc#1019637)\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update project.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-02-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : openssl (openSUSE-2017-256)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7055", "CVE-2017-3731", "CVE-2017-3732"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libopenssl-devel", "p-cpe:/a:novell:opensuse:libopenssl-devel-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac-32bit", "p-cpe:/a:novell:opensuse:openssl", "p-cpe:/a:novell:opensuse:openssl-debuginfo", "p-cpe:/a:novell:opensuse:openssl-debugsource", "cpe:/o:novell:opensuse:42.2"], "id": "OPENSUSE-2017-256.NASL", "href": "https://www.tenable.com/plugins/nessus/97276", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-256.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97276);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-7055\", \"CVE-2017-3731\", \"CVE-2017-3732\");\n\n script_name(english:\"openSUSE Security Update : openssl (openSUSE-2017-256)\");\n script_summary(english:\"Check for the openSUSE-2017-256 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openssl fixes the following issues contained in the\nOpenSSL Security Advisory [26 Jan 2017] (bsc#1021641)\n\nSecurity issues fixed :\n\n - CVE-2016-7055: The x86_64 optimized montgomery\n multiplication may produce incorrect results\n (bsc#1009528)\n\n - CVE-2017-3731: Truncated packet could crash via OOB read\n (bsc#1022085)\n\n - CVE-2017-3732: BN_mod_exp may produce incorrect results\n on x86_64 (bsc#1022086)\n\n - Degrade the 3DES cipher to MEDIUM in SSLv2 (bsc#1001912)\n\nNon-security issues fixed :\n\n - fix crash in openssl speed (bsc#1000677)\n\n - fix X509_CERT_FILE path (bsc#1022271)\n\n - AES XTS key parts must not be identical in FIPS mode\n (bsc#1019637)\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000677\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1001912\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1009528\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1019637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1021641\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1022085\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1022086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1022271\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libopenssl-devel-1.0.2j-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libopenssl1_0_0-1.0.2j-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libopenssl1_0_0-debuginfo-1.0.2j-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libopenssl1_0_0-hmac-1.0.2j-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"openssl-1.0.2j-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"openssl-debuginfo-1.0.2j-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"openssl-debugsource-1.0.2j-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libopenssl-devel-32bit-1.0.2j-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.2j-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.2j-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.2j-4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenssl-devel / libopenssl-devel-32bit / libopenssl1_0_0 / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-16T16:14:57", "description": "This update for openssl fixes the following issues contained in the OpenSSL Security Advisory [26 Jan 2017] (bsc#1021641) Security issues fixed :\n\n - CVE-2016-7055: The x86_64 optimized montgomery multiplication may produce incorrect results (bsc#1009528)\n\n - CVE-2017-3731: Truncated packet could crash via OOB read (bsc#1022085)\n\n - CVE-2017-3732: BN_mod_exp may produce incorrect results on x86_64 (bsc#1022086)\n\n - Degrade the 3DES cipher to MEDIUM in SSLv2 (bsc#1001912) Non-security issues fixed :\n\n - fix crash in openssl speed (bsc#1000677)\n\n - fix X509_CERT_FILE path (bsc#1022271)\n\n - AES XTS key parts must not be identical in FIPS mode (bsc#1019637)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-02-13T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2017:0441-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7055", "CVE-2017-3731", "CVE-2017-3732"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libopenssl-devel", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac", "p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:openssl-debuginfo", "p-cpe:/a:novell:suse_linux:openssl-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-0441-1.NASL", "href": "https://www.tenable.com/plugins/nessus/97129", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0441-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97129);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-7055\", \"CVE-2017-3731\", \"CVE-2017-3732\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2017:0441-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openssl fixes the following issues contained in the\nOpenSSL Security Advisory [26 Jan 2017] (bsc#1021641) Security issues\nfixed :\n\n - CVE-2016-7055: The x86_64 optimized montgomery\n multiplication may produce incorrect results\n (bsc#1009528)\n\n - CVE-2017-3731: Truncated packet could crash via OOB read\n (bsc#1022085)\n\n - CVE-2017-3732: BN_mod_exp may produce incorrect results\n on x86_64 (bsc#1022086)\n\n - Degrade the 3DES cipher to MEDIUM in SSLv2 (bsc#1001912)\n Non-security issues fixed :\n\n - fix crash in openssl speed (bsc#1000677)\n\n - fix X509_CERT_FILE path (bsc#1022271)\n\n - AES XTS key parts must not be identical in FIPS mode\n (bsc#1019637)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000677\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1001912\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1009528\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021641\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022085\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022271\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7055/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3731/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3732/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170441-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7a90e680\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-228=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-228=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-228=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-228=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenssl-devel-1.0.2j-59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-1.0.2j-59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-1.0.2j-59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-hmac-1.0.2j-59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"openssl-1.0.2j-59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"openssl-debuginfo-1.0.2j-59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"openssl-debugsource-1.0.2j-59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.2j-59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.2j-59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.2j-59.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenssl-devel-1.0.2j-59.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-1.0.2j-59.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.2j-59.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-1.0.2j-59.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.2j-59.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"openssl-1.0.2j-59.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"openssl-debuginfo-1.0.2j-59.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"openssl-debugsource-1.0.2j-59.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-16T16:15:26", "description": "New openssl packages are available for Slackware 14.2 and -current to fix security issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-02-13T00:00:00", "type": "nessus", "title": "Slackware 14.2 / current : openssl (SSA:2017-041-02)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7055", "CVE-2017-3731", "CVE-2017-3732"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:openssl", "p-cpe:/a:slackware:slackware_linux:openssl-solibs", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2017-041-02.NASL", "href": "https://www.tenable.com/plugins/nessus/97102", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2017-041-02. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97102);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-7055\", \"CVE-2017-3731\", \"CVE-2017-3732\");\n script_xref(name:\"SSA\", value:\"2017-041-02\");\n\n script_name(english:\"Slackware 14.2 / current : openssl (SSA:2017-041-02)\");\n script_summary(english:\"Checks for updated packages in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New openssl packages are available for Slackware 14.2 and -current to\nfix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.441162\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c538099a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl and / or openssl-solibs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:openssl-solibs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.2\", pkgname:\"openssl\", pkgver:\"1.0.2k\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"openssl-solibs\", pkgver:\"1.0.2k\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"1.0.2k\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"1.0.2k\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"openssl\", pkgver:\"1.0.2k\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", pkgname:\"openssl-solibs\", pkgver:\"1.0.2k\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"1.0.2k\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"1.0.2k\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-16T16:28:41", "description": "According to its self-reported version number, the remote Juniper Junos device is affected by multiple vulnerabilities :\n\n - A carry propagation error exists in the OpenSSL component in the Broadwell-specific Montgomery multiplication procedure when handling input lengths divisible by but longer than 256 bits. This can result in transient authentication and key negotiation failures or reproducible erroneous outcomes of public-key operations with specially crafted input. A man-in-the-middle attacker can possibly exploit this issue to compromise ECDH key negotiations that utilize Brainpool P-512 curves. (CVE-2016-7055)\n\n - An out-of-bounds read error exists in the OpenSSL component when handling packets using the CHACHA20/POLY1305 or RC4-MD5 ciphers. An unauthenticated, remote attacker can exploit this, via specially crafted truncated packets, to cause a denial of service condition. (CVE-2017-3731)\n\n - A carry propagating error exists in the OpenSSL component in the x86_64 Montgomery squaring implementation that may cause the BN_mod_exp() function to produce incorrect results. An unauthenticated, remote attacker with sufficient resources can exploit this to obtain sensitive information regarding private keys.\n (CVE-2017-3732)\n\nNote that these vulnerabilities only affect devices with J-Web or the SSL service for JUNOScript enabled.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-08-23T00:00:00", "type": "nessus", "title": "Juniper Junos Multiple OpenSSL Vulnerabilities (JSA10775)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7055", "CVE-2017-3731", "CVE-2017-3732"], "modified": "2018-07-12T00:00:00", "cpe": ["cpe:/o:juniper:junos"], "id": "JUNIPER_JSA10775.NASL", "href": "https://www.tenable.com/plugins/nessus/102699", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102699);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/07/12 19:01:16\");\n\n script_cve_id(\"CVE-2016-7055\", \"CVE-2017-3731\", \"CVE-2017-3732\");\n script_bugtraq_id(94242, 95813, 95814);\n script_xref(name:\"JSA\", value:\"JSA10775\");\n\n script_name(english:\"Juniper Junos Multiple OpenSSL Vulnerabilities (JSA10775)\");\n script_summary(english:\"Checks the Junos version and configuration.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the remote Juniper\nJunos device is affected by multiple vulnerabilities :\n\n - A carry propagation error exists in the OpenSSL\n component in the Broadwell-specific Montgomery\n multiplication procedure when handling input lengths\n divisible by but longer than 256 bits. This can result\n in transient authentication and key negotiation failures\n or reproducible erroneous outcomes of public-key\n operations with specially crafted input. A\n man-in-the-middle attacker can possibly exploit this\n issue to compromise ECDH key negotiations that utilize\n Brainpool P-512 curves. (CVE-2016-7055)\n\n - An out-of-bounds read error exists in the OpenSSL\n component when handling packets using the\n CHACHA20/POLY1305 or RC4-MD5 ciphers. An\n unauthenticated, remote attacker can exploit this, via\n specially crafted truncated packets, to cause a denial\n of service condition. (CVE-2017-3731)\n\n - A carry propagating error exists in the OpenSSL\n component in the x86_64 Montgomery squaring\n implementation that may cause the BN_mod_exp() function\n to produce incorrect results. An unauthenticated, remote\n attacker with sufficient resources can exploit this to\n obtain sensitive information regarding private keys.\n (CVE-2017-3732)\n\nNote that these vulnerabilities only affect devices with J-Web or the\nSSL service for JUNOScript enabled.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20170126.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to the relevant Junos software release referenced in Juniper\nsecurity advisory JSA10775. Alternatively, disable the J-Web service\nand use Netconf for JUNOScript rather than SSL.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:juniper:junos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Junos Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"junos_version.nasl\");\n script_require_keys(\"Host/Juniper/JUNOS/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"junos_kb_cmd_func.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');\n\nfixes = make_array();\nif (ver =~ \"^14\\.1R8\") fixes['14.1R'] = '14.1R8-S3';\nelse fixes['14.1R'] = '14.1R9';\nfixes['14.1X53'] = '14.1X53-D43'; # or 14.1X53-D50\nif (ver =~ \"^14\\.2R4\") fixes['14.2R'] = '14.2R4-S7';\nelse if (ver =~ \"^14\\.2R7\") fixes['14.2R'] = '14.2R7-S6';\nelse fixes['14.2R'] = '14.2R8';\nif ( ver =~ \"^15\\.1F5\") fixes['15.1F'] = '15.1F5-S7';\nelse if ( ver =~ \"^15\\.1F6\") fixes['15.1F'] = '15.1F6-S6';\nif (ver =~ \"^15\\.1R5\") fixes['15.1R'] = '15.1R5-S2';\nelse fixes['15.1R'] = '15.1R6';\nfixes['15.1X49'] = '15.1X49-D100';\nfixes['15.1X53'] = '15.1X53-D46'; # or D57, D63, D70, 230\nfixes['15.1X56'] = '15.1X56-D62';\nif (ver =~ \"^16\\.1R3\") fixes['16.1R'] = '16.1R3-S3';\nelse if (ver =~ \"^16\\.1R4\") fixes['16.1R'] = '16.1R4-S1';\nelse fixes['16.1R'] = '16.1R5';\nif (ver =~ \"^16\\.2R1\") fixes['16.2R'] = '16.2R1-S3';\nelse fixes['16.2'] = '16.2R2';\nfixes['17.1'] = '17.1R2';\n\nfix = check_junos(ver:ver, fixes:fixes, exit_on_fail:TRUE);\n\noverride = TRUE;\n\njunos_report(ver:ver, fix:fix, override:override, severity:SECURITY_HOLE);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-06-16T16:31:33", "description": "The version of the remote VMware ESXi 6.0 host is prior to build 5224529. It is, therefore, affected by multiple vulnerabilities in VMWare Tools and the bundled OpenSSL and Python packages, as well as a NULL pointer dereference vulnerability related to handling RPC requests that could allow an attacker to crash a virtual machine.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2017-09-20T00:00:00", "type": "nessus", "title": "ESXi 6.0 < Build 5485776 Multiple Vulnerabilities (VMSA-2017-0015) (remote check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1000110", "CVE-2016-2183", "CVE-2016-7055", "CVE-2017-3730", "CVE-2017-3731", "CVE-2017-3732", "CVE-2017-4925"], "modified": "2019-11-12T00:00:00", "cpe": ["cpe:/o:vmware:esxi:6.0"], "id": "VMWARE_ESXI_6_0_BUILD_5485776_REMOTE.NASL", "href": "https://www.tenable.com/plugins/nessus/102698", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102698);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\n \"CVE-2016-2183\",\n \"CVE-2016-7055\",\n \"CVE-2016-1000110\",\n \"CVE-2017-3730\",\n \"CVE-2017-3731\",\n \"CVE-2017-3732\",\n \"CVE-2017-4925\"\n );\n script_bugtraq_id(\n 94242,\n 95812,\n 95813,\n 95814,\n 100842\n );\n script_xref(name:\"VMSA\", value:\"2017-0015\");\n\n script_name(english:\"ESXi 6.0 < Build 5485776 Multiple Vulnerabilities (VMSA-2017-0015) (remote check)\");\n script_summary(english:\"Checks the ESXi version and build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote VMware ESXi 6.0 host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of the remote VMware ESXi 6.0 host is prior to build\n5224529. It is, therefore, affected by multiple vulnerabilities in\nVMWare Tools and the bundled OpenSSL and Python packages, as well\nas a NULL pointer dereference vulnerability related to handling RPC\nrequests that could allow an attacker to crash a virtual machine.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2017-0015.html\");\n # https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2149960\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e03fa029\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply patch ESXi600-201706101-SG according to the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-2183\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:6.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"vmware_vsphere_detect.nbin\");\n script_require_keys(\"Host/VMware/version\", \"Host/VMware/release\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit(\"Host/VMware/version\");\nrel = get_kb_item_or_exit(\"Host/VMware/release\");\n\nif (\"ESXi\" >!< rel) audit(AUDIT_OS_NOT, \"ESXi\");\nif (\"VMware ESXi 6.0\" >!< rel) audit(AUDIT_OS_NOT, \"ESXi 6.0\");\n\nmatch = pregmatch(pattern:'^VMware ESXi.*build-([0-9]+)$', string:rel);\nif (isnull(match)) audit(AUDIT_UNKNOWN_BUILD, \"VMware ESXi\", \"6.0\");\n\nbuild = int(match[1]);\nfixed_build = 5485776;\n\nif (build < fixed_build)\n{\n report = '\\n ESXi version : ' + ver +\n '\\n Installed build : ' + build +\n '\\n Fixed build : ' + fixed_build +\n '\\n';\n security_report_v4(port:0, extra:report, severity:SECURITY_WARNING);\n exit(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"VMware ESXi\", ver - \"ESXi \" + \" build \" + build);\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-06-16T16:25:28", "description": "The Tenable SecurityCenter application installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities in the bundled version of OpenSSL :\n\n - A carry propagation error exists in the Broadwell-specific Montgomery multiplication procedure when handling input lengths divisible by but longer than 256 bits. This can result in transient authentication and key negotiation failures or reproducible erroneous outcomes of public-key operations with specially crafted input. A man-in-the-middle attacker can possibly exploit this issue to compromise ECDH key negotiations that utilize Brainpool P-512 curves. (CVE-2016-7055)\n\n - An out-of-bounds read error exists when handling packets using the CHACHA20/POLY1305 or RC4-MD5 ciphers. An unauthenticated, remote attacker can exploit this, via specially crafted truncated packets, to cause a denial of service condition. (CVE-2017-3731)\n\n - A carry propagating error exists in the x86_64 Montgomery squaring implementation that may cause the BN_mod_exp() function to produce incorrect results. An unauthenticated, remote attacker with sufficient resources can exploit this to obtain sensitive information regarding private keys. Note that this issue is very similar to CVE-2015-3193. Moreover, the attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example, this can occur by default in OpenSSL DHE based SSL/TLS cipher suites. (CVE-2017-3732)", "cvss3": {"score": 5.9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2017-06-26T00:00:00", "type": "nessus", "title": "Tenable SecurityCenter OpenSSL 1.0.2 < 1.0.2k Multiple Vulnerabilities (TNS-2017-04)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3193", "CVE-2016-7055", "CVE-2017-3731", "CVE-2017-3732"], "modified": "2020-10-09T00:00:00", "cpe": ["cpe:/a:tenable:securitycenter"], "id": "SECURITYCENTER_OPENSSL_1_0_2K.NASL", "href": "https://www.tenable.com/plugins/nessus/101046", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101046);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/09\");\n\n script_cve_id(\"CVE-2016-7055\", \"CVE-2017-3731\", \"CVE-2017-3732\");\n script_bugtraq_id(94242, 95813, 95814);\n\n script_name(english:\"Tenable SecurityCenter OpenSSL 1.0.2 < 1.0.2k Multiple Vulnerabilities (TNS-2017-04)\");\n script_summary(english:\"Checks the version of OpenSSL in SecurityCenter.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Tenable SecurityCenter application on the remote host contains an\nOpenSSL library that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Tenable SecurityCenter application installed on the remote host\nis missing a security patch. It is, therefore, affected by multiple\nvulnerabilities in the bundled version of OpenSSL :\n\n - A carry propagation error exists in the\n Broadwell-specific Montgomery multiplication procedure\n when handling input lengths divisible by but longer than\n 256 bits. This can result in transient authentication\n and key negotiation failures or reproducible erroneous\n outcomes of public-key operations with specially crafted\n input. A man-in-the-middle attacker can possibly exploit\n this issue to compromise ECDH key negotiations that\n utilize Brainpool P-512 curves. (CVE-2016-7055)\n\n - An out-of-bounds read error exists when handling packets\n using the CHACHA20/POLY1305 or RC4-MD5 ciphers. An\n unauthenticated, remote attacker can exploit this, via\n specially crafted truncated packets, to cause a denial\n of service condition. (CVE-2017-3731)\n\n - A carry propagating error exists in the x86_64\n Montgomery squaring implementation that may cause the\n BN_mod_exp() function to produce incorrect results. An\n unauthenticated, remote attacker with sufficient\n resources can exploit this to obtain sensitive\n information regarding private keys. Note that this issue\n is very similar to CVE-2015-3193. Moreover, the attacker\n would additionally need online access to an unpatched\n system using the target private key in a scenario with\n persistent DH parameters and a private key that is\n shared between multiple clients. For example, this can\n occur by default in OpenSSL DHE based SSL/TLS cipher\n suites. (CVE-2017-3732)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.tenable.com/security/tns-2017-04\");\n script_set_attribute(attribute:\"see_also\", value:\"https://static.tenable.com/prod_docs/upgrade_security_center.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20170126.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Tenable SecurityCenter version 5.4.3 or later.\nAlternatively, contact the vendor for a patch.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-3732\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:tenable:securitycenter\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"securitycenter_installed.nbin\", \"securitycenter_detect.nbin\");\n script_require_ports(\"Host/SecurityCenter/Version\", \"installed_sw/SecurityCenter\", \"Host/SecurityCenter/support/openssl/version\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\ninclude(\"install_func.inc\");\n\napp = \"OpenSSL (within SecurityCenter)\";\nfix = \"1.0.2k\";\n\nsc_ver = get_kb_item(\"Host/SecurityCenter/Version\");\nport = 0;\nif(empty_or_null(sc_ver))\n{\n port = 443;\n install = get_single_install(app_name:\"SecurityCenter\", combined:TRUE, exit_if_unknown_ver:TRUE);\n sc_ver = install[\"version\"];\n}\nif (empty_or_null(sc_ver)) audit(AUDIT_NOT_INST, \"SecurityCenter\");\n\nversion = get_kb_item(\"Host/SecurityCenter/support/openssl/version\");\nif (empty_or_null(version)) audit(AUDIT_UNKNOWN_APP_VER, app);\n\nif (\n openssl_ver_cmp(ver:version, fix:\"1.0.2\", same_branch:TRUE, is_min_check:FALSE) >= 0 &&\n openssl_ver_cmp(ver:version, fix:fix, same_branch:TRUE, is_min_check:FALSE) < 0\n)\n{\n report =\n '\\n SecurityCenter version : ' + sc_ver +\n '\\n SecurityCenter OpenSSL version : ' + version +\n '\\n Fixed OpenSSL version : ' + fix +\n '\\n';\n security_report_v4(port:port, severity:SECURITY_WARNING, extra:report);\n exit(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, app, version);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-06-16T16:10:54", "description": "According to its banner, the version of OpenSSL running on the remote host is 1.0.2 prior to 1.0.2k. It is, therefore, affected by multiple vulnerabilities :\n\n - A carry propagation error exists in the Broadwell-specific Montgomery multiplication procedure when handling input lengths divisible by but longer than 256 bits. This can result in transient authentication and key negotiation failures or reproducible erroneous outcomes of public-key operations with specially crafted input. A man-in-the-middle attacker can possibly exploit this issue to compromise ECDH key negotiations that utilize Brainpool P-512 curves. (CVE-2016-7055)\n\n - An out-of-bounds read error exists when handling packets using the CHACHA20/POLY1305 or RC4-MD5 ciphers. An unauthenticated, remote attacker can exploit this, via specially crafted truncated packets, to cause a denial of service condition. (CVE-2017-3731)\n\n - A carry propagating error exists in the x86_64 Montgomery squaring implementation that may cause the BN_mod_exp() function to produce incorrect results. An unauthenticated, remote attacker with sufficient resources can exploit this to obtain sensitive information regarding private keys. Note that this issue is very similar to CVE-2015-3193. Moreover, the attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example, this can occur by default in OpenSSL DHE based SSL/TLS cipher suites. (CVE-2017-3732)", "cvss3": {"score": 5.9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2017-01-30T00:00:00", "type": "nessus", "title": "OpenSSL 1.0.2 < 1.0.2k Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3193", "CVE-2016-7055", "CVE-2017-3731", "CVE-2017-3732"], "modified": "2019-11-13T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_1_0_2K.NASL", "href": "https://www.tenable.com/plugins/nessus/96873", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96873);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/13\");\n\n script_cve_id(\"CVE-2016-7055\", \"CVE-2017-3731\", \"CVE-2017-3732\");\n script_bugtraq_id(94242, 95813, 95814);\n\n script_name(english:\"OpenSSL 1.0.2 < 1.0.2k Multiple Vulnerabilities\");\n script_summary(english:\"Performs a banner check.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A service running on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of OpenSSL running on the remote\nhost is 1.0.2 prior to 1.0.2k. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A carry propagation error exists in the\n Broadwell-specific Montgomery multiplication procedure\n when handling input lengths divisible by but longer than\n 256 bits. This can result in transient authentication\n and key negotiation failures or reproducible erroneous\n outcomes of public-key operations with specially crafted\n input. A man-in-the-middle attacker can possibly exploit\n this issue to compromise ECDH key negotiations that\n utilize Brainpool P-512 curves. (CVE-2016-7055)\n\n - An out-of-bounds read error exists when handling packets\n using the CHACHA20/POLY1305 or RC4-MD5 ciphers. An\n unauthenticated, remote attacker can exploit this, via\n specially crafted truncated packets, to cause a denial\n of service condition. (CVE-2017-3731)\n\n - A carry propagating error exists in the x86_64\n Montgomery squaring implementation that may cause the\n BN_mod_exp() function to produce incorrect results. An\n unauthenticated, remote attacker with sufficient\n resources can exploit this to obtain sensitive\n information regarding private keys. Note that this issue\n is very similar to CVE-2015-3193. Moreover, the attacker\n would additionally need online access to an unpatched\n system using the target private key in a scenario with\n persistent DH parameters and a private key that is\n shared between multiple clients. For example, this can\n occur by default in OpenSSL DHE based SSL/TLS cipher\n suites. (CVE-2017-3732)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20170126.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to OpenSSL version 1.0.2k or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-3732\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:'1.0.2k', min:\"1.0.2\", severity:SECURITY_WARNING);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:33:20", "description": "The version of OpenSSL installed on the remote AIX host is affected by a denial of service vulnerability in OpenSSL caused by an out-of-bounds read when using a specific cipher. By sending specially crafted truncated packets, a remote attacker could exploit this vulnerability using CHACHA20/POLY1305 to cause an application crash.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-03-08T00:00:00", "type": "nessus", "title": "AIX OpenSSL Advisory : openssl_advisory23.asc", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3731"], "modified": "2021-01-04T00:00:00", "cpe": ["cpe:/o:ibm:aix", "cpe:/a:openssl:openssl"], "id": "AIX_OPENSSL_ADVISORY23.NASL", "href": "https://www.tenable.com/plugins/nessus/107230", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(107230);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-3731\");\n script_bugtraq_id(95813);\n\n script_name(english:\"AIX OpenSSL Advisory : openssl_advisory23.asc\");\n script_summary(english:\"Checks the version of the OpenSSL packages and iFixes.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AIX host has a version of OpenSSL installed that is\naffected by a denial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of OpenSSL installed on the remote AIX host is affected by\na denial of service vulnerability in OpenSSL caused by an\nout-of-bounds read when using a specific cipher. By sending specially\ncrafted truncated packets, a remote attacker could exploit this\nvulnerability using CHACHA20/POLY1305 to cause an application crash.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://aix.software.ibm.com/aix/efixes/security/openssl_advisory23.asc\");\n script_set_attribute(attribute:\"solution\", value:\n\"A fix is available and can be downloaded from the IBM AIX website.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/02/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"AIX Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\ninclude(\"aix.inc\");include(\"aix.inc\");\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\noslevel = get_kb_item(\"Host/AIX/version\");\nif (isnull(oslevel)) audit(AUDIT_OS_NOT, \"AIX\");\n\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This AIX package check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\noslevel = oslevel - \"AIX-\";\n\nif ( oslevel != \"5.3\" && oslevel != \"6.1\" && oslevel != \"7.1\" && oslevel != \"7.2\")\n{\n audit(AUDIT_OS_NOT, \"AIX 5.3 / 6.1 / 7.1 / 7.2\", \"AIX \" + oslevel);\n}\n\nflag = 0;\npackage = \"openssl.base\";\n\n# 1.0.2.1000\nif (aix_check_ifix(release:\"5.3\", patch:\"(102j_ifix)\", package:package, minfilesetver:\"1.0.2.500\", maxfilesetver:\"1.0.2.1000\") < 0) flag++;\nif (aix_check_ifix(release:\"6.1\", patch:\"(102j_ifix)\", package:package, minfilesetver:\"1.0.2.500\", maxfilesetver:\"1.0.2.1000\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", patch:\"(102j_ifix)\", package:package, minfilesetver:\"1.0.2.500\", maxfilesetver:\"1.0.2.1000\") < 0) flag++;\nif (aix_check_ifix(release:\"7.2\", patch:\"(102j_ifix)\", package:package, minfilesetver:\"1.0.2.500\", maxfilesetver:\"1.0.2.1000\") < 0) flag++;\n\n# 20.13.102.1000\nif (aix_check_ifix(release:\"5.3\", patch:\"(fips_102j)\", package:package, minfilesetver:\"20.13.102.1000\", maxfilesetver:\"20.13.102.1000\") < 0) flag++;\nif (aix_check_ifix(release:\"6.1\", patch:\"(fips_102j)\", package:package, minfilesetver:\"20.13.102.1000\", maxfilesetver:\"20.13.102.1000\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", patch:\"(fips_102j)\", package:package, minfilesetver:\"20.13.102.1000\", maxfilesetver:\"20.13.102.1000\") < 0) flag++;\nif (aix_check_ifix(release:\"7.2\", patch:\"(fips_102j)\", package:package, minfilesetver:\"20.13.102.1000\", maxfilesetver:\"20.13.102.1000\") < 0) flag++;\n\nif (flag)\n{\n aix_report_extra = ereg_replace(string:aix_report_get(), pattern:\"[()]\", replace:\"\");\n aix_report_extra = ereg_replace(string:aix_report_extra, pattern:\"[|]\", replace:\" or \");\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : aix_report_extra\n );\n}\nelse\n{\n tested = aix_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, package);\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:37:53", "description": "If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k. (CVE-2017-3731)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-02-24T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : OpenSSL vulnerability (K37526132)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3731"], "modified": "2019-01-04T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/h:f5:big-ip"], "id": "F5_BIGIP_SOL37526132.NASL", "href": "https://www.tenable.com/plugins/nessus/97361", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K37526132.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97361);\n script_version(\"3.9\");\n script_cvs_date(\"Date: 2019/01/04 10:03:41\");\n\n script_cve_id(\"CVE-2017-3731\");\n\n script_name(english:\"F5 Networks BIG-IP : OpenSSL vulnerability (K37526132)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"If an SSL/TLS server or client is running on a 32-bit host, and a\nspecific cipher is being used, then a truncated packet can cause that\nserver or client to perform an out-of-bounds read, usually resulting\nin a crash. For OpenSSL 1.1.0, the crash can be triggered when using\nCHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2,\nthe crash can be triggered when using RC4-MD5; users who have not\ndisabled that algorithm should update to 1.0.2k. (CVE-2017-3731)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K37526132\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K37526132.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K37526132\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"13.0.0\",\"12.1.2\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"12.0.0-12.1.1\",\"11.4.0-11.6.1\",\"11.2.1\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running the affected module APM\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-16T16:10:46", "description": "Guido Vranken discovered that OpenSSL used undefined behaviour when performing pointer arithmetic. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS as other releases were fixed in a previous security update.\n(CVE-2016-2177)\n\nIt was discovered that OpenSSL did not properly handle Montgomery multiplication, resulting in incorrect results leading to transient failures. This issue only applied to Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-7055)\n\nIt was discovered that OpenSSL did not properly use constant-time operations when performing ECDSA P-256 signing. A remote attacker could possibly use this issue to perform a timing attack and recover private ECDSA keys. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-7056)\n\nShi Lei discovered that OpenSSL incorrectly handled certain warning alerts. A remote attacker could possibly use this issue to cause OpenSSL to stop responding, resulting in a denial of service.\n(CVE-2016-8610)\n\nRobert Swiecki discovered that OpenSSL incorrectly handled certain truncated packets. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service.\n(CVE-2017-3731)\n\nIt was discovered that OpenSSL incorrectly performed the x86_64 Montgomery squaring procedure. While unlikely, a remote attacker could possibly use this issue to recover private keys. This issue only applied to Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2017-3732).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-02-01T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : openssl vulnerabilities (USN-3181-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2177", "CVE-2016-7055", "CVE-2016-7056", "CVE-2016-8610", "CVE-2017-3731", "CVE-2017-3732"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:16.10"], "id": "UBUNTU_USN-3181-1.NASL", "href": "https://www.tenable.com/plugins/nessus/96927", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3181-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96927);\n script_version(\"3.14\");\n script_cvs_date(\"Date: 2019/09/18 12:31:46\");\n\n script_cve_id(\"CVE-2016-2177\", \"CVE-2016-7055\", \"CVE-2016-7056\", \"CVE-2016-8610\", \"CVE-2017-3731\", \"CVE-2017-3732\");\n script_xref(name:\"USN\", value:\"3181-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : openssl vulnerabilities (USN-3181-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Guido Vranken discovered that OpenSSL used undefined behaviour when\nperforming pointer arithmetic. A remote attacker could possibly use\nthis issue to cause OpenSSL to crash, resulting in a denial of\nservice. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04\nLTS as other releases were fixed in a previous security update.\n(CVE-2016-2177)\n\nIt was discovered that OpenSSL did not properly handle Montgomery\nmultiplication, resulting in incorrect results leading to transient\nfailures. This issue only applied to Ubuntu 16.04 LTS, and Ubuntu\n16.10. (CVE-2016-7055)\n\nIt was discovered that OpenSSL did not properly use constant-time\noperations when performing ECDSA P-256 signing. A remote attacker\ncould possibly use this issue to perform a timing attack and recover\nprivate ECDSA keys. This issue only applied to Ubuntu 12.04 LTS and\nUbuntu 14.04 LTS. (CVE-2016-7056)\n\nShi Lei discovered that OpenSSL incorrectly handled certain warning\nalerts. A remote attacker could possibly use this issue to cause\nOpenSSL to stop responding, resulting in a denial of service.\n(CVE-2016-8610)\n\nRobert Swiecki discovered that OpenSSL incorrectly handled certain\ntruncated packets. A remote attacker could possibly use this issue to\ncause OpenSSL to crash, resulting in a denial of service.\n(CVE-2017-3731)\n\nIt was discovered that OpenSSL incorrectly performed the x86_64\nMontgomery squaring procedure. While unlikely, a remote attacker could\npossibly use this issue to recover private keys. This issue only\napplied to Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2017-3732).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3181-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libssl1.0.0 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|16\\.04|16\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 16.04 / 16.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.1-4ubuntu5.39\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.1f-1ubuntu2.22\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.2g-1ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.2g-1ubuntu9.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libssl1.0.0\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:37:50", "description": "An update for openssl is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es) :\n\n* An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite. (CVE-2017-3731)\n\n* A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections form other clients. (CVE-2016-8610)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-02-22T00:00:00", "type": "nessus", "title": "CentOS 6 / 7 : openssl (CESA-2017:0286)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8610", "CVE-2017-3731"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:openssl", "p-cpe:/a:centos:centos:openssl-devel", "p-cpe:/a:centos:centos:openssl-libs", "p-cpe:/a:centos:centos:openssl-perl", "p-cpe:/a:centos:centos:openssl-static", "cpe:/o:centos:centos:6", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2017-0286.NASL", "href": "https://www.tenable.com/plugins/nessus/97305", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0286 and \n# CentOS Errata and Security Advisory 2017:0286 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97305);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-8610\", \"CVE-2017-3731\");\n script_xref(name:\"RHSA\", value:\"2017:0286\");\n\n script_name(english:\"CentOS 6 / 7 : openssl (CESA-2017:0286)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for openssl is now available for Red Hat Enterprise Linux 6\nand Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL)\nand Transport Layer Security (TLS) protocols, as well as a\nfull-strength general-purpose cryptography library.\n\nSecurity Fix(es) :\n\n* An integer underflow leading to an out of bounds read flaw was found\nin OpenSSL. A remote attacker could possibly use this flaw to crash a\n32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5\ncipher suite. (CVE-2017-3731)\n\n* A denial of service flaw was found in the way the TLS/SSL protocol\ndefined processing of ALERT packets during a connection handshake. A\nremote attacker could use this flaw to make a TLS/SSL server consume\nan excessive amount of CPU and fail to accept connections form other\nclients. (CVE-2016-8610)\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2017-February/022274.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?50332929\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2017-February/022275.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8530c747\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-8610\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x / 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"openssl-1.0.1e-48.el6_8.4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"openssl-devel-1.0.1e-48.el6_8.4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"openssl-perl-1.0.1e-48.el6_8.4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"openssl-static-1.0.1e-48.el6_8.4\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssl-1.0.1e-60.el7_3.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssl-devel-1.0.1e-60.el7_3.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssl-libs-1.0.1e-60.el7_3.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-60.el7_3.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssl-static-1.0.1e-60.el7_3.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-libs / openssl-perl / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:37:53", "description": "Security Fix(es) :\n\n - An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite. (CVE-2017-3731)\n\n - A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections form other clients. (CVE-2016-8610)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-02-21T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : openssl on SL6.x, SL7.x i386/x86_64 (20170220)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8610", "CVE-2017-3731"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:openssl", "p-cpe:/a:fermilab:scientific_linux:openssl-debuginfo", "p-cpe:/a:fermilab:scientific_linux:openssl-devel", "p-cpe:/a:fermilab:scientific_linux:openssl-libs", "p-cpe:/a:fermilab:scientific_linux:openssl-perl", "p-cpe:/a:fermilab:scientific_linux:openssl-static", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20170220_OPENSSL_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/97295", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97295);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-8610\", \"CVE-2017-3731\");\n\n script_name(english:\"Scientific Linux Security Update : openssl on SL6.x, SL7.x i386/x86_64 (20170220)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - An integer underflow leading to an out of bounds read\n flaw was found in OpenSSL. A remote attacker could\n possibly use this flaw to crash a 32-bit TLS/SSL server\n or client using OpenSSL if it used the RC4-MD5 cipher\n suite. (CVE-2017-3731)\n\n - A denial of service flaw was found in the way the\n TLS/SSL protocol defined processing of ALERT packets\n during a connection handshake. A remote attacker could\n use this flaw to make a TLS/SSL server consume an\n excessive amount of CPU and fail to accept connections\n form other clients. (CVE-2016-8610)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1702&L=scientific-linux-errata&F=&S=&P=3925\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a67bf6c3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"openssl-1.0.1e-48.el6_8.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-debuginfo-1.0.1e-48.el6_8.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-devel-1.0.1e-48.el6_8.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-perl-1.0.1e-48.el6_8.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-static-1.0.1e-48.el6_8.4\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openssl-1.0.1e-60.el7_3.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openssl-debuginfo-1.0.1e-60.el7_3.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openssl-devel-1.0.1e-60.el7_3.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openssl-libs-1.0.1e-60.el7_3.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-60.el7_3.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openssl-static-1.0.1e-60.el7_3.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-libs / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:37:47", "description": "An update for openssl is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es) :\n\n* An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite. (CVE-2017-3731)\n\n* A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections form other clients. (CVE-2016-8610)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-02-21T00:00:00", "type": "nessus", "title": "RHEL 6 / 7 : openssl (RHSA-2017:0286)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8610", "CVE-2017-3731"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:openssl", "p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo", "p-cpe:/a:redhat:enterprise_linux:openssl-devel", "p-cpe:/a:redhat:enterprise_linux:openssl-libs", "p-cpe:/a:redhat:enterprise_linux:openssl-perl", "p-cpe:/a:redhat:enterprise_linux:openssl-static", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2017-0286.NASL", "href": "https://www.tenable.com/plugins/nessus/97294", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0286. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97294);\n script_version(\"3.16\");\n script_cvs_date(\"Date: 2019/10/24 15:35:42\");\n\n script_cve_id(\"CVE-2016-8610\", \"CVE-2017-3731\");\n script_xref(name:\"RHSA\", value:\"2017:0286\");\n\n script_name(english:\"RHEL 6 / 7 : openssl (RHSA-2017:0286)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for openssl is now available for Red Hat Enterprise Linux 6\nand Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL)\nand Transport Layer Security (TLS) protocols, as well as a\nfull-strength general-purpose cryptography library.\n\nSecurity Fix(es) :\n\n* An integer underflow leading to an out of bounds read flaw was found\nin OpenSSL. A remote attacker could possibly use this flaw to crash a\n32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5\ncipher suite. (CVE-2017-3731)\n\n* A denial of service flaw was found in the way the TLS/SSL protocol\ndefined processing of ALERT packets during a connection handshake. A\nremote attacker could use this flaw to make a TLS/SSL server consume\nan excessive amount of CPU and fail to accept connections form other\nclients. (CVE-2016-8610)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20170126.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:0286\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-8610\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3731\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:0286\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"openssl-1.0.1e-48.el6_8.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"openssl-debuginfo-1.0.1e-48.el6_8.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"openssl-devel-1.0.1e-48.el6_8.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"openssl-perl-1.0.1e-48.el6_8.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"openssl-perl-1.0.1e-48.el6_8.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-48.el6_8.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"openssl-static-1.0.1e-48.el6_8.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"openssl-static-1.0.1e-48.el6_8.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openssl-static-1.0.1e-48.el6_8.4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"openssl-1.0.1e-60.el7_3.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openssl-1.0.1e-60.el7_3.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"openssl-debuginfo-1.0.1e-60.el7_3.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"openssl-devel-1.0.1e-60.el7_3.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"openssl-libs-1.0.1e-60.el7_3.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"openssl-perl-1.0.1e-60.el7_3.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-60.el7_3.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"openssl-static-1.0.1e-60.el7_3.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-libs / etc\");\n }\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:37:53", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - fix CVE-2017-3731 - DoS via truncated packets with RC4-MD5 cipher\n\n - fix CVE-2016-8610 - DoS of single-threaded servers via excessive alerts", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-02-22T00:00:00", "type": "nessus", "title": "OracleVM 3.3 / 3.4 : openssl (OVMSA-2017-0042)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8610", "CVE-2017-3731"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:openssl", "cpe:/o:oracle:vm_server:3.3", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2017-0042.NASL", "href": "https://www.tenable.com/plugins/nessus/97316", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2017-0042.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97316);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-8610\", \"CVE-2017-3731\");\n\n script_name(english:\"OracleVM 3.3 / 3.4 : openssl (OVMSA-2017-0042)\");\n script_summary(english:\"Checks the RPM output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - fix CVE-2017-3731 - DoS via truncated packets with\n RC4-MD5 cipher\n\n - fix CVE-2016-8610 - DoS of single-threaded servers via\n excessive alerts\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2017-February/000651.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bbd90b22\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2017-February/000650.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?31fd29bd\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"(3\\.3|3\\.4)\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3 / 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"openssl-1.0.1e-48.el6_8.4\")) flag++;\n\nif (rpm_check(release:\"OVS3.4\", reference:\"openssl-1.0.1e-48.el6_8.4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:37:11", "description": "According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite. (CVE-2017-3731)\n\n - A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections form other clients. (CVE-2016-8610)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-05-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : openssl (EulerOS-SA-2017-1029)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8610", "CVE-2017-3731"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openssl", "p-cpe:/a:huawei:euleros:openssl-devel", "p-cpe:/a:huawei:euleros:openssl-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1029.NASL", "href": "https://www.tenable.com/plugins/nessus/99874", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99874);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-8610\",\n \"CVE-2017-3731\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : openssl (EulerOS-SA-2017-1029)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openssl packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An integer underflow leading to an out of bounds read\n flaw was found in OpenSSL. A remote attacker could\n possibly use this flaw to crash a 32-bit TLS/SSL server\n or client using OpenSSL if it used the RC4-MD5 cipher\n suite. (CVE-2017-3731)\n\n - A denial of service flaw was found in the way the\n TLS/SSL protocol defined processing of ALERT packets\n during a connection handshake. A remote attacker could\n use this flaw to make a TLS/SSL server consume an\n excessive amount of CPU and fail to accept connections\n form other clients. (CVE-2016-8610)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1029\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4ad0b058\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"openssl-1.0.1e-60.1\",\n \"openssl-devel-1.0.1e-60.1\",\n \"openssl-libs-1.0.1e-60.1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:36:26", "description": "An update for openssl is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es) :\n\n* An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite. (CVE-2017-3731)\n\n* A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections form other clients. (CVE-2016-8610)\n\nNote that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-07-13T00:00:00", "type": "nessus", "title": "Virtuozzo 6 : openssl / openssl-devel / openssl-perl / etc (VZLSA-2017-0286)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8610", "CVE-2017-3731"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:openssl", "p-cpe:/a:virtuozzo:virtuozzo:openssl-devel", "p-cpe:/a:virtuozzo:virtuozzo:openssl-perl", "p-cpe:/a:virtuozzo:virtuozzo:openssl-static", "cpe:/o:virtuozzo:virtuozzo:6"], "id": "VIRTUOZZO_VZLSA-2017-0286.NASL", "href": "https://www.tenable.com/plugins/nessus/101424", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101424);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2016-8610\",\n \"CVE-2017-3731\"\n );\n\n script_name(english:\"Virtuozzo 6 : openssl / openssl-devel / openssl-perl / etc (VZLSA-2017-0286)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for openssl is now available for Red Hat Enterprise Linux 6\nand Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL)\nand Transport Layer Security (TLS) protocols, as well as a\nfull-strength general-purpose cryptography library.\n\nSecurity Fix(es) :\n\n* An integer underflow leading to an out of bounds read flaw was found\nin OpenSSL. A remote attacker could possibly use this flaw to crash a\n32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5\ncipher suite. (CVE-2017-3731)\n\n* A denial of service flaw was found in the way the TLS/SSL protocol\ndefined processing of ALERT packets during a connection handshake. A\nremote attacker could use this flaw to make a TLS/SSL server consume\nan excessive amount of CPU and fail to accept connections form other\nclients. (CVE-2016-8610)\n\nNote that Tenable Network Security has attempted to extract the\npreceding description block directly from the corresponding Red Hat\nsecurity advisory. Virtuozzo provides no description for VZLSA\nadvisories. Tenable has attempted to automatically clean and format\nit as much as possible without introducing additional issues.\");\n # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2017-0286.json\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?111e1fb5\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2017-0286\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssl / openssl-devel / openssl-perl / etc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:6\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 6.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"openssl-1.0.1e-48.vl6.4\",\n \"openssl-devel-1.0.1e-48.vl6.4\",\n \"openssl-perl-1.0.1e-48.vl6.4\",\n \"openssl-static-1.0.1e-48.vl6.4\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-6\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-perl / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:37:44", "description": "From Red Hat Security Advisory 2017:0286 :\n\nAn update for openssl is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es) :\n\n* An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite. (CVE-2017-3731)\n\n* A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections form other clients. (CVE-2016-8610)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-02-21T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : openssl (ELSA-2017-0286)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8610", "CVE-2017-3731"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:openssl", "p-cpe:/a:oracle:linux:openssl-devel", "p-cpe:/a:oracle:linux:openssl-libs", "p-cpe:/a:oracle:linux:openssl-perl", "p-cpe:/a:oracle:linux:openssl-static", "cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2017-0286.NASL", "href": "https://www.tenable.com/plugins/nessus/97293", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2017:0286 and \n# Oracle Linux Security Advisory ELSA-2017-0286 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97293);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-8610\", \"CVE-2017-3731\");\n script_xref(name:\"RHSA\", value:\"2017:0286\");\n\n script_name(english:\"Oracle Linux 6 / 7 : openssl (ELSA-2017-0286)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2017:0286 :\n\nAn update for openssl is now available for Red Hat Enterprise Linux 6\nand Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL)\nand Transport Layer Security (TLS) protocols, as well as a\nfull-strength general-purpose cryptography library.\n\nSecurity Fix(es) :\n\n* An integer underflow leading to an out of bounds read flaw was found\nin OpenSSL. A remote attacker could possibly use this flaw to crash a\n32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5\ncipher suite. (CVE-2017-3731)\n\n* A denial of service flaw was found in the way the TLS/SSL protocol\ndefined processing of ALERT packets during a connection handshake. A\nremote attacker could use this flaw to make a TLS/SSL server consume\nan excessive amount of CPU and fail to accept connections form other\nclients. (CVE-2016-8610)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-February/006714.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-February/006715.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"openssl-1.0.1e-48.el6_8.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openssl-devel-1.0.1e-48.el6_8.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openssl-perl-1.0.1e-48.el6_8.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openssl-static-1.0.1e-48.el6_8.4\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssl-1.0.1e-60.el7_3.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssl-devel-1.0.1e-60.el7_3.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssl-libs-1.0.1e-60.el7_3.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-60.el7_3.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssl-static-1.0.1e-60.el7_3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-libs / openssl-perl / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:37:50", "description": "An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite. (CVE-2017-3731)\n\nA denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections form other clients. (CVE-2016-8610)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-03-07T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : openssl (ALAS-2017-803)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8610", "CVE-2017-3731"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:openssl", "p-cpe:/a:amazon:linux:openssl-debuginfo", "p-cpe:/a:amazon:linux:openssl-devel", "p-cpe:/a:amazon:linux:openssl-perl", "p-cpe:/a:amazon:linux:openssl-static", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2017-803.NASL", "href": "https://www.tenable.com/plugins/nessus/97555", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-803.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97555);\n script_version(\"3.6\");\n script_cvs_date(\"Date: 2018/04/18 15:09:36\");\n\n script_cve_id(\"CVE-2016-8610\", \"CVE-2017-3731\");\n script_xref(name:\"ALAS\", value:\"2017-803\");\n\n script_name(english:\"Amazon Linux AMI : openssl (ALAS-2017-803)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An integer underflow leading to an out of bounds read flaw was found\nin OpenSSL. A remote attacker could possibly use this flaw to crash a\n32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5\ncipher suite. (CVE-2017-3731)\n\nA denial of service flaw was found in the way the TLS/SSL protocol\ndefined processing of ALERT packets during a connection handshake. A\nremote attacker could use this flaw to make a TLS/SSL server consume\nan excessive amount of CPU and fail to accept connections form other\nclients. (CVE-2016-8610)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-803.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update openssl' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"openssl-1.0.1k-15.99.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-debuginfo-1.0.1k-15.99.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-devel-1.0.1k-15.99.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-perl-1.0.1k-15.99.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-static-1.0.1k-15.99.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:36:56", "description": "According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite. (CVE-2017-3731)\n\n - A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections form other clients. (CVE-2016-8610)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-05-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : openssl (EulerOS-SA-2017-1030)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8610", "CVE-2017-3731"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openssl", "p-cpe:/a:huawei:euleros:openssl-devel", "p-cpe:/a:huawei:euleros:openssl-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1030.NASL", "href": "https://www.tenable.com/plugins/nessus/99875", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99875);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-8610\",\n \"CVE-2017-3731\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : openssl (EulerOS-SA-2017-1030)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openssl packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An integer underflow leading to an out of bounds read\n flaw was found in OpenSSL. A remote attacker could\n possibly use this flaw to crash a 32-bit TLS/SSL server\n or client using OpenSSL if it used the RC4-MD5 cipher\n suite. (CVE-2017-3731)\n\n - A denial of service flaw was found in the way the\n TLS/SSL protocol defined processing of ALERT packets\n during a connection handshake. A remote attacker could\n use this flaw to make a TLS/SSL server consume an\n excessive amount of CPU and fail to accept connections\n form other clients. (CVE-2016-8610)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1030\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?169f034a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"openssl-1.0.1e-60.1\",\n \"openssl-devel-1.0.1e-60.1\",\n \"openssl-libs-1.0.1e-60.1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-16T16:13:45", "description": "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline.\nThe amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem.\n(CVE-2017-3732)", "cvss3": {"score": 5.9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2017-02-17T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : OpenSSL vulnerability (K44512851)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3193", "CVE-2017-3732"], "modified": "2019-01-04T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/h:f5:big-ip"], "id": "F5_BIGIP_SOL44512851.NASL", "href": "https://www.tenable.com/plugins/nessus/97218", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K44512851.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97218);\n script_version(\"3.17\");\n script_cvs_date(\"Date: 2019/01/04 10:03:41\");\n\n script_cve_id(\"CVE-2015-3193\", \"CVE-2017-3732\");\n\n script_name(english:\"F5 Networks BIG-IP : OpenSSL vulnerability (K44512851)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"There is a carry propagating bug in the x86_64 Montgomery squaring\nprocedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No\nEC algorithms are affected. Analysis suggests that attacks against RSA\nand DSA as a result of this defect would be very difficult to perform\nand are not believed likely. Attacks against DH are considered just\nfeasible (although very difficult) because most of the work necessary\nto deduce information about a private key may be performed offline.\nThe amount of resources required for such an attack would be very\nsignificant and likely only accessible to a limited number of\nattackers. An attacker would additionally need online access to an\nunpatched system using the target private key in a scenario with\npersistent DH parameters and a private key that is shared between\nmultiple clients. For example this can occur by default in OpenSSL DHE\nbased SSL/TLS ciphersuites. Note: This issue is very similar to\nCVE-2015-3193 but must be treated as a separate problem.\n(CVE-2017-3732)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K44512851\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K44512851.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K44512851\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"13.0.0\",\"12.1.0-12.1.2\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"13.1.0\",\"13.0.1\",\"12.1.3\",\"12.0.0\",\"11.4.0-11.6.2\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"13.0.0\",\"12.1.0-12.1.2\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"13.1.0\",\"13.0.1\",\"12.1.3\",\"12.0.0\",\"11.4.0-11.6.2\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"13.0.0\",\"12.1.0-12.1.2\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"13.1.0\",\"13.0.1\",\"12.1.3\",\"12.0.0\",\"11.4.0-11.6.2\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"13.0.0\",\"12.1.0-12.1.2\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"13.1.0\",\"13.0.1\",\"12.1.3\",\"12.0.0\",\"11.4.0-11.6.2\",\"11.2.1\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"13.0.0\",\"12.1.0-12.1.2\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"13.1.0\",\"13.0.1\",\"12.1.3\",\"12.0.0\",\"11.4.0-11.6.2\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"13.0.0\",\"12.1.0-12.1.2\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"13.1.0\",\"13.0.1\",\"12.1.3\",\"12.0.0\",\"11.4.0-11.6.2\",\"11.2.1\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"13.0.0\",\"12.1.0-12.1.2\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"13.1.0\",\"13.0.1\",\"12.1.3\",\"12.0.0\",\"11.4.0-11.6.2\",\"11.2.1\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"13.0.0\",\"12.1.0-12.1.2\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"13.1.0\",\"13.0.1\",\"12.1.3\",\"12.0.0\",\"11.4.0-11.6.2\",\"11.2.1\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-03-27T15:45:49", "description": "According to its self-reported version, the MySQL Enterprise Monitor application running on the remote host is 3.1.x prior to 3.1.7.8023, 3.2.x prior to 3.2.7.1204, or 3.3.x prior to 3.3.3.1199. It is, therefore, affected by multiple vulnerabilities :\n\n - A denial of service vulnerability exists in the Apache Commons component in the FileUpload functionality due to improper handling of file upload requests. An unauthenticated, remote attacker can exploit this, via a specially crafted content-type header, to cause a denial of service condition. Note that this vulnerability does not affect MySQL Enterprise Monitor versions 3.3.x.\n (CVE-2016-3092)\n\n - An unspecified flaw exists in the Apache Struts component that is triggered during the cleanup of action names. An unauthenticated, remote attacker can exploit this, via a specially crafted payload, to perform unspecified actions. (CVE-2016-4436)\n\n - A carry propagation error exists in the OpenSSL component in the Broadwell-specific Montgomery multiplication procedure when handling input lengths divisible by but longer than 256 bits. This can result in transient authentication and key negotiation failures or reproducible erroneous outcomes of public-key operations with specially crafted input. A man-in-the-middle attacker can possibly exploit this issue to compromise ECDH key negotiations that utilize Brainpool P-512 curves. (CVE-2016-7055)\n\n - An unspecified flaw exists in the Monitoring Server subcomponent that allows an authenticated, remote attacker to impact confidentiality and integrity.\n (CVE-2017-3306)\n\n - An unspecified flaw exists in the Monitoring Server subcomponent that allows an authenticated, remote attacker to impact integrity and availability.\n (CVE-2017-3307)\n\n - An out-of-bounds read error exists in the OpenSSL component when handling packets using the CHACHA20/POLY1305 or RC4-MD5 ciphers. An unauthenticated, remote attacker can exploit this, via specially crafted truncated packets, to cause a denial of service condition. (CVE-2017-3731)\n\n - A carry propagating error exists in the OpenSSL component in the x86_64 Montgomery squaring implementation that may cause the BN_mod_exp() function to produce incorrect results. An unauthenticated, remote attacker with sufficient resources can exploit this to obtain sensitive information regarding private keys.\n (CVE-2017-3732)\n\n - A remote code execution vulnerability exists in the Apache Struts component in the Jakarta Multipart parser due to improper handling of the Content-Type, Content-Disposition, and Content-Length headers.\n An unauthenticated, remote attacker can exploit this, via a specially crafted header value in the HTTP request, to execute arbitrary code. (CVE-2017-5638)", "cvss3": {"score": 10, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-04-21T00:00:00", "type": "nessus", "title": "MySQL Enterprise Monitor 3.1.x < 3.1.7.8023 / 3.2.x < 3.2.7.1204 / 3.3.x < 3.3.3.1199 Multiple Vulnerabilities (April 2017 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3092", "CVE-2016-4436", "CVE-2016-7055", "CVE-2017-3306", "CVE-2017-3307", "CVE-2017-3731", "CVE-2017-3732", "CVE-2017-5638"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/a:oracle:mysql_enterprise_monitor"], "id": "MYSQL_ENTERPRISE_MONITOR_3_3_3_1199.NASL", "href": "https://www.tenable.com/plugins/nessus/99593", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99593);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2016-3092\",\n \"CVE-2016-4436\",\n \"CVE-2016-7055\",\n \"CVE-2017-3306\",\n \"CVE-2017-3307\",\n \"CVE-2017-3731\",\n \"CVE-2017-3732\",\n \"CVE-2017-5638\"\n );\n script_bugtraq_id(\n 91280,\n 91453,\n 94242,\n 95813,\n 95814,\n 96729,\n 97724,\n 97844\n );\n script_xref(name:\"CERT\", value:\"834067\");\n script_xref(name:\"EDB-ID\", value:\"41570\");\n script_xref(name:\"EDB-ID\", value:\"41614\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"MySQL Enterprise Monitor 3.1.x < 3.1.7.8023 / 3.2.x < 3.2.7.1204 / 3.3.x < 3.3.3.1199 Multiple Vulnerabilities (April 2017 CPU)\");\n script_summary(english:\"Checks the version of MySQL Enterprise Monitor.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web application running on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the MySQL Enterprise Monitor\napplication running on the remote host is 3.1.x prior to 3.1.7.8023,\n3.2.x prior to 3.2.7.1204, or 3.3.x prior to 3.3.3.1199. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - A denial of service vulnerability exists in the Apache\n Commons component in the FileUpload functionality due to\n improper handling of file upload requests. An\n unauthenticated, remote attacker can exploit this, via a\n specially crafted content-type header, to cause a denial\n of service condition. Note that this vulnerability does\n not affect MySQL Enterprise Monitor versions 3.3.x.\n (CVE-2016-3092)\n\n - An unspecified flaw exists in the Apache Struts\n component that is triggered during the cleanup of action\n names. An unauthenticated, remote attacker can exploit\n this, via a specially crafted payload, to perform\n unspecified actions. (CVE-2016-4436)\n\n - A carry propagation error exists in the OpenSSL\n component in the Broadwell-specific Montgomery\n multiplication procedure when handling input lengths\n divisible by but longer than 256 bits. This can result\n in transient authentication and key negotiation failures\n or reproducible erroneous outcomes of public-key\n operations with specially crafted input. A\n man-in-the-middle attacker can possibly exploit this\n issue to compromise ECDH key negotiations that utilize\n Brainpool P-512 curves. (CVE-2016-7055)\n\n - An unspecified flaw exists in the Monitoring Server\n subcomponent that allows an authenticated, remote\n attacker to impact confidentiality and integrity.\n (CVE-2017-3306)\n\n - An unspecified flaw exists in the Monitoring Server\n subcomponent that allows an authenticated, remote\n attacker to impact integrity and availability.\n (CVE-2017-3307)\n\n - An out-of-bounds read error exists in the OpenSSL\n component when handling packets using the\n CHACHA20/POLY1305 or RC4-MD5 ciphers. An\n unauthenticated, remote attacker can exploit this, via\n specially crafted truncated packets, to cause a denial\n of service condition. (CVE-2017-3731)\n\n - A carry propagating error exists in the OpenSSL\n component in the x86_64 Montgomery squaring\n implementation that may cause the BN_mod_exp() function\n to produce incorrect results. An unauthenticated, remote\n attacker with sufficient resources can exploit this to\n obtain sensitive information regarding private keys.\n (CVE-2017-3732)\n\n - A remote code execution vulnerability exists in the\n Apache Struts component in the Jakarta Multipart parser\n due to improper handling of the Content-Type,\n Content-Disposition, and Content-Length headers.\n An unauthenticated, remote attacker can exploit this,\n via a specially crafted header value in the HTTP\n request, to execute arbitrary code. (CVE-2017-5638)\");\n # https://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixMSQL\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d679be85\");\n # http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?50229a1a\");\n # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3681811.xml\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?eb4db3c7\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.oracle.com/rs?type=doc&id=2244179.1\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.oracle.com/rs?type=doc&id=2279658.1\");\n script_set_attribute(attribute:\"see_also\", value:\"http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html\");\n # https://threatpost.com/apache-struts-2-exploits-installing-cerber-ransomware/124844/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?77e9c654\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL Enterprise Monitor version 3.1.7.8023 / 3.2.7.1204 /\n3.3.3.1199 or later as referenced in the April 2017 Oracle Critical\nPatch Update advisory.\n\nNote that the 3.2.x version was fixed for the CVE-2016-4436\nvulnerability in version 3.2.6.1182.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:ND\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:X\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5638\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache Struts Jakarta Multipart Parser OGNL Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/21\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql_enterprise_monitor\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_enterprise_monitor_web_detect.nasl\");\n script_require_keys(\"installed_sw/MySQL Enterprise Monitor\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 18443);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\napp = \"MySQL Enterprise Monitor\";\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:18443);\n\ninstall = get_single_install(app_name:app, port:port, exit_if_unknown_ver:TRUE);\nversion = install['version'];\ninstall_url = build_url(port:port, qs:\"/\");\n\nfixes = {\"^3.3\": \"3.3.3.1199\",\n \"^3.2\": \"3.2.7.1204\",\n \"^3.1\": \"3.1.7.8023\"};\n\nvuln = FALSE;\nfix = '';\nforeach (prefix in keys(fixes))\n{\n if (version =~ prefix && ver_compare(ver:version,\n fix:fixes[prefix],\n strict:FALSE) < 0)\n { \n vuln = TRUE;\n fix = fixes[prefix];\n break;\n }\n}\n\nif (vuln)\n{\n report =\n '\\n URL : ' + install_url +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:report);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:38:11", "description": "Several vulnerabilities were discovered in OpenSSL :\n\n - CVE-2016-7056 A local timing attack was discovered against ECDSA P-256.\n\n - CVE-2016-8610 It was discovered that no limit was imposed on alert packets during an SSL handshake.\n\n - CVE-2017-3731 Robert Swiecki discovered that the RC4-MD5 cipher when running on 32 bit systems could be forced into an out-of-bounds read, resulting in denial of service.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-01-30T00:00:00", "type": "nessus", "title": "Debian DSA-3773-1 : openssl - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7056", "CVE-2016-8610", "CVE-2017-3731"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openssl", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3773.NASL", "href": "https://www.tenable.com/plugins/nessus/96842", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3773. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96842);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-7056\", \"CVE-2016-8610\", \"CVE-2017-3731\");\n script_xref(name:\"DSA\", value:\"3773\");\n\n script_name(english:\"Debian DSA-3773-1 : openssl - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in OpenSSL :\n\n - CVE-2016-7056\n A local timing attack was discovered against ECDSA\n P-256.\n\n - CVE-2016-8610\n It was discovered that no limit was imposed on alert\n packets during an SSL handshake.\n\n - CVE-2017-3731\n Robert Swiecki discovered that the RC4-MD5 cipher when\n running on 32 bit systems could be forced into an\n out-of-bounds read, resulting in denial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-7056\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-8610\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-3731\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/openssl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3773\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the openssl packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 1.0.1t-1+deb8u6.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libcrypto1.0.0-udeb\", reference:\"1.0.1t-1+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libssl-dev\", reference:\"1.0.1t-1+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libssl-doc\", reference:\"1.0.1t-1+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libssl1.0.0\", reference:\"1.0.1t-1+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libssl1.0.0-dbg\", reference:\"1.0.1t-1+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"openssl\", reference:\"1.0.1t-1+deb8u6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:38:04", "description": "Several vulnerabilities were discovered in OpenSSL :\n\nCVE-2016-7056\n\nA local timing attack was discovered against ECDSA P-256.\n\nCVE-2016-8610\n\nIt was discovered that no limit was imposed on alert packets during an SSL handshake.\n\nCVE-2017-3731\n\nRobert Swiecki discovered that the RC4-MD5 cipher when running on 32 bit systems could be forced into an out-of-bounds read, resulting in denial of service.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 1.0.1t-1+deb7u2.\n\nWe recommend that you upgrade your openssl packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-02-02T00:00:00", "type": "nessus", "title": "Debian DLA-814-1 : openssl security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7056", "CVE-2016-8610", "CVE-2017-3731"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libssl-dev", "p-cpe:/a:debian:debian_linux:libssl-doc", "p-cpe:/a:debian:debian_linux:libssl1.0.0", "p-cpe:/a:debian:debian_linux:libssl1.0.0-dbg", "p-cpe:/a:debian:debian_linux:openssl", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-814.NASL", "href": "https://www.tenable.com/plugins/nessus/96931", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-814-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96931);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-7056\", \"CVE-2016-8610\", \"CVE-2017-3731\");\n\n script_name(english:\"Debian DLA-814-1 : openssl security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in OpenSSL :\n\nCVE-2016-7056\n\nA local timing attack was discovered against ECDSA P-256.\n\nCVE-2016-8610\n\nIt was discovered that no limit was imposed on alert packets during an\nSSL handshake.\n\nCVE-2017-3731\n\nRobert Swiecki discovered that the RC4-MD5 cipher when running on 32\nbit systems could be forced into an out-of-bounds read, resulting in\ndenial of service.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1.0.1t-1+deb7u2.\n\nWe recommend that you upgrade your openssl packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/02/msg00001.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/openssl\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl1.0.0-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libssl-dev\", reference:\"1.0.1t-1+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libssl-doc\", reference:\"1.0.1t-1+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libssl1.0.0\", reference:\"1.0.1t-1+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libssl1.0.0-dbg\", reference:\"1.0.1t-1+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openssl\", reference:\"1.0.1t-1+deb7u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-16T16:24:45", "description": "Red Hat JBoss Core Services Pack Apache Server 2.4.29 packages are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThis release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements.\nRefer to the Release Notes for information on the most significant bug fixes, enhancements and component upgrades included in this release.\n\nThis release upgrades OpenSSL to version 1.0.2.n\n\nSecurity Fix(es) :\n\n* openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() (CVE-2016-2182)\n\n* openssl: Insufficient TLS session ticket HMAC length checks (CVE-2016-6302)\n\n* openssl: certificate message OOB reads (CVE-2016-6306)\n\n* openssl: Carry propagating bug in Montgomery multiplication (CVE-2016-7055)\n\n* openssl: Truncated packet could crash via OOB read (CVE-2017-3731)\n\n* openssl: BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)\n\n* openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)\n\n* openssl: Read/write after SSL object in error state (CVE-2017-3737)\n\n* openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-6306 and CVE-2016-7055. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6306.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-07-18T00:00:00", "type": "nessus", "title": "RHEL 6 : Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 6 (RHSA-2018:2186)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2182", "CVE-2016-4975", "CVE-2016-6302", "CVE-2016-6306", "CVE-2016-7055", "CVE-2017-3731", "CVE-2017-3732", "CVE-2017-3736", "CVE-2017-3737", "CVE-2017-3738"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apache-commons-daemon", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apache-commons-daemon-jsvc", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-devel", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-devel", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-ldap", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-mysql", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-nss", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-odbc", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-openssl", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-pgsql", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-sqlite", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-devel", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-manual", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-selinux", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-tools", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_auth_kerb", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_auth_kerb-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_bmx", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_bmx-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_cluster-native", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_cluster-native-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_jk-ap24", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_jk-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_jk-manual", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ldap", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_proxy_html", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_rt", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_rt-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_security", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_security-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_session", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ssl", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-nghttp2", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-nghttp2-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-nghttp2-devel", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-devel", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-libs", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-perl", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-static", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2018-2186.NASL", "href": "https://www.tenable.com/plugins/nessus/111147", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:2186. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111147);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/10/24 15:35:45\");\n\n script_cve_id(\"CVE-2016-2182\", \"CVE-2016-4975\", \"CVE-2016-6302\", \"CVE-2016-6306\", \"CVE-2016-7055\", \"CVE-2017-3731\", \"CVE-2017-3732\", \"CVE-2017-3736\", \"CVE-2017-3737\", \"CVE-2017-3738\");\n script_xref(name:\"RHSA\", value:\"2018:2186\");\n\n script_name(english:\"RHEL 6 : Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 6 (RHSA-2018:2186)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Red Hat JBoss Core Services Pack Apache Server 2.4.29 packages are now\navailable for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this release as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThis release adds the new Apache HTTP Server 2.4.29 packages that are\npart of the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.23, and includes bug fixes and enhancements.\nRefer to the Release Notes for information on the most significant bug\nfixes, enhancements and component upgrades included in this release.\n\nThis release upgrades OpenSSL to version 1.0.2.n\n\nSecurity Fix(es) :\n\n* openssl: Out-of-bounds write caused by unchecked errors in\nBN_bn2dec() (CVE-2016-2182)\n\n* openssl: Insufficient TLS session ticket HMAC length checks\n(CVE-2016-6302)\n\n* openssl: certificate message OOB reads (CVE-2016-6306)\n\n* openssl: Carry propagating bug in Montgomery multiplication\n(CVE-2016-7055)\n\n* openssl: Truncated packet could crash via OOB read (CVE-2017-3731)\n\n* openssl: BN_mod_exp may produce incorrect results on x86_64\n(CVE-2017-3732)\n\n* openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)\n\n* openssl: Read/write after SSL object in error state (CVE-2017-3737)\n\n* openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-6306 and CVE-2016-7055. Upstream acknowledges Shi Lei (Gear\nTeam of Qihoo 360 Inc.) as the original reporter of CVE-2016-6306.\"\n );\n # https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b2e43da2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:2186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-4975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6302\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6306\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-7055\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3731\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3732\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3736\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3737\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3738\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apache-commons-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apache-commons-daemon-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_auth_kerb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_auth_kerb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_bmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_bmx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_cluster-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_cluster-native-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_jk-ap24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_jk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_jk-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_security\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_security-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-nghttp2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-nghttp2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-nghttp2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:2186\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"jbcs-httpd24-apache-commons-daemon-1.1.0-1.redhat_2.1.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-apache-commons-daemon-jsvc-1.1.0-1.redhat_2.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apache-commons-daemon-jsvc-1.1.0-1.redhat_2.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1.1.0-1.redhat_2.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1.1.0-1.redhat_2.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-apr-1.6.3-14.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apr-1.6.3-14.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-apr-debuginfo-1.6.3-14.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apr-debuginfo-1.6.3-14.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-apr-devel-1.6.3-14.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apr-devel-1.6.3-14.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-apr-util-1.6.1-9.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apr-util-1.6.1-9.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-apr-util-debuginfo-1.6.1-9.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apr-util-debuginfo-1.6.1-9.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-apr-util-devel-1.6.1-9.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apr-util-devel-1.6.1-9.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-apr-util-ldap-1.6.1-9.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apr-util-ldap-1.6.1-9.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-apr-util-mysql-1.6.1-9.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apr-util-mysql-1.6.1-9.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-apr-util-nss-1.6.1-9.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apr-util-nss-1.6.1-9.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-apr-util-odbc-1.6.1-9.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apr-util-odbc-1.6.1-9.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-apr-util-openssl-1.6.1-9.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apr-util-openssl-1.6.1-9.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-apr-util-pgsql-1.6.1-9.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apr-util-pgsql-1.6.1-9.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-apr-util-sqlite-1.6.1-9.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apr-util-sqlite-1.6.1-9.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-httpd-2.4.29-17.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-2.4.29-17.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-httpd-debuginfo-2.4.29-17.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-debuginfo-2.4.29-17.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-httpd-devel-2.4.29-17.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-devel-2.4.29-17.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbcs-httpd24-httpd-manual-2.4.29-17.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-httpd-selinux-2.4.29-17.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-selinux-2.4.29-17.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-httpd-tools-2.4.29-17.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-tools-2.4.29-17.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-mod_auth_kerb-5.4-36.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_auth_kerb-5.4-36.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-mod_auth_kerb-debuginfo-5.4-36.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_auth_kerb-debuginfo-5.4-36.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-mod_bmx-0.9.6-17.GA.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_bmx-0.9.6-17.GA.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-mod_bmx-debuginfo-0.9.6-17.GA.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_bmx-debuginfo-0.9.6-17.GA.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-mod_cluster-native-1.3.8-1.Final_redhat_2.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_cluster-native-1.3.8-1.Final_redhat_2.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-mod_cluster-native-debuginfo-1.3.8-1.Final_redhat_2.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_cluster-native-debuginfo-1.3.8-1.Final_redhat_2.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-mod_jk-ap24-1.2.43-1.redhat_1.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_jk-ap24-1.2.43-1.redhat_1.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-mod_jk-debuginfo-1.2.43-1.redhat_1.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_jk-debuginfo-1.2.43-1.redhat_1.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-mod_jk-manual-1.2.43-1.redhat_1.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_jk-manual-1.2.43-1.redhat_1.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-mod_ldap-2.4.29-17.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_ldap-2.4.29-17.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-mod_proxy_html-2.4.29-17.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_proxy_html-2.4.29-17.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-mod_rt-2.4.1-19.GA.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_rt-2.4.1-19.GA.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-mod_rt-debuginfo-2.4.1-19.GA.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_rt-debuginfo-2.4.1-19.GA.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-mod_security-2.9.1-23.GA.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_security-2.9.1-23.GA.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-mod_security-debuginfo-2.9.1-23.GA.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_security-debuginfo-2.9.1-23.GA.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-mod_session-2.4.29-17.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_session-2.4.29-17.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-mod_ssl-2.4.29-17.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_ssl-2.4.29-17.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-nghttp2-1.29.0-8.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-nghttp2-1.29.0-8.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-nghttp2-debuginfo-1.29.0-8.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-nghttp2-debuginfo-1.29.0-8.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-nghttp2-devel-1.29.0-8.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-nghttp2-devel-1.29.0-8.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-openssl-1.0.2n-11.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-openssl-1.0.2n-11.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-openssl-debuginfo-1.0.2n-11.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-openssl-debuginfo-1.0.2n-11.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-openssl-devel-1.0.2n-11.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-openssl-devel-1.0.2n-11.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-openssl-libs-1.0.2n-11.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-openssl-libs-1.0.2n-11.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-openssl-perl-1.0.2n-11.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-openssl-perl-1.0.2n-11.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-openssl-static-1.0.2n-11.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-openssl-static-1.0.2n-11.jbcs.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jbcs-httpd24-apache-commons-daemon / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T16:25:03", "description": "Red Hat JBoss Core Services Pack Apache Server 2.4.29 packages are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThis release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements.\nRefer to the Release Notes for information on the most significant bug fixes, enhancements and component upgrades included in this release.\n\nThis release upgrades OpenSSL to version 1.0.2.n\n\nSecurity Fix(es) :\n\n* openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() (CVE-2016-2182)\n\n* openssl: Insufficient TLS session ticket HMAC length checks (CVE-2016-6302)\n\n* openssl: certificate message OOB reads (CVE-2016-6306)\n\n* openssl: Carry propagating bug in Montgomery multiplication (CVE-2016-7055)\n\n* openssl: Truncated packet could crash via OOB read (CVE-2017-3731)\n\n* openssl: BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)\n\n* openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)\n\n* openssl: Read/write after SSL object in error state (CVE-2017-3737)\n\n* openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-6306 and CVE-2016-7055. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6306.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-07-18T00:00:00", "type": "nessus", "title": "RHEL 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 7 (RHSA-2018:2185)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2182", "CVE-2016-4975", "CVE-2016-6302", "CVE-2016-6306", "CVE-2016-7055", "CVE-2017-3731", "CVE-2017-3732", "CVE-2017-3736", "CVE-2017-3737", "CVE-2017-3738"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apache-commons-daemon", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apache-commons-daemon-jsvc", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-devel", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-devel", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-ldap", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-mysql", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-nss", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-odbc", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-openssl", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-pgsql", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-sqlite", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-devel", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-manual", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-selinux", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-tools", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_auth_kerb", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_auth_kerb-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_bmx", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_bmx-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_cluster-native", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_cluster-native-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_jk-ap24", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_jk-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_jk-manual", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ldap", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_proxy_html", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_rt", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_rt-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_security", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_security-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_session", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ssl", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-nghttp2", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-nghttp2-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-nghttp2-devel", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-devel", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-libs", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-perl", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-static", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2018-2185.NASL", "href": "https://www.tenable.com/plugins/nessus/111146", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:2185. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111146);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/10/24 15:35:45\");\n\n script_cve_id(\"CVE-2016-2182\", \"CVE-2016-4975\", \"CVE-2016-6302\", \"CVE-2016-6306\", \"CVE-2016-7055\", \"CVE-2017-3731\", \"CVE-2017-3732\", \"CVE-2017-3736\", \"CVE-2017-3737\", \"CVE-2017-3738\");\n script_xref(name:\"RHSA\", value:\"2018:2185\");\n\n script_name(english:\"RHEL 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 7 (RHSA-2018:2185)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Red Hat JBoss Core Services Pack Apache Server 2.4.29 packages are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this release as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThis release adds the new Apache HTTP Server 2.4.29 packages that are\npart of the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.23, and includes bug fixes and enhancements.\nRefer to the Release Notes for information on the most significant bug\nfixes, enhancements and component upgrades included in this release.\n\nThis release upgrades OpenSSL to version 1.0.2.n\n\nSecurity Fix(es) :\n\n* openssl: Out-of-bounds write caused by unchecked errors in\nBN_bn2dec() (CVE-2016-2182)\n\n* openssl: Insufficient TLS session ticket HMAC length checks\n(CVE-2016-6302)\n\n* openssl: certificate message OOB reads (CVE-2016-6306)\n\n* openssl: Carry propagating bug in Montgomery multiplication\n(CVE-2016-7055)\n\n* openssl: Truncated packet could crash via OOB read (CVE-2017-3731)\n\n* openssl: BN_mod_exp may produce incorrect results on x86_64\n(CVE-2017-3732)\n\n* openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)\n\n* openssl: Read/write after SSL object in error state (CVE-2017-3737)\n\n* openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-6306 and CVE-2016-7055. Upstream acknowledges Shi Lei (Gear\nTeam of Qihoo 360 Inc.) as the original reporter of CVE-2016-6306.\"\n );\n # https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b2e43da2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:2185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-4975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6302\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6306\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-7055\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3731\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3732\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3736\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3737\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3738\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apache-commons-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apache-commons-daemon-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_auth_kerb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_auth_kerb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_bmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_bmx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_cluster-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_cluster-native-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_jk-ap24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_jk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_jk-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_security\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_security-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-nghttp2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-nghttp2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-nghttp2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:2185\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", reference:\"jbcs-httpd24-apache-commons-daemon-1.1.0-1.redhat_2.1.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apache-commons-daemon-jsvc-1.1.0-1.redhat_2.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1.1.0-1.redhat_2.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apr-1.6.3-14.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apr-debuginfo-1.6.3-14.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apr-devel-1.6.3-14.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apr-util-1.6.1-9.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apr-util-debuginfo-1.6.1-9.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apr-util-devel-1.6.1-9.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apr-util-ldap-1.6.1-9.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apr-util-mysql-1.6.1-9.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apr-util-nss-1.6.1-9.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apr-util-odbc-1.6.1-9.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apr-util-openssl-1.6.1-9.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apr-util-pgsql-1.6.1-9.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apr-util-sqlite-1.6.1-9.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-2.4.29-17.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-debuginfo-2.4.29-17.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-devel-2.4.29-17.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jbcs-httpd24-httpd-manual-2.4.29-17.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-selinux-2.4.29-17.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-tools-2.4.29-17.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_auth_kerb-5.4-36.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_auth_kerb-debuginfo-5.4-36.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_bmx-0.9.6-17.GA.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_bmx-debuginfo-0.9.6-17.GA.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_cluster-native-1.3.8-1.Final_redhat_2.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_cluster-native-debuginfo-1.3.8-1.Final_redhat_2.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_jk-ap24-1.2.43-1.redhat_1.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_jk-debuginfo-1.2.43-1.redhat_1.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_jk-manual-1.2.43-1.redhat_1.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_ldap-2.4.29-17.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_proxy_html-2.4.29-17.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_rt-2.4.1-19.GA.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_rt-debuginfo-2.4.1-19.GA.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_security-2.9.1-23.GA.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_security-debuginfo-2.9.1-23.GA.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_session-2.4.29-17.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_ssl-2.4.29-17.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-nghttp2-1.29.0-8.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-nghttp2-debuginfo-1.29.0-8.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-nghttp2-devel-1.29.0-8.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-openssl-1.0.2n-11.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-openssl-debuginfo-1.0.2n-11.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-openssl-devel-1.0.2n-11.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-openssl-libs-1.0.2n-11.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-openssl-perl-1.0.2n-11.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-openssl-static-1.0.2n-11.jbcs.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jbcs-httpd24-apache-commons-daemon / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T16:14:10", "description": "This update for openssl fixes the following issues contained in the OpenSSL Security Advisory [26 Jan 2017] (bsc#1021641) Security issues fixed :\n\n - CVE-2016-7056: A local ECSDA P-256 timing attack that might have allowed key recovery was fixed (bsc#1019334)\n\n - CVE-2016-8610: A remote denial of service in SSL alert handling was fixed (bsc#1005878)\n\n - CVE-2016-2108: Added a missing commit for CVE-2016-2108, fixing the negative zero handling in the ASN.1 decoder (bsc#1004499)\n\n - CVE-2017-3731: Truncated packet could crash via OOB read (bsc#1022085, CVE-2017-3731)\n\n - Degrade the 3DES cipher to MEDIUM in SSLv2 (bsc#1001912) Bugs fixed :\n\n - fix crash in openssl speed (bsc#1000677)\n\n - fix ca-bundle path (bsc#1022271)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-02-15T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2017:0461-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2108", "CVE-2016-7056", "CVE-2016-8610", "CVE-2017-3731"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libopenssl1_0_0", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac", "p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:openssl-debuginfo", "p-cpe:/a:novell:suse_linux:openssl-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-0461-1.NASL", "href": "https://www.tenable.com/plugins/nessus/97188", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0461-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97188);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-2108\", \"CVE-2016-7056\", \"CVE-2016-8610\", \"CVE-2017-3731\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2017:0461-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openssl fixes the following issues contained in the\nOpenSSL Security Advisory [26 Jan 2017] (bsc#1021641) Security issues\nfixed :\n\n - CVE-2016-7056: A local ECSDA P-256 timing attack that\n might have allowed key recovery was fixed (bsc#1019334)\n\n - CVE-2016-8610: A remote denial of service in SSL alert\n handling was fixed (bsc#1005878)\n\n - CVE-2016-2108: Added a missing commit for CVE-2016-2108,\n fixing the negative zero handling in the ASN.1 decoder\n (bsc#1004499)\n\n - CVE-2017-3731: Truncated packet could crash via OOB read\n (bsc#1022085, CVE-2017-3731)\n\n - Degrade the 3DES cipher to MEDIUM in SSLv2 (bsc#1001912)\n Bugs fixed :\n\n - fix crash in openssl speed (bsc#1000677)\n\n - fix ca-bundle path (bsc#1022271)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000677\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1001912\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1004499\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005878\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019334\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021641\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022085\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022271\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2108/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7056/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8610/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3731/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170461-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bd3f3072\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t\npatch SUSE-SLE-SDK-12-SP1-2017-236=1\n\nSUSE Linux Enterprise Server 12-SP1:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2017-236=1\n\nSUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP1-2017-236=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libopenssl1_0_0-1.0.1i-54.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libopenssl1_0_0-debuginfo-1.0.1i-54.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libopenssl1_0_0-hmac-1.0.1i-54.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"openssl-1.0.1i-54.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"openssl-debuginfo-1.0.1i-54.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"openssl-debugsource-1.0.1i-54.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libopenssl1_0_0-32bit-1.0.1i-54.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1i-54.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.1i-54.5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-1.0.1i-54.5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.1i-54.5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-1.0.1i-54.5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1i-54.5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"openssl-1.0.1i-54.5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"openssl-debuginfo-1.0.1i-54.5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"openssl-debugsource-1.0.1i-54.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T16:15:05", "description": "This update for openssl fixes the following issues contained in the OpenSSL Security Advisory [26 Jan 2017] (bsc#1021641)\n\nSecurity issues fixed :\n\n - CVE-2016-7056: A local ECSDA P-256 timing attack that might have allowed key recovery was fixed (bsc#1019334)\n\n - CVE-2016-8610: A remote denial of service in SSL alert handling was fixed (bsc#1005878)\n\n - CVE-2016-2108: Added a missing commit for CVE-2016-2108, fixing the negative zero handling in the ASN.1 decoder (bsc#1004499)\n\n - CVE-2017-3731: Truncated packet could crash via OOB read (bsc#1022085, CVE-2017-3731)\n\n - Degrade the 3DES cipher to MEDIUM in SSLv2 (bsc#1001912)\n\nBugs fixed :\n\n - fix crash in openssl speed (bsc#1000677)\n\n - fix ca-bundle path (bsc#1022271)\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update project.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-02-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : openssl (openSUSE-2017-255)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2108", "CVE-2016-7056", "CVE-2016-8610", "CVE-2017-3731"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libopenssl-devel", "p-cpe:/a:novell:opensuse:libopenssl-devel-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac-32bit", "p-cpe:/a:novell:opensuse:openssl", "p-cpe:/a:novell:opensuse:openssl-debuginfo", "p-cpe:/a:novell:opensuse:openssl-debugsource", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2017-255.NASL", "href": "https://www.tenable.com/plugins/nessus/97275", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-255.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97275);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-2108\", \"CVE-2016-7056\", \"CVE-2016-8610\", \"CVE-2017-3731\");\n\n script_name(english:\"openSUSE Security Update : openssl (openSUSE-2017-255)\");\n script_summary(english:\"Check for the openSUSE-2017-255 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openssl fixes the following issues contained in the\nOpenSSL Security Advisory [26 Jan 2017] (bsc#1021641)\n\nSecurity issues fixed :\n\n - CVE-2016-7056: A local ECSDA P-256 timing attack that\n might have allowed key recovery was fixed (bsc#1019334)\n\n - CVE-2016-8610: A remote denial of service in SSL alert\n handling was fixed (bsc#1005878)\n\n - CVE-2016-2108: Added a missing commit for CVE-2016-2108,\n fixing the negative zero handling in the ASN.1 decoder\n (bsc#1004499)\n\n - CVE-2017-3731: Truncated packet could crash via OOB read\n (bsc#1022085, CVE-2017-3731)\n\n - Degrade the 3DES cipher to MEDIUM in SSLv2 (bsc#1001912)\n\nBugs fixed :\n\n - fix crash in openssl speed (bsc#1000677)\n\n - fix ca-bundle path (bsc#1022271)\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000677\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1001912\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1004499\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005878\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1019334\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1021641\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1022085\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1022271\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libopenssl-devel-1.0.1i-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libopenssl1_0_0-1.0.1i-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libopenssl1_0_0-debuginfo-1.0.1i-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libopenssl1_0_0-hmac-1.0.1i-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"openssl-1.0.1i-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"openssl-debuginfo-1.0.1i-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"openssl-debugsource-1.0.1i-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libopenssl-devel-32bit-1.0.1i-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.1i-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1i-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.1i-21.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenssl-devel / libopenssl-devel-32bit / libopenssl1_0_0 / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T16:11:05", "description": "This update for openssl fixes the following issues: Security issues fixed :\n\n - CVE-2016-7056: ECSDA P-256 timing attack key recovery (bsc#1019334)\n\n - CVE-2017-3731: Truncated packet could crash via OOB read (bsc#1022085)\n\n - CVE-2016-8610: remote denial of service in SSL alert handling (bsc#1005878)\n\n - CVE-2017-3735: Malformed X.509 IPAdressFamily could cause OOB read (bsc#1056058) Bug fixes :\n\n - support alternate root ca chains (bsc#1032261)\n\n - X509_get_default_cert_file() returns an incorrect path (bsc#1022271)\n\n - Segmentation fault in 'openssl speed' when engine library file cannot be found (bsc#1000677)\n\n - adjust DEFAULT_SUSE to meet 1.0.2 and current state (bsc#1027908)\n\n - Missing important ciphers in openssl 1.0.1i-47.1 on SLES12 SP1 (bsc#990592)\n\n - out of bounds read+crash in DES_fcrypt (bsc#1065363)\n\n - tracker bug for January 26th 2017 release (bsc#1021641)\n\n - patch for CVE-2016-2108 fails negative zero exploit (bsc#1001502)\n\n - Birthday attacks on 64-bit block ciphers aka triple-des (SWEET32) (bsc#1001912)\n\n - Include additional patch for CVE-2016-2108 (bsc#1004499)\n\n - openssl DEFAULT_SUSE cipher list is missing ECDHE-ECDSA ciphers (bsc#1055825)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-01-17T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : openssl (SUSE-SU-2018:0112-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2108", "CVE-2016-7056", "CVE-2016-8610", "CVE-2017-3731", "CVE-2017-3735"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libopenssl1_0_0", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac", "p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:openssl-debuginfo", "p-cpe:/a:novell:suse_linux:openssl-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-0112-1.NASL", "href": "https://www.tenable.com/plugins/nessus/106093", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0112-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106093);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2016-2108\", \"CVE-2016-7056\", \"CVE-2016-8610\", \"CVE-2017-3731\", \"CVE-2017-3735\");\n\n script_name(english:\"SUSE SLES12 Security Update : openssl (SUSE-SU-2018:0112-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for openssl fixes the following issues: Security issues\nfixed :\n\n - CVE-2016-7056: ECSDA P-256 timing attack key recovery\n (bsc#1019334)\n\n - CVE-2017-3731: Truncated packet could crash via OOB read\n (bsc#1022085)\n\n - CVE-2016-8610: remote denial of service in SSL alert\n handling (bsc#1005878)\n\n - CVE-2017-3735: Malformed X.509 IPAdressFamily could\n cause OOB read (bsc#1056058) Bug fixes :\n\n - support alternate root ca chains (bsc#1032261)\n\n - X509_get_default_cert_file() returns an incorrect path\n (bsc#1022271)\n\n - Segmentation fault in 'openssl speed' when engine\n library file cannot be found (bsc#1000677)\n\n - adjust DEFAULT_SUSE to meet 1.0.2 and current state\n (bsc#1027908)\n\n - Missing important ciphers in openssl 1.0.1i-47.1 on\n SLES12 SP1 (bsc#990592)\n\n - out of bounds read+crash in DES_fcrypt (bsc#1065363)\n\n - tracker bug for January 26th 2017 release (bsc#1021641)\n\n - patch for CVE-2016-2108 fails negative zero exploit\n (bsc#1001502)\n\n - Birthday attacks on 64-bit block ciphers aka triple-des\n (SWEET32) (bsc#1001912)\n\n - Include additional patch for CVE-2016-2108 (bsc#1004499)\n\n - openssl DEFAULT_SUSE cipher list is missing ECDHE-ECDSA\n ciphers (bsc#1055825)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000677\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1001502\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1001912\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1004499\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005878\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019334\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021641\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022085\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022271\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1032261\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056058\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065363\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=990592\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2108/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7056/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8610/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3731/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3735/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180112-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7222548f\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2018-79=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-1.0.1i-27.28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-32bit-1.0.1i-27.28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-debuginfo-1.0.1i-27.28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1i-27.28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-hmac-1.0.1i-27.28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.1i-27.28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssl-1.0.1i-27.28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssl-debuginfo-1.0.1i-27.28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssl-debugsource-1.0.1i-27.28.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T16:21:44", "description": "The version of Oracle Access Manager installed on the remote host is 10.1.4.3.x prior to 10.1.4.3.13 or 11.1.2.3.x prior to 11.1.2.3.180116. It is, therefore, affected by multiple vulnerabilities as noted in the October 2018 Critical Patch Update advisory:\n\n - A Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin (OpenSSL)). The affected version is 10.1.4.3.0. This is a difficult to exploit vulnerability that allows unauthenticated attacker with network access via HTTPS to compromise Oracle Access Manager. A successful attack of this vulnerability may result in unauthorized access to critical data or complete access to all Oracle Access Manager accessible data. (CVE-2017-3732)\n\n - A vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). The affected version is 11.1.2.3.0. This is a difficult to exploit vulnerability that allows an unauthenticated attacker with network access via HTTPS to compromise Oracle Access Manager. A successful attack of this vulnerability may result in unauthorized access to critical data or complete access to all Oracle Access Manager accessible data. (CVE-2017-10262)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-04-15T00:00:00", "type": "nessus", "title": "Oracle Access Manager Multiple Vulnerabilities (Jan 2018 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2177", "CVE-2016-2178", "CVE-2016-2180", "CVE-2016-2181", "CVE-2016-2182", "CVE-2016-2183", "CVE-2016-6302", "CVE-2016-6303", "CVE-2016-6304", "CVE-2016-6306", "CVE-2016-7052", "CVE-2016-7055", "CVE-2017-10262", "CVE-2017-3731", "CVE-2017-3732"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:oracle:fusion_middleware"], "id": "ORACLE_ACCESS_MANAGER_CPU_JAN_2018.NASL", "href": "https://www.tenable.com/plugins/nessus/124059", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124059);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2016-2177\",\n \"CVE-2016-2178\",\n \"CVE-2016-2180\",\n \"CVE-2016-2181\",\n \"CVE-2016-2182\",\n \"CVE-2016-2183\",\n \"CVE-2016-6302\",\n \"CVE-2016-6303\",\n \"CVE-2016-6304\",\n \"CVE-2016-6306\",\n \"CVE-2016-7052\",\n \"CVE-2016-7055\",\n \"CVE-2017-3731\",\n \"CVE-2017-3732\",\n \"CVE-2017-10262\"\n );\n script_bugtraq_id(\n 91081,\n 91319,\n 92117,\n 92557,\n 92628,\n 92630,\n 92982,\n 92984,\n 93150,\n 93153,\n 93171,\n 94242,\n 95813,\n 95814,\n 102562\n );\n\n script_name(english:\"Oracle Access Manager Multiple Vulnerabilities (Jan 2018 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle Access Manager installed on the remote\nhost is 10.1.4.3.x prior to 10.1.4.3.13 or 11.1.2.3.x prior\nto 11.1.2.3.180116. It is, therefore, affected by multiple\nvulnerabilities as noted in the October 2018 Critical \nPatch Update advisory:\n\n - A Vulnerability in the Oracle Access Manager component\n of Oracle Fusion Middleware (subcomponent: Web Server\n Plugin (OpenSSL)). The affected version is 10.1.4.3.0. \n This is a difficult to exploit vulnerability that allows\n unauthenticated attacker with network access via HTTPS\n to compromise Oracle Access Manager. A successful attack\n of this vulnerability may result in unauthorized access\n to critical data or complete access to all Oracle Access\n Manager accessible data. (CVE-2017-3732)\n\n - A vulnerability in the Oracle Access Manager component\n of Oracle Fusion Middleware (subcomponent: Web Server\n Plugin). The affected version is 11.1.2.3.0. This is a\n difficult to exploit vulnerability that allows an\n unauthenticated attacker with network access via HTTPS\n to compromise Oracle Access Manager. A successful \n attack of this vulnerability may result in unauthorized\n access to critical data or complete access to all Oracle\n Access Manager accessible data. (CVE-2017-10262)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ae82f1b1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patches according to the January 2018 Oracle\nCritical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-6303\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:fusion_middleware\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_access_manager_installed.nbin\");\n script_require_keys(\"Oracle/OAM/Installed\", \"installed_sw/Oracle Access Manager\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nappname = 'Oracle Access Manager';\n\napp_info = vcf::get_app_info(app:appname);\n\nconstraints = [\n {'min_version': '10.1.4.3.0', 'fixed_version': '10.1.4.3.13'},\n {'min_version': '11.1.2.3.0', 'fixed_version': '11.1.2.3.180116'}\n];\n\nvcf::check_version_and_report(app_info: app_info, constraints: constraints, severity: SECURITY_HOLE);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T16:22:31", "description": "The version of Palo Alto Networks PAN-OS running on the remote host is 6.1.x prior to 6.1.17, 7.0.x prior to 7.0.15, 7.1.x prior to 7.1.10, or 8.0.x prior to 8.0.2. It is, therefore, affected by multiple vulnerabilities :\n\n - A flaw exists in the GNU wget component when handling server redirects to FTP resources due to the destination file name being obtained from the redirected URL and not the original URL. An unauthenticated, remote attacker can exploit this, via a specially crafted response, to cause a different file name to be used than intended, resulting in writing to arbitrary files. (CVE-2016-4971)\n\n - A flaw exists in the Linux kernel due to improper determination of the rate of challenge ACK segments. An unauthenticated, remote attacker can exploit this to gain access to the shared counter, which makes it easier to hijack TCP sessions using a blind in-window attack.\n This issue only affects version 7.1.x. (CVE-2016-5696)\n\n - An out-of-bounds read error exists when handling packets using the CHACHA20/POLY1305 or RC4-MD5 ciphers. An unauthenticated, remote attacker can exploit this, via specially crafted truncated packets, to cause a denial of service condition. This issue does not affect version 6.1.x. (CVE-2017-3731)\n\n - A cross-site scripting (XSS) vulnerability exists in GlobalProtect due to improper validation of user-supplied input to unspecified request parameters before returning it to users. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. This issue only affects version 7.0.x.\n (CVE-2017-7409)\n\n - A flaw exists in the web-based management interface due to improper permission checks that allows an authenticated, remote attacker to disclose sensitive information. This issue only affects versions 6.1.x, 7.0.x, and 8.0.x. (CVE-2017-7644)\n\n - An information disclosure vulnerability exists in the GlobalProtect external interface due to returning different error messages when handling login attempts with valid or invalid usernames. An unauthenticated, remote attacker can exploit this to enumerate valid user accounts. This issue only affects versions 6.1.x, 7.0.x, and 8.0.x. (CVE-2017-7945)\n\n - A denial of service vulnerability exists in the firewall when handling stale responses to authentication requests prior to selecting CHAP or PAP as the protocol. An unauthenticated, remote attacker can exploit this to cause the authentication process (authd) to stop responding. This issue only affects versions 7.0.x and 7.1.x.\n\n - An information disclosure vulnerability exists when viewing changes in the configuration log due to the 'Auth Password' and 'Priv Password' for the SNMPv3 server profile not being properly masked. A local attacker can exploit this to disclose password information. This issue only affects versions 7.1.x and 8.0.x.\n\n - A denial of service vulnerability exists due to a flaw when handling HA3 messages. An unauthenticated, remote attacker can exploit this to cause several processes to stop. This issue only affects version 7.1.x.", "cvss3": {"score": 4.8, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"}, "published": "2017-05-25T00:00:00", "type": "nessus", "title": "Palo Alto Networks PAN-OS 6.1.x < 6.1.17 / 7.0.x < 7.0.15 / 7.1.x < 7.1.10 / 8.0.x < 8.0.2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4971", "CVE-2016-5696", "CVE-2017-3731", "CVE-2017-7409", "CVE-2017-7644", "CVE-2017-7945"], "modified": "2019-01-02T00:00:00", "cpe": ["cpe:/o:paloaltonetworks:pan-os"], "id": "PALO_ALTO_PAN-OS_7_0_15.NASL", "href": "https://www.tenable.com/plugins/nessus/100419", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100419);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/01/02 11:18:37\");\n\n script_cve_id(\n \"CVE-2016-4971\",\n \"CVE-2016-5696\",\n \"CVE-2017-3731\",\n \"CVE-2017-7409\",\n \"CVE-2017-7644\",\n \"CVE-2017-7945\"\n );\n script_bugtraq_id(\n 91530,\n 91704,\n 95813,\n 98404,\n 97953,\n 98396\n );\n script_xref(name:\"EDB-ID\", value:\"40064\");\n\n script_name(english:\"Palo Alto Networks PAN-OS 6.1.x < 6.1.17 / 7.0.x < 7.0.15 / 7.1.x < 7.1.10 / 8.0.x < 8.0.2 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the PAN-OS version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\",value:\n\"The version of Palo Alto Networks PAN-OS running on the remote host is\n6.1.x prior to 6.1.17, 7.0.x prior to 7.0.15, 7.1.x prior to 7.1.10,\nor 8.0.x prior to 8.0.2. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A flaw exists in the GNU wget component when handling\n server redirects to FTP resources due to the destination\n file name being obtained from the redirected URL and not\n the original URL. An unauthenticated, remote attacker\n can exploit this, via a specially crafted response, to\n cause a different file name to be used than intended,\n resulting in writing to arbitrary files. (CVE-2016-4971)\n\n - A flaw exists in the Linux kernel due to improper\n determination of the rate of challenge ACK segments. An\n unauthenticated, remote attacker can exploit this to\n gain access to the shared counter, which makes it easier\n to hijack TCP sessions using a blind in-window attack.\n This issue only affects version 7.1.x. (CVE-2016-5696)\n\n - An out-of-bounds read error exists when handling packets\n using the CHACHA20/POLY1305 or RC4-MD5 ciphers. An\n unauthenticated, remote attacker can exploit this, via\n specially crafted truncated packets, to cause a denial\n of service condition. This issue does not affect version\n 6.1.x. (CVE-2017-3731)\n\n - A cross-site scripting (XSS) vulnerability exists in\n GlobalProtect due to improper validation of\n user-supplied input to unspecified request parameters\n before returning it to users. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n request, to execute arbitrary script code in a user's\n browser session. This issue only affects version 7.0.x.\n (CVE-2017-7409)\n\n - A flaw exists in the web-based management interface due\n to improper permission checks that allows an\n authenticated, remote attacker to disclose sensitive\n information. This issue only affects versions 6.1.x,\n 7.0.x, and 8.0.x. (CVE-2017-7644)\n\n - An information disclosure vulnerability exists in the\n GlobalProtect external interface due to returning\n different error messages when handling login attempts\n with valid or invalid usernames. An unauthenticated,\n remote attacker can exploit this to enumerate valid\n user accounts. This issue only affects versions 6.1.x,\n 7.0.x, and 8.0.x. (CVE-2017-7945)\n\n - A denial of service vulnerability exists in the firewall\n when handling stale responses to authentication requests\n prior to selecting CHAP or PAP as the protocol. An\n unauthenticated, remote attacker can exploit this to\n cause the authentication process (authd) to stop\n responding. This issue only affects versions 7.0.x and\n 7.1.x.\n\n - An information disclosure vulnerability exists when\n viewing changes in the configuration log due to the\n 'Auth Password' and 'Priv Password' for the SNMPv3\n server profile not being properly masked. A local\n attacker can exploit this to disclose password\n information. This issue only affects versions 7.1.x and\n 8.0.x.\n\n - A denial of service vulnerability exists due to a flaw\n when handling HA3 messages. An unauthenticated, remote\n attacker can exploit this to cause several processes to\n stop. This issue only affects version 7.1.x.\n\");\n # https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os-release-notes/pan-os-8-0-2-addressed-issues\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0d96265b\");\n # https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os-release-notes/pan-os-8-0-1-addressed-issues\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1f083775\");\n # https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os-release-notes/pan-os-8-0-0-addressed-issues\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?aacbe40b\");\n # https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os-release-notes/pan-os-7-1-10-addressed-issues\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?49c666f2\");\n # https://www.paloaltonetworks.com/documentation/70/pan-os/pan-os-release-notes/pan-os-7-0-15-addressed-issues\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fe505ba3\");\n # https://www.paloaltonetworks.com/documentation/61/pan-os/pan-os-release-notes/pan-os-6-1-17-addressed-issues\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9254ef1a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Palo Alto Networks PAN-OS version 6.1.17 / 7.0.15 /\n7.1.10 / 8.0.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:paloaltonetworks:pan-os\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Palo Alto Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"palo_alto_version.nbin\");\n script_require_keys(\"Host/Palo_Alto/Firewall/Version\", \"Host/Palo_Alto/Firewall/Full_Version\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\n\napp_name = \"Palo Alto Networks PAN-OS\";\n\napp_info = vcf::get_app_info(app:app_name, kb_ver:\"Host/Palo_Alto/Firewall/Full_Version\", webapp:true);\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nconstraints = [\n {\"min_version\" : \"8.0.0\", \"max_version\" : \"8.0.1\", \"fixed_version\" : \"8.0.2\" },\n {\"min_version\" : \"7.1.0\", \"max_version\" : \"7.1.9\", \"fixed_version\" : \"7.1.10\" },\n {\"min_version\" : \"7.0.0\", \"max_version\" : \"7.0.14\", \"fixed_version\" : \"7.0.15\" },\n {\"min_version\" : \"6.1.0\", \"max_version\" : \"6.1.16\", \"fixed_version\" : \"6.1.17\" }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING, flags:{xss:true});\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2022-06-16T16:35:36", "description": "This update for openssl fixes the following issues :\n\n - OpenSSL Security Advisory [07 Dec 2017]\n\n - CVE-2017-3737: OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an \\'error state\\' mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected. (bsc#1071905)\n\n - CVE-2017-3738: There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely.\n Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. (bsc#1071906)\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update project.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}, "published": "2017-12-18T00:00:00", "type": "nessus", "title": "openSUSE Security Update : openssl (openSUSE-2017-1381)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3193", "CVE-2016-0701", "CVE-2017-3732", "CVE-2017-3736", "CVE-2017-3737", "CVE-2017-3738"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libopenssl-devel", "p-cpe:/a:novell:opensuse:libopenssl-devel-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac-32bit", "p-cpe:/a:novell:opensuse:openssl", "p-cpe:/a:novell:opensuse:openssl-cavs", "p-cpe:/a:novell:opensuse:openssl-cavs-debuginfo", "p-cpe:/a:novell:opensuse:openssl-debuginfo", "p-cpe:/a:novell:opensuse:openssl-debugsource", "cpe:/o:novell:opensuse:42.2", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2017-1381.NASL", "href": "https://www.tenable.com/plugins/nessus/105341", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-1381.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105341);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-3193\", \"CVE-2016-0701\", \"CVE-2017-3732\", \"CVE-2017-3736\", \"CVE-2017-3737\", \"CVE-2017-3738\");\n\n script_name(english:\"openSUSE Security Update : openssl (openSUSE-2017-1381)\");\n script_summary(english:\"Check for the openSUSE-2017-1381 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openssl fixes the following issues :\n\n - OpenSSL Security Advisory [07 Dec 2017]\n\n - CVE-2017-3737: OpenSSL 1.0.2 (starting from version\n 1.0.2b) introduced an \\'error state\\' mechanism. The\n intent was that if a fatal error occurred during a\n handshake then OpenSSL would move into the error state\n and would immediately fail if you attempted to continue\n the handshake. This works as designed for the explicit\n handshake functions (SSL_do_handshake(), SSL_accept()\n and SSL_connect()), however due to a bug it does not\n work correctly if SSL_read() or SSL_write() is called\n directly. In that scenario, if the handshake fails then\n a fatal error will be returned in the initial function\n call. If SSL_read()/SSL_write() is subsequently called\n by the application for the same SSL object then it will\n succeed and the data is passed without being\n decrypted/encrypted directly from the SSL/TLS record\n layer. In order to exploit this issue an application bug\n would have to be present that resulted in a call to\n SSL_read()/SSL_write() being issued after having already\n received a fatal error. OpenSSL version 1.0.2b-1.0.2m\n are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is\n not affected. (bsc#1071905)\n\n - CVE-2017-3738: There is an overflow bug in the AVX2\n Montgomery multiplication procedure used in\n exponentiation with 1024-bit moduli. No EC algorithms\n are affected. Analysis suggests that attacks against RSA\n and DSA as a result of this defect would be very\n difficult to perform and are not believed likely.\n Attacks against DH1024 are considered just feasible,\n because most of the work necessary to deduce information\n about a private key may be performed offline. The amount\n of resources required for such an attack would be\n significant. However, for an attack on TLS to be\n meaningful, the server would have to share the DH1024\n private key among multiple clients, which is no longer\n an option since CVE-2016-0701. This only affects\n processors that support the AVX2 but not ADX extensions\n like Intel Haswell (4th generation). Note: The impact\n from this issue is similar to CVE-2017-3736,\n CVE-2017-3732 and CVE-2015-3193. (bsc#1071906)\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1071905\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1071906\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-cavs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-cavs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libopenssl-devel-1.0.2j-6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libopenssl1_0_0-1.0.2j-6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libopenssl1_0_0-debuginfo-1.0.2j-6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libopenssl1_0_0-hmac-1.0.2j-6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"openssl-1.0.2j-6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"openssl-cavs-1.0.2j-6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"openssl-cavs-debuginfo-1.0.2j-6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"openssl-debuginfo-1.0.2j-6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"openssl-debugsource-1.0.2j-6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libopenssl-devel-32bit-1.0.2j-6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.2j-6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.2j-6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.2j-6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libopenssl-devel-1.0.2j-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libopenssl1_0_0-1.0.2j-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libopenssl1_0_0-debuginfo-1.0.2j-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libopenssl1_0_0-hmac-1.0.2j-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"openssl-1.0.2j-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"openssl-cavs-1.0.2j-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"openssl-cavs-debuginfo-1.0.2j-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"openssl-debuginfo-1.0.2j-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"openssl-debugsource-1.0.2j-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libopenssl-devel-32bit-1.0.2j-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.2j-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.2j-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.2j-16.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenssl-devel / libopenssl-devel-32bit / libopenssl1_0_0 / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-04-21T16:24:28", "description": "There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant.\nHowever, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701 . This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736 , CVE-2017-3732 and CVE-2015-3193 . OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n.\nDue to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository.(CVE-2017-3738)\n\nOpenSSL 1.0.2 (starting from version 1.0.2b) introduced an 'error state' mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected.(CVE-2017-3737)\n\nThere is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline.\nThe amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.(CVE-2017-3736)", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}, "published": "2018-05-11T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : openssl (ALAS-2018-1016)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3193", "CVE-2016-0701", "CVE-2017-3732", "CVE-2017-3736", "CVE-2017-3737", "CVE-2017-3738"], "modified": "2019-07-10T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:openssl", "p-cpe:/a:amazon:linux:openssl-debuginfo", "p-cpe:/a:amazon:linux:openssl-devel", "p-cpe:/a:amazon:linux:openssl-perl", "p-cpe:/a:amazon:linux:openssl-static", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2018-1016.NASL", "href": "https://www.tenable.com/plugins/nessus/109698", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2018-1016.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109698);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/07/10 16:04:12\");\n\n script_cve_id(\"CVE-2017-3736\", \"CVE-2017-3737\", \"CVE-2017-3738\");\n script_xref(name:\"ALAS\", value:\"2018-1016\");\n\n script_name(english:\"Amazon Linux AMI : openssl (ALAS-2018-1016)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"There is an overflow bug in the AVX2 Montgomery multiplication\nprocedure used in exponentiation with 1024-bit moduli. No EC\nalgorithms are affected. Analysis suggests that attacks against RSA\nand DSA as a result of this defect would be very difficult to perform\nand are not believed likely. Attacks against DH1024 are considered\njust feasible, because most of the work necessary to deduce\ninformation about a private key may be performed offline. The amount\nof resources required for such an attack would be significant.\nHowever, for an attack on TLS to be meaningful, the server would have\nto share the DH1024 private key among multiple clients, which is no\nlonger an option since CVE-2016-0701 . This only affects processors\nthat support the AVX2 but not ADX extensions like Intel Haswell (4th\ngeneration). Note: The impact from this issue is similar to\nCVE-2017-3736 , CVE-2017-3732 and CVE-2015-3193 . OpenSSL version\n1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n.\nDue to the low severity of this issue we are not issuing a new release\nof OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL\n1.1.0h when it becomes available. The fix is also available in commit\ne502cc86d in the OpenSSL git repository.(CVE-2017-3738)\n\nOpenSSL 1.0.2 (starting from version 1.0.2b) introduced an 'error\nstate' mechanism. The intent was that if a fatal error occurred during\na handshake then OpenSSL would move into the error state and would\nimmediately fail if you attempted to continue the handshake. This\nworks as designed for the explicit handshake functions\n(SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a\nbug it does not work correctly if SSL_read() or SSL_write() is called\ndirectly. In that scenario, if the handshake fails then a fatal error\nwill be returned in the initial function call. If\nSSL_read()/SSL_write() is subsequently called by the application for\nthe same SSL object then it will succeed and the data is passed\nwithout being decrypted/encrypted directly from the SSL/TLS record\nlayer. In order to exploit this issue an application bug would have to\nbe present that resulted in a call to SSL_read()/SSL_write() being\nissued after having already received a fatal error. OpenSSL version\n1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is\nnot affected.(CVE-2017-3737)\n\nThere is a carry propagating bug in the x86_64 Montgomery squaring\nprocedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC\nalgorithms are affected. Analysis suggests that attacks against RSA\nand DSA as a result of this defect would be very difficult to perform\nand are not believed likely. Attacks against DH are considered just\nfeasible (although very difficult) because most of the work necessary\nto deduce information about a private key may be performed offline.\nThe amount of resources required for such an attack would be very\nsignificant and likely only accessible to a limited number of\nattackers. An attacker would additionally need online access to an\nunpatched system using the target private key in a scenario with\npersistent DH parameters and a private key that is shared between\nmultiple clients. This only affects processors that support the BMI1,\nBMI2 and ADX extensions like Intel Broadwell (5th generation) and\nlater or AMD Ryzen.(CVE-2017-3736)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2018-1016.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update openssl' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"openssl-1.0.2k-12.109.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-debuginfo-1.0.2k-12.109.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-devel-1.0.2k-12.109.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-perl-1.0.2k-12.109.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-static-1.0.2k-12.109.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-06-16T16:35:35", "description": "This update for openssl fixes the following issues :\n\n - OpenSSL Security Advisory [07 Dec 2017]\n\n - CVE-2017-3737: OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an \\'error state\\' mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected. (bsc#1071905)\n\n - CVE-2017-3738: There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely.\n Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. (bsc#1071906)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}, "published": "2017-12-18T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2017:3343-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3193", "CVE-2016-0701", "CVE-2017-3732", "CVE-2017-3736", "CVE-2017-3737", "CVE-2017-3738"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libopenssl-devel", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac", "p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:openssl-debuginfo", "p-cpe:/a:novell:suse_linux:openssl-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-3343-1.NASL", "href": "https://www.tenable.com/plugins/nessus/105353", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:3343-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105353);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-3193\", \"CVE-2016-0701\", \"CVE-2017-3732\", \"CVE-2017-3736\", \"CVE-2017-3737\", \"CVE-2017-3738\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2017:3343-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openssl fixes the following issues :\n\n - OpenSSL Security Advisory [07 Dec 2017]\n\n - CVE-2017-3737: OpenSSL 1.0.2 (starting from version\n 1.0.2b) introduced an \\'error state\\' mechanism. The\n intent was that if a fatal error occurred during a\n handshake then OpenSSL would move into the error state\n and would immediately fail if you attempted to continue\n the handshake. This works as designed for the explicit\n handshake functions (SSL_do_handshake(), SSL_accept()\n and SSL_connect()), however due to a bug it does not\n work correctly if SSL_read() or SSL_write() is called\n directly. In that scenario, if the handshake fails then\n a fatal error will be returned in the initial function\n call. If SSL_read()/SSL_write() is subsequently called\n by the application for the same SSL object then it will\n succeed and the data is passed without being\n decrypted/encrypted directly from the SSL/TLS record\n layer. In order to exploit this issue an application bug\n would have to be present that resulted in a call to\n SSL_read()/SSL_write() being issued after having already\n received a fatal error. OpenSSL version 1.0.2b-1.0.2m\n are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is\n not affected. (bsc#1071905)\n\n - CVE-2017-3738: There is an overflow bug in the AVX2\n Montgomery multiplication procedure used in\n exponentiation with 1024-bit moduli. No EC algorithms\n are affected. Analysis suggests that attacks against RSA\n and DSA as a result of this defect would be very\n difficult to perform and are not believed likely.\n Attacks against DH1024 are considered just feasible,\n because most of the work necessary to deduce information\n about a private key may be performed offline. The amount\n of resources required for such an attack would be\n significant. However, for an attack on TLS to be\n meaningful, the server would have to share the DH1024\n private key among multiple clients, which is no longer\n an option since CVE-2016-0701. This only affects\n processors that support the AVX2 but not ADX extensions\n like Intel Haswell (4th generation). Note: The impact\n from this issue is similar to CVE-2017-3736,\n CVE-2017-3732 and CVE-2015-3193. (bsc#1071906)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1071905\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1071906\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3737/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3738/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20173343-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6ecfb0bf\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2017-2097=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-2097=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-2097=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2017-2097=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-2097=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2017-2097=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-2097=1\n\nSUSE Container as a Service Platform ALL:zypper in -t patch\nSUSE-CAASP-ALL-2017-2097=1\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-2097=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libopenssl-devel-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libopenssl1_0_0-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libopenssl1_0_0-debuginfo-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libopenssl1_0_0-hmac-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"openssl-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"openssl-debuginfo-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"openssl-debugsource-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libopenssl1_0_0-32bit-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libopenssl-devel-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libopenssl1_0_0-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libopenssl1_0_0-debuginfo-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libopenssl1_0_0-hmac-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"openssl-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"openssl-debuginfo-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"openssl-debugsource-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libopenssl1_0_0-32bit-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libopenssl-devel-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"openssl-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"openssl-debuginfo-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"openssl-debugsource-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenssl-devel-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"openssl-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"openssl-debuginfo-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"openssl-debugsource-1.0.2j-60.20.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-06-16T16:12:50", "description": "This update for openssl-steam fixes the following issues :\n\n - Merged changes from upstream openssl (Factory rev 137) into this fork for Steam.\n\nUpdated to openssl 1.0.2k :\n\n - CVE-2016-7055: Montgomery multiplication may produce incorrect results (boo#1009528)\n\n - CVE-2016-7056: ECSDA P-256 timing attack key recovery (boo#1019334)\n\n - CVE-2017-3731: Truncated packet could crash via OOB read (boo#1022085)\n\n - CVE-2017-3732: BN_mod_exp may produce incorrect results on x86_64 (boo#1022086)\n\nUpdate to openssl-1.0.2j :\n\n - CVE-2016-7052: Missing CRL sanity check (boo#1001148)\n\nOpenSSL Security Advisory [22 Sep 2016] (boo#999665)\n\n - Severity: High\n\n - CVE-2016-6304: OCSP Status Request extension unbounded memory growth (boo#999666)\n\n - Severity: Low\n\n - CVE-2016-2177: Pointer arithmetic undefined behaviour (boo#982575)\n\n - CVE-2016-2178: Constant time flag not preserved in DSA signing (boo#983249)\n\n - CVE-2016-2179: DTLS buffered message DoS (boo#994844)\n\n - CVE-2016-2180: OOB read in TS_OBJ_print_bio() (boo#990419)\n\n - CVE-2016-2181: DTLS replay protection DoS (boo#994749)\n\n - CVE-2016-2182: OOB write in BN_bn2dec() (boo#993819)\n\n - CVE-2016-2183: Birthday attack against 64-bit block ciphers (SWEET32) (boo#995359)\n\n - CVE-2016-6302: Malformed SHA512 ticket DoS (boo#995324)\n\n - CVE-2016-6303: OOB write in MDC2_Update() (boo#995377)\n\n - CVE-2016-6306: Certificate message OOB reads (boo#999668)\n\nALso fixed :\n\n - fixed a crash in print_notice (boo#998190)\n\n - fix X509_CERT_FILE path (boo#1022271) and rename\n\n - resume reading from /dev/urandom when interrupted by a signal (boo#995075)\n\n - fix problems with locking in FIPS mode (boo#992120)\n\n - duplicates: boo#991877, boo#991193, boo#990392, boo#990428 and boo#990207\n\n - drop openssl-fips_RSA_compute_d_with_lcm.patch (upstream) (boo#984323)\n\n - don't check for /etc/system-fips (boo#982268)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-02-16T00:00:00", "type": "nessus", "title": "openSUSE Security Update : openssl-steam (openSUSE-2018-168)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2177", "CVE-2016-2178", "CVE-2016-2179", "CVE-2016-2180", "CVE-2016-2181", "CVE-2016-2182", "CVE-2016-2183", "CVE-2016-6302", "CVE-2016-6303", "CVE-2016-6304", "CVE-2016-6306", "CVE-2016-7052", "CVE-2016-7055", "CVE-2016-7056", "CVE-2017-3731", "CVE-2017-3732"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libopenssl1_0_0-steam", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-steam-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-steam-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-steam-debuginfo-32bit", "p-cpe:/a:novell:opensuse:openssl-steam-debugsource", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-168.NASL", "href": "https://www.tenable.com/plugins/nessus/106863", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-168.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106863);\n script_version(\"3.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-2177\", \"CVE-2016-2178\", \"CVE-2016-2179\", \"CVE-2016-2180\", \"CVE-2016-2181\", \"CVE-2016-2182\", \"CVE-2016-2183\", \"CVE-2016-6302\", \"CVE-2016-6303\", \"CVE-2016-6304\", \"CVE-2016-6306\", \"CVE-2016-7052\", \"CVE-2016-7055\", \"CVE-2016-7056\", \"CVE-2017-3731\", \"CVE-2017-3732\");\n\n script_name(english:\"openSUSE Security Update : openssl-steam (openSUSE-2018-168)\");\n script_summary(english:\"Check for the openSUSE-2018-168 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openssl-steam fixes the following issues :\n\n - Merged changes from upstream openssl (Factory rev 137)\n into this fork for Steam.\n\nUpdated to openssl 1.0.2k :\n\n - CVE-2016-7055: Montgomery multiplication may produce\n incorrect results (boo#1009528)\n\n - CVE-2016-7056: ECSDA P-256 timing attack key recovery\n (boo#1019334)\n\n - CVE-2017-3731: Truncated packet could crash via OOB read\n (boo#1022085)\n\n - CVE-2017-3732: BN_mod_exp may produce incorrect results\n on x86_64 (boo#1022086)\n\nUpdate to openssl-1.0.2j :\n\n - CVE-2016-7052: Missing CRL sanity check (boo#1001148)\n\nOpenSSL Security Advisory [22 Sep 2016] (boo#999665)\n\n - Severity: High\n\n - CVE-2016-6304: OCSP Status Request extension unbounded\n memory growth (boo#999666)\n\n - Severity: Low\n\n - CVE-2016-2177: Pointer arithmetic undefined behaviour\n (boo#982575)\n\n - CVE-2016-2178: Constant time flag not preserved in DSA\n signing (boo#983249)\n\n - CVE-2016-2179: DTLS buffered message DoS (boo#994844)\n\n - CVE-2016-2180: OOB read in TS_OBJ_print_bio()\n (boo#990419)\n\n - CVE-2016-2181: DTLS replay protection DoS (boo#994749)\n\n - CVE-2016-2182: OOB write in BN_bn2dec() (boo#993819)\n\n - CVE-2016-2183: Birthday attack against 64-bit block\n ciphers (SWEET32) (boo#995359)\n\n - CVE-2016-6302: Malformed SHA512 ticket DoS (boo#995324)\n\n - CVE-2016-6303: OOB write in MDC2_Update() (boo#995377)\n\n - CVE-2016-6306: Certificate message OOB reads\n (boo#999668)\n\nALso fixed :\n\n - fixed a crash in print_notice (boo#998190)\n\n - fix X509_CERT_FILE path (boo#1022271) and rename\n\n - resume reading from /dev/urandom when interrupted by a\n signal (boo#995075)\n\n - fix problems with locking in FIPS mode (boo#992120)\n\n - duplicates: boo#991877, boo#991193, boo#990392,\n boo#990428 and boo#990207\n\n - drop openssl-fips_RSA_compute_d_with_lcm.patch\n (upstream) (boo#984323)\n\n - don't check for /etc/system-fips (boo#982268)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1001148\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1009528\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1019334\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1022085\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1022086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1022271\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=982268\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=982575\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983249\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984323\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=990207\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=990392\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=990419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=990428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=991193\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=991877\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=992120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=993819\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=994749\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=994844\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=995075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=995324\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=995359\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=995377\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=998190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999665\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999668\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl-steam packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-steam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-steam-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-steam-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-steam-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-steam-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libopenssl1_0_0-steam-1.0.2k-4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libopenssl1_0_0-steam-debuginfo-1.0.2k-4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"openssl-steam-debugsource-1.0.2k-4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-steam-32bit-1.0.2k-4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-steam-debuginfo-32bit-1.0.2k-4.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenssl1_0_0-steam / libopenssl1_0_0-steam-32bit / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:37:27", "description": "The version of MySQL running on the remote host is 5.6.x prior to 5.6.36. It is, therefore, affected by multiple vulnerabilities :\n\n - A carry propagation error exists in the OpenSSL component in the Broadwell-specific Montgomery multiplication procedure when handling input lengths divisible by but longer than 256 bits. This can result in transient authentication and key negotiation failures or reproducible erroneous outcomes of public-key operations with specially crafted input. A man-in-the-middle attacker can possibly exploit this issue to compromise ECDH key negotiations that utilize Brainpool P-512 curves. (CVE-2016-7055)\n\n - An authentication information disclosure vulnerability, known as Riddle, exists due to authentication being performed prior to security parameter verification. A man-in-the-middle (MitM) attacker can exploit this vulnerability to disclose sensitive authentication information, which the attacker can later use for authenticating to the server. (CVE-2017-3305)\n\n - Multiple unspecified flaws exist in the DML subcomponent that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3308, CVE-2017-3456)\n\n - Multiple unspecified flaws exist in the Optimizer subcomponent that allow an authenticated, remote attacker to cause a denial of service condition.\n (CVE-2017-3309, CVE-2017-3452, CVE-2017-3453)\n\n - An unspecified flaw exists in the Thread Pooling subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition.\n (CVE-2017-3329)\n\n - An unspecified flaw exists in the Memcached subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2017-3450)\n\n - Multiple unspecified flaws exist in the 'Security: Privileges' subcomponent that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3461, CVE-2017-3462, CVE-2017-3463)\n\n - An unspecified flaw exists in the DDL subcomponent that allows an authenticated, remote attacker to update, insert, or delete data contained in the database.\n (CVE-2017-3464)\n\n - An unspecified flaw exists in the Pluggable Auth subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition.\n (CVE-2017-3599)\n\n - An unspecified flaw exists in the 'Client mysqldump' subcomponent that allows an authenticated, remote attacker to execute arbitrary code. (CVE-2017-3600)\n\n - An out-of-bounds read error exists in the OpenSSL component when handling packets using the CHACHA20/POLY1305 or RC4-MD5 ciphers. An unauthenticated, remote attacker can exploit this, via specially crafted truncated packets, to cause a denial of service condition. (CVE-2017-3731)\n\n - A carry propagating error exists in the OpenSSL component in the x86_64 Montgomery squaring implementation that may cause the BN_mod_exp() function to produce incorrect results. An unauthenticated, remote attacker with sufficient resources can exploit this to obtain sensitive information regarding private keys.\n (CVE-2017-3732)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"}, "published": "2017-04-20T00:00:00", "type": "nessus", "title": "MySQL 5.6.x < 5.6.36 Multiple Vulnerabilities (April 2017 CPU) (July 2017 CPU) (Riddle)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7055", "CVE-2017-3305", "CVE-2017-3308", "CVE-2017-3309", "CVE-2017-3329", "CVE-2017-3450", "CVE-2017-3452", "CVE-2017-3453", "CVE-2017-3456", "CVE-2017-3461", "CVE-2017-3462", "CVE-2017-3463", "CVE-2017-3464", "CVE-2017-3599", "CVE-2017-3600", "CVE-2017-3731", "CVE-2017-3732"], "modified": "2020-06-03T00:00:00", "cpe": ["cpe:/a:oracle:mysql", "p-cpe:/a:amazon:linux:mysql", "p-cpe:/a:centos:centos:mysql", "p-cpe:/a:fedoraproject:fedora:mysql", "p-cpe:/a:fermilab:scientific_linux:mysql", "p-cpe:/a:novell:opensuse:mysql", "p-cpe:/a:novell:suse_linux:mysql", "p-cpe:/a:oracle:linux:mysql", "p-cpe:/a:redhat:enterprise_linux:mysql"], "id": "MYSQL_5_6_36_RPM.NASL", "href": "https://www.tenable.com/plugins/nessus/99512", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99512);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/03\");\n\n script_cve_id(\n \"CVE-2016-7055\",\n \"CVE-2017-3305\",\n \"CVE-2017-3308\",\n \"CVE-2017-3309\",\n \"CVE-2017-3329\",\n \"CVE-2017-3450\",\n \"CVE-2017-3452\",\n \"CVE-2017-3453\",\n \"CVE-2017-3456\",\n \"CVE-2017-3461\",\n \"CVE-2017-3462\",\n \"CVE-2017-3463\",\n \"CVE-2017-3464\",\n \"CVE-2017-3599\",\n \"CVE-2017-3600\",\n \"CVE-2017-3731\",\n \"CVE-2017-3732\"\n );\n script_bugtraq_id(\n 94242,\n 95813,\n 95814,\n 97023,\n 97725,\n 97742,\n 97747,\n 97754,\n 97763,\n 97765,\n 97776,\n 97779,\n 97812,\n 97818,\n 97831,\n 97849,\n 97851\n );\n\n script_name(english:\"MySQL 5.6.x < 5.6.36 Multiple Vulnerabilities (April 2017 CPU) (July 2017 CPU) (Riddle)\");\n script_summary(english:\"Checks the version of MySQL server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL running on the remote host is 5.6.x prior to\n5.6.36. It is, therefore, affected by multiple vulnerabilities :\n\n - A carry propagation error exists in the OpenSSL\n component in the Broadwell-specific Montgomery\n multiplication procedure when handling input lengths\n divisible by but longer than 256 bits. This can result\n in transient authentication and key negotiation failures\n or reproducible erroneous outcomes of public-key\n operations with specially crafted input. A\n man-in-the-middle attacker can possibly exploit this\n issue to compromise ECDH key negotiations that utilize\n Brainpool P-512 curves. (CVE-2016-7055)\n\n - An authentication information disclosure vulnerability,\n known as Riddle, exists due to authentication being\n performed prior to security parameter verification. A\n man-in-the-middle (MitM) attacker can exploit this\n vulnerability to disclose sensitive authentication\n information, which the attacker can later use for\n authenticating to the server. (CVE-2017-3305)\n\n - Multiple unspecified flaws exist in the DML subcomponent\n that allow an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2017-3308,\n CVE-2017-3456)\n\n - Multiple unspecified flaws exist in the Optimizer\n subcomponent that allow an authenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2017-3309, CVE-2017-3452, CVE-2017-3453)\n\n - An unspecified flaw exists in the Thread Pooling\n subcomponent that allows an unauthenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2017-3329)\n\n - An unspecified flaw exists in the Memcached subcomponent\n that allows an unauthenticated, remote attacker to cause\n a denial of service condition. (CVE-2017-3450)\n\n - Multiple unspecified flaws exist in the\n 'Security: Privileges' subcomponent that allow an\n authenticated, remote attacker to cause a denial of\n service condition. (CVE-2017-3461, CVE-2017-3462,\n CVE-2017-3463)\n\n - An unspecified flaw exists in the DDL subcomponent that\n allows an authenticated, remote attacker to update,\n insert, or delete data contained in the database.\n (CVE-2017-3464)\n\n - An unspecified flaw exists in the Pluggable Auth\n subcomponent that allows an unauthenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2017-3599)\n\n - An unspecified flaw exists in the 'Client mysqldump'\n subcomponent that allows an authenticated, remote\n attacker to execute arbitrary code. (CVE-2017-3600)\n\n - An out-of-bounds read error exists in the OpenSSL\n component when handling packets using the\n CHACHA20/POLY1305 or RC4-MD5 ciphers. An\n unauthenticated, remote attacker can exploit this, via\n specially crafted truncated packets, to cause a denial\n of service condition. (CVE-2017-3731)\n\n - A carry propagating error exists in the OpenSSL\n component in the x86_64 Montgomery squaring\n implementation that may cause the BN_mod_exp() function\n to produce incorrect results. An unauthenticated, remote\n attacker with sufficient resources can exploit this to\n obtain sensitive information regarding private keys.\n (CVE-2017-3732)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # https://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixMSQL\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d679be85\");\n # https://support.oracle.com/rs?type=doc&id=2244179.1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f5369edb\");\n # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3681811.xml\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?eb4db3c7\");\n # http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?76f5def7\");\n # https://support.oracle.com/epmos/faces/DocumentDisplay?id=2279658.1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d520c6c8\");\n # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3809960.xml\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?322067e2\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-36.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://riddle.link/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 5.6.36 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-3305\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/12/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/20\");\n\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\");\n script_require_ports(\"Host/RedHat/release\", \"Host/AmazonLinux/release\", \"Host/SuSE/release\", \"Host/CentOS/release\");\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nfix_version = \"5.6.36\";\nexists_version = \"5.6\";\n\nmysql_check_rpms(mysql_packages:default_mysql_rpm_list_server_only, fix_ver:fix_version, exists_ver:exists_version, rhel_os_list:default_mysql_rhel_os_list, centos_os_list:default_mysql_centos_os_list, suse_os_list:default_mysql_suse_os_list, ala_os_list:default_mysql_ala_os_list, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.3, "vector": "AV:N/AC:M/Au:S/C:C/I:N/A:N"}}, {"lastseen": "2022-06-16T16:17:04", "description": "According to its version, the installation of Tenable SecurityCenter on the remote host is affected by multiple vulnerabilities :\n\n - A flaw exists in the mod_session_crypto module due to encryption for data and cookies using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default). An unauthenticated, remote attacker can exploit this, via a padding oracle attack, to decrypt information without knowledge of the encryption key, resulting in the disclosure of potentially sensitive information. (CVE-2016-0736)\n\n - A denial of service vulnerability exists in the mod_auth_digest module during client entry allocation.\n An unauthenticated, remote attacker can exploit this, via specially crafted input, to exhaust shared memory resources, resulting in a server crash. (CVE-2016-2161)\n\n - The Apache HTTP Server is affected by a man-in-the-middle vulnerability known as 'httpoxy' due to a failure to properly resolve namespace conflicts in accordance with RFC 3875 section 4.1.18. The HTTP_PROXY environment variable is set based on untrusted user data in the 'Proxy' header of HTTP requests. The HTTP_PROXY environment variable is used by some web client libraries to specify a remote proxy server. An unauthenticated, remote attacker can exploit this, via a crafted 'Proxy' header in an HTTP request, to redirect an application's internal HTTP traffic to an arbitrary proxy server where it may be observed or manipulated.\n (CVE-2016-5387, CVE-2016-1000102, CVE-2016-1000104)\n\n - A carry propagation error exists in the Broadwell-specific Montgomery multiplication procedure when handling input lengths divisible by but longer than 256 bits. This can result in transient authentication and key negotiation failures or reproducible erroneous outcomes of public-key operations with specially crafted input. A man-in-the-middle attacker can possibly exploit this issue to compromise ECDH key negotiations that utilize Brainpool P-512 curves. (CVE-2016-7055)\n\n - A denial of service vulnerability exists in the mod_http2 module due to improper handling of the LimitRequestFields directive. An unauthenticated, remote attacker can exploit this, via specially crafted CONTINUATION frames in an HTTP/2 request, to inject unlimited request headers into the server, resulting in the exhaustion of memory resources. (CVE-2016-8740)\n\n - A flaw exists due to improper handling of whitespace patterns in user-agent headers. An unauthenticated, remote attacker can exploit this, via a specially crafted user-agent header, to cause the program to incorrectly process sequences of requests, resulting in interpreting responses incorrectly, polluting the cache, or disclosing the content from one request to a second downstream user-agent. (CVE-2016-8743)\n\n - A flaw exits in libcurl in the randit() function within file lib/rand.c due to improper initialization of the 32-bit random value, which is used, for example, to generate Digest and NTLM authentication nonces, resulting in weaker cryptographic operations than expected. (CVE-2016-9594)\n\n - A floating pointer exception flaw exists in the exif_convert_any_to_int() function in exif.c that is triggered when handling TIFF and JPEG image tags. An unauthenticated, remote attacker can exploit this to cause a crash, resulting in a denial of service condition. (CVE-2016-10158)\n\n - An integer overflow condition exists in the phar_parse_pharfile() function in phar.c due to improper validation when handling phar archives. An unauthenticated, remote attacker can exploit this to cause a crash, resulting in a denial of service condition. (CVE-2016-10159)\n\n - An off-by-one overflow condition exists in the phar_parse_pharfile() function in phar.c due to improper parsing of phar archives. An unauthenticated, remote attacker can exploit this to cause a crash, resulting in a denial of service condition. (CVE-2016-10160)\n\n - An out-of-bounds read error exists in the finish_nested_data() function in var_unserializer.c due to improper validation of unserialized data. An unauthenticated, remote attacker can exploit this to cause a crash, resulting in a denial of service condition or the disclosure of memory contents.\n (CVE-2016-10161)\n\n - A denial of service vulnerability exists in the gdImageCreateFromGd2Ctx() function within file gd_gd2.c in the GD Graphics Library (LibGD) when handling images claiming to contain more image data than they actually do. An unauthenticated, remote attacker can exploit this to crash a process linked against the library.\n (CVE-2016-10167)\n\n - An out-of-bounds read error exists when handling packets using the CHACHA20/POLY1305 or RC4-MD5 ciphers. An unauthenticated, remote attacker can exploit this, via specially crafted truncated packets, to cause a denial of service condition. (CVE-2017-3731)\n\n - A carry propagating error exists in the x86_64 Montgomery squaring implementation that may cause the BN_mod_exp() function to produce incorrect results. An unauthenticated, remote attacker with sufficient resources can exploit this to obtain sensitive information regarding private keys. Note that this issue is very similar to CVE-2015-3193. Moreover, the attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example, this can occur by default in OpenSSL DHE based SSL/TLS cipher suites. (CVE-2017-3732)\n\n - An out-of-bounds read error exists in the phar_parse_pharfile() function in phar.c due to improper parsing of phar archives. An unauthenticated, remote attacker can exploit this to cause a crash, resulting in a denial of service condition.\n\n - Multiple stored cross-site scripting (XSS) vulnerabilities exist in unspecified scripts due to a failure to validate input before returning it to users.\n An authenticated, remote authenticated attacker can exploit these, via a specially crafted request, to execute arbitrary script code in a user's browser session.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-03-14T00:00:00", "type": "nessus", "title": "Tenable SecurityCenter 5.x < 5.4.3 Multiple Vulnerabilities (TNS-2017-04) (httpoxy)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3193", "CVE-2016-0736", "CVE-2016-1000102", "CVE-2016-1000104", "CVE-2016-10158", "CVE-2016-10159", "CVE-2016-10160", "CVE-2016-10161", "CVE-2016-10167", "CVE-2016-2161", "CVE-2016-5387", "CVE-2016-7055", "CVE-2016-8740", "CVE-2016-8743", "CVE-2016-9594", "CVE-2017-3731", "CVE-2017-3732"], "modified": "2020-10-09T00:00:00", "cpe": ["cpe:/a:tenable:securitycenter"], "id": "SECURITYCENTER_5_4_3_TNS_2017_04.NASL", "href": "https://www.tenable.com/plugins/nessus/97726", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97726);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/09\");\n\n script_cve_id(\n \"CVE-2016-0736\",\n \"CVE-2016-2161\",\n \"CVE-2016-5387\",\n \"CVE-2016-7055\",\n \"CVE-2016-8740\",\n \"CVE-2016-8743\",\n \"CVE-2016-9594\",\n \"CVE-2016-10158\",\n \"CVE-2016-10159\",\n \"CVE-2016-10160\",\n \"CVE-2016-10161\",\n \"CVE-2016-10167\",\n \"CVE-2016-1000102\",\n \"CVE-2016-1000104\",\n \"CVE-2017-3731\",\n \"CVE-2017-3732\"\n);\n script_bugtraq_id(\n 91816,\n 91822,\n 94242,\n 94650,\n 95076,\n 95077,\n 95078,\n 95094,\n 95764,\n 95768,\n 95774,\n 95783,\n 95813,\n 95814,\n 95869\n );\n script_xref(name:\"CERT\", value:\"797896\");\n script_xref(name:\"EDB-ID\", value:\"40961\");\n\n script_name(english:\"Tenable SecurityCenter 5.x < 5.4.3 Multiple Vulnerabilities (TNS-2017-04) (httpoxy)\");\n script_summary(english:\"Checks the SecurityCenter version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version, the installation of Tenable SecurityCenter\non the remote host is affected by multiple vulnerabilities :\n\n - A flaw exists in the mod_session_crypto module due to\n encryption for data and cookies using the configured\n ciphers with possibly either CBC or ECB modes of\n operation (AES256-CBC by default). An unauthenticated,\n remote attacker can exploit this, via a padding oracle\n attack, to decrypt information without knowledge of the\n encryption key, resulting in the disclosure of\n potentially sensitive information. (CVE-2016-0736)\n\n - A denial of service vulnerability exists in the\n mod_auth_digest module during client entry allocation.\n An unauthenticated, remote attacker can exploit this,\n via specially crafted input, to exhaust shared memory\n resources, resulting in a server crash. (CVE-2016-2161)\n\n - The Apache HTTP Server is affected by a\n man-in-the-middle vulnerability known as 'httpoxy' due\n to a failure to properly resolve namespace conflicts in\n accordance with RFC 3875 section 4.1.18. The HTTP_PROXY\n environment variable is set based on untrusted user data\n in the 'Proxy' header of HTTP requests. The HTTP_PROXY\n environment variable is used by some web client\n libraries to specify a remote proxy server. An\n unauthenticated, remote attacker can exploit this, via a\n crafted 'Proxy' header in an HTTP request, to redirect\n an application's internal HTTP traffic to an arbitrary\n proxy server where it may be observed or manipulated.\n (CVE-2016-5387, CVE-2016-1000102, CVE-2016-1000104)\n\n - A carry propagation error exists in the\n Broadwell-specific Montgomery multiplication procedure\n when handling input lengths divisible by but longer than\n 256 bits. This can result in transient authentication\n and key negotiation failures or reproducible erroneous\n outcomes of public-key operations with specially crafted\n input. A man-in-the-middle attacker can possibly exploit\n this issue to compromise ECDH key negotiations that\n utilize Brainpool P-512 curves. (CVE-2016-7055)\n\n - A denial of service vulnerability exists in the\n mod_http2 module due to improper handling of the\n LimitRequestFields directive. An unauthenticated, remote\n attacker can exploit this, via specially crafted\n CONTINUATION frames in an HTTP/2 request, to inject\n unlimited request headers into the server, resulting in\n the exhaustion of memory resources. (CVE-2016-8740)\n\n - A flaw exists due to improper handling of whitespace\n patterns in user-agent headers. An unauthenticated,\n remote attacker can exploit this, via a specially\n crafted user-agent header, to cause the program to\n incorrectly process sequences of requests, resulting in\n interpreting responses incorrectly, polluting the cache,\n or disclosing the content from one request to a second\n downstream user-agent. (CVE-2016-8743)\n\n - A flaw exits in libcurl in the randit() function within\n file lib/rand.c due to improper initialization of the\n 32-bit random value, which is used, for example, to\n generate Digest and NTLM authentication nonces,\n resulting in weaker cryptographic operations than\n expected. (CVE-2016-9594)\n\n - A floating pointer exception flaw exists in the\n exif_convert_any_to_int() function in exif.c that is\n triggered when handling TIFF and JPEG image tags. An\n unauthenticated, remote attacker can exploit this to\n cause a crash, resulting in a denial of service\n condition. (CVE-2016-10158)\n\n - An integer overflow condition exists in the\n phar_parse_pharfile() function in phar.c due to improper\n validation when handling phar archives. An\n unauthenticated, remote attacker can exploit this to\n cause a crash, resulting in a denial of service\n condition. (CVE-2016-10159)\n\n - An off-by-one overflow condition exists in the\n phar_parse_pharfile() function in phar.c due to improper\n parsing of phar archives. An unauthenticated, remote\n attacker can exploit this to cause a crash, resulting in\n a denial of service condition. (CVE-2016-10160)\n\n - An out-of-bounds read error exists in the\n finish_nested_data() function in var_unserializer.c due\n to improper validation of unserialized data. An\n unauthenticated, remote attacker can exploit this to\n cause a crash, resulting in a denial of service\n condition or the disclosure of memory contents.\n (CVE-2016-10161)\n\n - A denial of service vulnerability exists in the\n gdImageCreateFromGd2Ctx() function within file gd_gd2.c\n in the GD Graphics Library (LibGD) when handling images\n claiming to contain more image data than they actually\n do. An unauthenticated, remote attacker can exploit this\n to crash a process linked against the library.\n (CVE-2016-10167)\n\n - An out-of-bounds read error exists when handling packets\n using the CHACHA20/POLY1305 or RC4-MD5 ciphers. An\n unauthenticated, remote attacker can exploit this, via\n specially crafted truncated packets, to cause a denial\n of service condition. (CVE-2017-3731)\n\n - A carry propagating error exists in the x86_64\n Montgomery squaring implementation that may cause the\n BN_mod_exp() function to produce incorrect results. An\n unauthenticated, remote attacker with sufficient\n resources can exploit this to obtain sensitive\n information regarding private keys. Note that this issue\n is very similar to CVE-2015-3193. Moreover, the attacker\n would additionally need online access to an unpatched\n system using the target private key in a scenario with\n persistent DH parameters and a private key that is\n shared between multiple clients. For example, this can\n occur by default in OpenSSL DHE based SSL/TLS cipher\n suites. (CVE-2017-3732)\n\n - An out-of-bounds read error exists in the\n phar_parse_pharfile() function in phar.c due to improper\n parsing of phar archives. An unauthenticated, remote\n attacker can exploit this to cause a crash, resulting in\n a denial of service condition.\n\n - Multiple stored cross-site scripting (XSS)\n vulnerabilities exist in unspecified scripts due to a\n failure to validate input before returning it to users.\n An authenticated, remote authenticated attacker can\n exploit these, via a specially crafted request, to\n execute arbitrary script code in a user's browser\n session.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.tenable.com/security/tns-2017-04\");\n script_set_attribute(attribute:\"see_also\", value:\"https://httpoxy.org\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Tenable SecurityCenter version 5.4.3 or later.\nAlternatively, apply the appropriate patch according to the vendor\nadvisory.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"manual\");\n script_set_attribute(attribute:\"cvss_score_rationale\", value:\"Score based on analysis of the vendor advisory.\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:tenable:securitycenter\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"securitycenter_installed.nbin\", \"securitycenter_detect.nbin\");\n script_require_ports(\"Host/SecurityCenter/Version\", \"installed_sw/SecurityCenter\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"install_func.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nversion = get_kb_item(\"Host/SecurityCenter/Version\");\nport = 0;\nif(empty_or_null(version))\n{\n port = 443;\n install = get_single_install(app_name:\"SecurityCenter\", combined:TRUE, exit_if_unknown_ver:TRUE);\n version = install[\"version\"];\n}\nfix = \"5.4.3\";\n\n# Affects 5.0.2, 5.1.0, 5.2.0, 5.3.1, 5.3.2, 5.4.0, 5.4.1, 5.4.2\nif ( version =~ \"^5\\.(0\\.2|1\\.0|2\\.0|3\\.[12]|4\\.[0-2])([^0-9]|$)\" )\n{\n items = make_array(\n \"Installed version\", version,\n \"Fixed version\", fix\n );\n\n order = make_list(\"Installed version\", \"Fixed version\");\n report = report_items_str(report_items:items, ordered_fields:order);\n\n security_report_v4(severity:SECURITY_WARNING, port:port, extra:report, xss:TRUE);\n}\nelse\n audit(AUDIT_INST_VER_NOT_VULN, 'SecurityCenter', version);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2022-05-04T15:48:54", "description": "The version of IBM Java installed on the remote host is prior to 6.0 < 6.0.16.70 / 6.1 < 6.1.8.70 / 7.0 < 7.0.10.30 / 7.1 < 7.1.4.30 / 8.0 < 8.0.5.20. It is, therefore, affected by multiple vulnerabilities as referenced in the IBM Security Update August 2018 advisory.\n\n - Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key. (CVE-2016-0705)\n\n - There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem. (CVE-2017-3732)\n\n - There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen. (CVE-2017-3736)\n\n - A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an attacker to inflict a denial-of-service attack with specially crafted String data. IBM X-Force ID: 141681.\n (CVE-2018-1517)\n\n - The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882. (CVE-2018-1656)\n\n - In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled by default on Windows, Linux and AIX JVMs and can be disabled using the command line option -Dcom.ibm.tools.attach.enable=no. (CVE-2018-12539)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-04-29T00:00:00", "type": "nessus", "title": "IBM Java 6.0 < 6.0.16.70 / 6.1 < 6.1.8.70 / 7.0 < 7.0.10.30 / 7.1 < 7.1.4.30 / 8.0 < 8.0.5.20 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3193", "CVE-2016-0705", "CVE-2017-3732", "CVE-2017-3736", "CVE-2018-12539", "CVE-2018-1517", "CVE-2018-1656"], "modified": "2022-04-29T00:00:00", "cpe": ["cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*"], "id": "IBM_JAVA_2018_08_01.NASL", "href": "https://www.tenable.com/plugins/nessus/160350", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160350);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/29\");\n\n script_cve_id(\n \"CVE-2016-0705\",\n \"CVE-2017-3732\",\n \"CVE-2017-3736\",\n \"CVE-2018-1517\",\n \"CVE-2018-1656\",\n \"CVE-2018-12539\"\n );\n script_xref(name:\"IAVA\", value:\"2016-A-0056-S\");\n script_xref(name:\"IAVB\", value:\"2016-B-0083-S\");\n script_xref(name:\"IAVA\", value:\"2017-A-0228-S\");\n script_xref(name:\"IAVA\", value:\"2017-A-0032-S\");\n script_xref(name:\"IAVA\", value:\"2017-A-0224-S\");\n script_xref(name:\"IAVA\", value:\"2018-A-0117-S\");\n script_xref(name:\"IAVA\", value:\"2018-A-0033-S\");\n script_xref(name:\"IAVA\", value:\"2017-A-0327-S\");\n script_xref(name:\"IAVA\", value:\"2018-A-0118-S\");\n script_xref(name:\"IAVA\", value:\"2019-A-0130\");\n\n script_name(english:\"IBM Java 6.0 < 6.0.16.70 / 6.1 < 6.1.8.70 / 7.0 < 7.0.10.30 / 7.1 < 7.1.4.30 / 8.0 < 8.0.5.20 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"IBM Java is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of IBM Java installed on the remote host is prior to 6.0 < 6.0.16.70 / 6.1 < 6.1.8.70 / 7.0 < 7.0.10.30 /\n7.1 < 7.1.4.30 / 8.0 < 8.0.5.20. It is, therefore, affected by multiple vulnerabilities as referenced in the IBM\nSecurity Update August 2018 advisory.\n\n - Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1\n before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory\n corruption) or possibly have unspecified other impact via a malformed DSA private key. (CVE-2016-0705)\n\n - There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before\n 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA\n and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks\n against DH are considered just feasible (although very difficult) because most of the work necessary to\n deduce information about a private key may be performed offline. The amount of resources required for such\n an attack would be very significant and likely only accessible to a limited number of attackers. An\n attacker would additionally need online access to an unpatched system using the target private key in a\n scenario with persistent DH parameters and a private key that is shared between multiple clients. For\n example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very\n similar to CVE-2015-3193 but must be treated as a separate problem. (CVE-2017-3732)\n\n - There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and\n 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as\n a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH\n are considered just feasible (although very difficult) because most of the work necessary to deduce\n information about a private key may be performed offline. The amount of resources required for such an\n attack would be very significant and likely only accessible to a limited number of attackers. An attacker\n would additionally need online access to an unpatched system using the target private key in a scenario\n with persistent DH parameters and a private key that is shared between multiple clients. This only affects\n processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later\n or AMD Ryzen. (CVE-2017-3736)\n\n - A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an\n attacker to inflict a denial-of-service attack with specially crafted String data. IBM X-Force ID: 141681.\n (CVE-2018-1517)\n\n - The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology\n Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed\n dump files. IBM X-Force ID: 144882. (CVE-2018-1656)\n\n - In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to\n connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes\n the ability to execute untrusted native code. Attach API is enabled by default on Windows, Linux and AIX\n JVMs and can be disabled using the command line option -Dcom.ibm.tools.attach.enable=no. (CVE-2018-12539)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IJ07855\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IJ08248\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IJ08250\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IJ08278\");\n # https://www.ibm.com/support/knowledgecenter/en/SSYKE2_8.0.0/com.ibm.java.security.component.80.doc/security-component/jceplusdocs/jceplus.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a20a1bce\");\n # https://www.ibm.com/support/pages/java-sdk-security-vulnerabilities#IBM_Security_Update_August_2018\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?40e319ff\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the IBM Security Update August 2018 advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-0705\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:java\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ibm_java_nix_installed.nbin\", \"ibm_java_win_installed.nbin\");\n script_require_keys(\"installed_sw/Java\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_list = ['IBM Java'];\nvar app_info = vcf::java::get_app_info(app:app_list);\n\nvar constraints = [\n { 'min_version' : '6.0.0', 'fixed_version' : '6.0.16.70' },\n { 'min_version' : '6.1.0', 'fixed_version' : '6.1.8.70' },\n { 'min_version' : '7.0.0', 'fixed_version' : '7.0.10.30' },\n { 'min_version' : '7.1.0', 'fixed_version' : '7.1.4.30' },\n { 'min_version' : '8.0.0', 'fixed_version' : '8.0.5.20' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 10, "vector": "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-21T16:21:07", "description": "bn_sqrx8x_internal carry bug on x86_64\n\nThere is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline.\nThe amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen. (CVE-2017-3736)\n\nrsaz_1024_mul_avx2 overflow bug on x86_64\n\nThere is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant.\nHowever, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701 . This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736 , CVE-2017-3732 and CVE-2015-3193 . OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n.\nDue to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository. (CVE-2017-3738)\n\nRSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys\n\nOpenSSL RSA key generation was found to be vulnerable to cache side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover parts of the private key. (CVE-2018-0737)\n\nRead/write after SSL object in error state\n\nOpenSSL 1.0.2 (starting from version 1.0.2b) introduced an 'error state' mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected. (CVE-2017-3737)", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}, "published": "2018-04-27T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : openssl (ALAS-2018-1004)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3193", "CVE-2016-0701", "CVE-2017-3732", "CVE-2017-3736", "CVE-2017-3737", "CVE-2017-3738", "CVE-2018-0737"], "modified": "2019-07-10T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:openssl", "p-cpe:/a:amazon:linux:openssl-debuginfo", "p-cpe:/a:amazon:linux:openssl-devel", "p-cpe:/a:amazon:linux:openssl-libs", "p-cpe:/a:amazon:linux:openssl-perl", "p-cpe:/a:amazon:linux:openssl-static", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2018-1004.NASL", "href": "https://www.tenable.com/plugins/nessus/109364", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2018-1004.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109364);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/07/10 16:04:12\");\n\n script_cve_id(\"CVE-2017-3736\", \"CVE-2017-3737\", \"CVE-2017-3738\", \"CVE-2018-0737\");\n script_xref(name:\"ALAS\", value:\"2018-1004\");\n\n script_name(english:\"Amazon Linux 2 : openssl (ALAS-2018-1004)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"bn_sqrx8x_internal carry bug on x86_64\n\nThere is a carry propagating bug in the x86_64 Montgomery squaring\nprocedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC\nalgorithms are affected. Analysis suggests that attacks against RSA\nand DSA as a result of this defect would be very difficult to perform\nand are not believed likely. Attacks against DH are considered just\nfeasible (although very difficult) because most of the work necessary\nto deduce information about a private key may be performed offline.\nThe amount of resources required for such an attack would be very\nsignificant and likely only accessible to a limited number of\nattackers. An attacker would additionally need online access to an\nunpatched system using the target private key in a scenario with\npersistent DH parameters and a private key that is shared between\nmultiple clients. This only affects processors that support the BMI1,\nBMI2 and ADX extensions like Intel Broadwell (5th generation) and\nlater or AMD Ryzen. (CVE-2017-3736)\n\nrsaz_1024_mul_avx2 overflow bug on x86_64\n\nThere is an overflow bug in the AVX2 Montgomery multiplication\nprocedure used in exponentiation with 1024-bit moduli. No EC\nalgorithms are affected. Analysis suggests that attacks against RSA\nand DSA as a result of this defect would be very difficult to perform\nand are not believed likely. Attacks against DH1024 are considered\njust feasible, because most of the work necessary to deduce\ninformation about a private key may be performed offline. The amount\nof resources required for such an attack would be significant.\nHowever, for an attack on TLS to be meaningful, the server would have\nto share the DH1024 private key among multiple clients, which is no\nlonger an option since CVE-2016-0701 . This only affects processors\nthat support the AVX2 but not ADX extensions like Intel Haswell (4th\ngeneration). Note: The impact from this issue is similar to\nCVE-2017-3736 , CVE-2017-3732 and CVE-2015-3193 . OpenSSL version\n1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n.\nDue to the low severity of this issue we are not issuing a new release\nof OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL\n1.1.0h when it becomes available. The fix is also available in commit\ne502cc86d in the OpenSSL git repository. (CVE-2017-3738)\n\nRSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c\nallows attackers to recover private keys\n\nOpenSSL RSA key generation was found to be vulnerable to cache\nside-channel attacks. An attacker with sufficient access to mount\ncache timing attacks during the RSA key generation process could\nrecover parts of the private key. (CVE-2018-0737)\n\nRead/write after SSL object in error state\n\nOpenSSL 1.0.2 (starting from version 1.0.2b) introduced an 'error\nstate' mechanism. The intent was that if a fatal error occurred during\na handshake then OpenSSL would move into the error state and would\nimmediately fail if you attempted to continue the handshake. This\nworks as designed for the explicit handshake functions\n(SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a\nbug it does not work correctly if SSL_read() or SSL_write() is called\ndirectly. In that scenario, if the handshake fails then a fatal error\nwill be returned in the initial function call. If\nSSL_read()/SSL_write() is subsequently called by the application for\nthe same SSL object then it will succeed and the data is passed\nwithout being decrypted/encrypted directly from the SSL/TLS record\nlayer. In order to exploit this issue an application bug would have to\nbe present that resulted in a call to SSL_read()/SSL_write() being\nissued after having already received a fatal error. OpenSSL version\n1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is\nnot affected. (CVE-2017-3737)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2018-1004.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update openssl' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"openssl-1.0.2k-12.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"openssl-debuginfo-1.0.2k-12.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"openssl-devel-1.0.2k-12.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"openssl-libs-1.0.2k-12.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.2k-12.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"openssl-static-1.0.2k-12.amzn2.0.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-libs / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:37:24", "description": "The version of MySQL running on the remote host is 5.6.x prior to 5.6.36. It is, therefore, affected by multiple vulnerabilities :\n\n - A use-after-free error exists in the mysql_prune_stmt_list() function in client.c that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3302)\n\n - A carry propagation error exists in the OpenSSL component in the Broadwell-specific Montgomery multiplication procedure when handling input lengths divisible by but longer than 256 bits. This can result in transient authentication and key negotiation failures or reproducible erroneous outcomes of public-key operations with specially crafted input. A man-in-the-middle attacker can possibly exploit this issue to compromise ECDH key negotiations that utilize Brainpool P-512 curves. (CVE-2016-7055)\n\n - An authentication information disclosure vulnerability, known as Riddle, exists due to authentication being performed prior to security parameter verification. A man-in-the-middle (MitM) attacker can exploit this vulnerability to disclose sensitive authentication information, which the attacker can later use for authenticating to the server. (CVE-2017-3305)\n\n - Multiple unspecified flaws exist in the DML subcomponent that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3308, CVE-2017-3456)\n\n - Multiple unspecified flaws exist in the Optimizer subcomponent that allow an authenticated, remote attacker to cause a denial of service condition.\n (CVE-2017-3309, CVE-2017-3452, CVE-2017-3453)\n\n - An unspecified flaw exists in the Thread Pooling subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition.\n (CVE-2017-3329)\n\n - An unspecified flaw exists in the Memcached subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2017-3450)\n\n - Multiple unspecified flaws exist in the 'Security: Privileges' subcomponent that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3461, CVE-2017-3462, CVE-2017-3463)\n\n - An unspecified flaw exists in the DDL subcomponent that allows an authenticated, remote attacker to update, insert, or delete data contained in the database.\n (CVE-2017-3464)\n\n - An unspecified flaw exists in the Pluggable Auth subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition.\n (CVE-2017-3599)\n\n - An unspecified flaw exists in the 'Client mysqldump' subcomponent that allows an authenticated, remote attacker to execute arbitrary code. (CVE-2017-3600)\n\n - An out-of-bounds read error exists in the OpenSSL component when handling packets using the CHACHA20/POLY1305 or RC4-MD5 ciphers. An unauthenticated, remote attacker can exploit this, via specially crafted truncated packets, to cause a denial of service condition. (CVE-2017-3731)\n\n - A carry propagating error exists in the OpenSSL component in the x86_64 Montgomery squaring implementation that may cause the BN_mod_exp() function to produce incorrect results. An unauthenticated, remote attacker with sufficient resources can exploit this to obtain sensitive information regarding private keys.\n (CVE-2017-3732)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"}, "published": "2017-04-20T00:00:00", "type": "nessus", "title": "MySQL 5.6.x < 5.6.36 Multiple Vulnerabilities (April 2017 CPU) (July 2017 CPU) (Riddle)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7055", "CVE-2017-3302", "CVE-2017-3305", "CVE-2017-3308", "CVE-2017-3309", "CVE-2017-3329", "CVE-2017-3450", "CVE-2017-3452", "CVE-2017-3453", "CVE-2017-3456", "CVE-2017-3461", "CVE-2017-3462", "CVE-2017-3463", "CVE-2017-3464", "CVE-2017-3599", "CVE-2017-3600", "CVE-2017-3731", "CVE-2017-3732"], "modified": "2019-11-13T00:00:00", "cpe": ["cpe:/a:oracle:mysql"], "id": "MYSQL_5_6_36.NASL", "href": "https://www.tenable.com/plugins/nessus/99515", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99515);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/11/13\");\n\n script_cve_id(\n \"CVE-2016-7055\",\n \"CVE-2017-3302\",\n \"CVE-2017-3305\",\n \"CVE-2017-3308\",\n \"CVE-2017-3309\",\n \"CVE-2017-3329\",\n \"CVE-2017-3450\",\n \"CVE-2017-3452\",\n \"CVE-2017-3453\",\n \"CVE-2017-3456\",\n \"CVE-2017-3461\",\n \"CVE-2017-3462\",\n \"CVE-2017-3463\",\n \"CVE-2017-3464\",\n \"CVE-2017-3599\",\n \"CVE-2017-3600\",\n \"CVE-2017-3731\",\n \"CVE-2017-3732\"\n );\n script_bugtraq_id(\n 94242,\n 95813,\n 95814,\n 96162,\n 97023,\n 97725,\n 97742,\n 97747,\n 97754,\n 97763,\n 97765,\n 97776,\n 97779,\n 97812,\n 97818,\n 97831,\n 97849,\n 97851\n );\n\n script_name(english:\"MySQL 5.6.x < 5.6.36 Multiple Vulnerabilities (April 2017 CPU) (July 2017 CPU) (Riddle)\");\n script_summary(english:\"Checks the version of MySQL server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL running on the remote host is 5.6.x prior to\n5.6.36. It is, therefore, affected by multiple vulnerabilities :\n\n - A use-after-free error exists in the\n mysql_prune_stmt_list() function in client.c that allows\n an authenticated, remote attacker to cause a denial of\n service condition. (CVE-2017-3302)\n\n - A carry propagation error exists in the OpenSSL\n component in the Broadwell-specific Montgomery\n multiplication procedure when handling input lengths\n divisible by but longer than 256 bits. This can result\n in transient authentication and key negotiation failures\n or reproducible erroneous outcomes of public-key\n operations with specially crafted input. A\n man-in-the-middle attacker can possibly exploit this\n issue to compromise ECDH key negotiations that utilize\n Brainpool P-512 curves. (CVE-2016-7055)\n\n - An authentication information disclosure vulnerability,\n known as Riddle, exists due to authentication being\n performed prior to security parameter verification. A\n man-in-the-middle (MitM) attacker can exploit this\n vulnerability to disclose sensitive authentication\n information, which the attacker can later use for\n authenticating to the server. (CVE-2017-3305)\n\n - Multiple unspecified flaws exist in the DML subcomponent\n that allow an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2017-3308,\n CVE-2017-3456)\n\n - Multiple unspecified flaws exist in the Optimizer\n subcomponent that allow an authenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2017-3309, CVE-2017-3452, CVE-2017-3453)\n\n - An unspecified flaw exists in the Thread Pooling\n subcomponent that allows an unauthenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2017-3329)\n\n - An unspecified flaw exists in the Memcached subcomponent\n that allows an unauthenticated, remote attacker to cause\n a denial of service condition. (CVE-2017-3450)\n\n - Multiple unspecified flaws exist in the\n 'Security: Privileges' subcomponent that allow an\n authenticated, remote attacker to cause a denial of\n service condition. (CVE-2017-3461, CVE-2017-3462,\n CVE-2017-3463)\n\n - An unspecified flaw exists in the DDL subcomponent that\n allows an authenticated, remote attacker to update,\n insert, or delete data contained in the database.\n (CVE-2017-3464)\n\n - An unspecified flaw exists in the Pluggable Auth\n subcomponent that allows an unauthenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2017-3599)\n\n - An unspecified flaw exists in the 'Client mysqldump'\n subcomponent that allows an authenticated, remote\n attacker to execute arbitrary code. (CVE-2017-3600)\n\n - An out-of-bounds read error exists in the OpenSSL\n component when handling packets using the\n CHACHA20/POLY1305 or RC4-MD5 ciphers. An\n unauthenticated, remote attacker can exploit this, via\n specially crafted truncated packets, to cause a denial\n of service condition. (CVE-2017-3731)\n\n - A carry propagating error exists in the OpenSSL\n component in the x86_64 Montgomery squaring\n implementation that may cause the BN_mod_exp() function\n to produce incorrect results. An unauthenticated, remote\n attacker with sufficient resources can exploit this to\n obtain sensitive information regarding private keys.\n (CVE-2017-3732)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-36.html\");\n # https://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixMSQL\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d679be85\");\n # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3681811.xml\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?eb4db3c7\");\n # http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?76f5def7\");\n # https://support.oracle.com/epmos/faces/DocumentDisplay?id=2279658.1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d520c6c8\");\n # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3809960.xml\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?322067e2\");\n script_set_attribute(attribute:\"see_also\", value:\"http://riddle.link/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 5.6.36 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-3305\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/12/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/20\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nmysql_check_version(fixed:'5.6.36', min:'5.6', severity:SECURITY_WARNING);\n", "cvss": {"score": 6.3, "vector": "AV:N/AC:M/Au:S/C:C/I:N/A:N"}}, {"lastseen": "2022-04-12T16:44:12", "description": "The version of IBM HTTP Server running on the remote host is affected by multiple vulnerabilities, including the following:\n\n - IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. (CVE-2018-1426)\n\n - The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.1.6) CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. Note: After update the customer should change password to ensure the new password is stored more securely. Products should encourage customers to take this step as a high priority action. (CVE-2018-1447)\n\n - There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem. (CVE-2017-3732)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2021-01-06T00:00:00", "type": "nessus", "title": "IBM HTTP Server 7.0.0.0 <= 7.0.0.43 / 8.0.0.0 <= 8.0.0.14 / 8.5.0.0 < 8.5.5.14 / 9.0.0.0 < 9.0.0.8 Multiple Vulnerabilities (569301)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3193", "CVE-2016-0702", "CVE-2016-7056", "CVE-2017-3732", "CVE-2017-3736", "CVE-2018-1426", "CVE-2018-1427", "CVE-2018-1447"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:ibm:http_server"], "id": "IBM_HTTP_SERVER_569301.NASL", "href": "https://www.tenable.com/plugins/nessus/144773", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144773);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2016-0702\",\n \"CVE-2016-7056\",\n \"CVE-2017-3732\",\n \"CVE-2017-3736\",\n \"CVE-2018-1426\",\n \"CVE-2018-1427\",\n \"CVE-2018-1447\"\n );\n script_bugtraq_id(\n 83740,\n 95375,\n 95814,\n 101666,\n 103536,\n 104511,\n 105580\n );\n\n script_name(english:\"IBM HTTP Server 7.0.0.0 <= 7.0.0.43 / 8.0.0.0 <= 8.0.0.14 / 8.5.0.0 < 8.5.5.14 / 9.0.0.0 < 9.0.0.8 Multiple Vulnerabilities (569301)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of IBM HTTP Server running on the remote host is affected by multiple vulnerabilities, including the following:\n\n - IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) duplicates the PRNG state across\n fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and\n a risk of duplicate key material. (CVE-2018-1426)\n\n - The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.1.6)\n CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A\n weak password may be recovered. Note: After update the customer should change password to ensure the new\n password is stored more securely. Products should encourage customers to take this step as a high priority\n action. (CVE-2018-1447)\n\n - There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before\n 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA\n and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks\n against DH are considered just feasible (although very difficult) because most of the work necessary to\n deduce information about a private key may be performed offline. The amount of resources required for such\n an attack would be very significant and likely only accessible to a limited number of attackers. An\n attacker would additionally need online access to an unpatched system using the target private key in a\n scenario with persistent DH parameters and a private key that is shared between multiple clients. For\n example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very\n similar to CVE-2015-3193 but must be treated as a separate problem. (CVE-2017-3732)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.ibm.com/support/pages/node/569301\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to IBM HTTP Server version 7.0.0.45, 8.5.5.14, 9.0.0.8, or later. Alternatively, upgrade to the minimal fix\npack levels required by the interim fix and then apply Interim Fix PI91913 or PI94222.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-1426\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:http_server\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ibm_http_server_nix_installed.nbin\");\n script_require_keys(\"installed_sw/IBM HTTP Server (IHS)\");\n\n exit(0);\n}\n\n\ninclude('vcf.inc');\n\napp = 'IBM HTTP Server (IHS)';\nfix = 'Interim Fix PI94222';\n\napp_info = vcf::get_app_info(app:app);\nvcf::check_granularity(app_info:app_info, sig_segments:4);\n\nif ('PI91913' >< app_info['Fixes'] || 'PI94222' >< app_info['Fixes'])\n audit(AUDIT_INST_VER_NOT_VULN, app);\n\nconstraints = [\n { 'min_version' : '7.0.0.0', 'max_version' : '7.0.0.43', 'fixed_display' : '7.0.0.45 or Interim Fix PI91913'},\n { 'min_version' : '8.0.0.0', 'max_version' : '8.0.0.14', 'fixed_display' : fix },\n { 'min_version' : '8.5.0.0', 'max_version' : '8.5.5.13', 'fixed_display' : '8.5.5.14 or ' + fix },\n { 'min_version' : '9.0.0.0', 'max_version' : '9.0.0.7', 'fixed_display' : '9.0.0.8 or ' + fix }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}], "huawei": [{"lastseen": "2021-12-30T12:26:20", "description": "On January 26, 2017, the OpenSSL Software Foundation released a security advisory that included three new vulnerabilities. \n\nIf a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack. (Vulnerability ID: HWPSIRT-2017-02005) \n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-3730. \n\nIf an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. (Vulnerability ID: HWPSIRT-2017-02006) \n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-3731. \n\nThere is a vulnerability in the x86_64 Montgomery squaring procedure, if DH parameters are used and a private key is shared between multiple clients, a successful exploit could allow the attacker to access sensitive private key information. (Vulnerability ID: HWPSIRT-2017-02007) \n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-3732. \n\nHuawei has released software updates to fix these vulnerabilities. This advisory is available at the following link: \n\n<http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170503-01-openssl-en> \n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-05-03T00:00:00", "type": "huawei", "title": "Security Advisory - Three OpenSSL Vulnerabilities in Huawei Products", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3730", "CVE-2017-3731", "CVE-2017-3732"], "modified": "2020-01-15T00:00:00", "id": "HUAWEI-SA-20170503-01-OPENSSL", "href": "https://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170503-01-openssl-en", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "symantec": [{"lastseen": "2021-11-07T10:50:28", "description": "### SUMMARY\n\nSymantec Network Protection products using affected versions of OpenSSL are susceptible to several vulnerabilities. A remote attacker can exploit these vulnerabilities to cause denial of service and obtain private key information. \n \n\n\n### AFFECTED PRODUCTS \n\nThe following products are vulnerable:\n\n**CacheFlow** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2017-3731 | 3.4 | Upgrade to 3.4.2.8. \n \n \n\n**Director** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2017-3731 | 6.1 starting with 6.1.22.1 | Upgrade to 6.1.23.1. \n \n \n\n**IntelligenceCenter (IC)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2017-3731 | 3.3 | Upgrade to a version of NetDialog NetX with fixes. \n \n \n\n**Malware Analysis (MA)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2017-3732 | 4.2 | Upgrade to 4.2.12. \n \n \n\n**PacketShaper (PS)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2017-3731 | 9.2 | Fixed in 9.2.13p7 \n \n \n\n**PolicyCenter (PC)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2017-3731 | 9.2 | Fixed in 9.2.13p7 \n \n \n\n**ProxyAV** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2017-3731 | 3.5 | Upgrade to a version of CAS with fixes. \n \n \n\n**ProxySG** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2017-3731 | 7.1 and later | Not vulnerable, fixed in 7.1.1.1 \n6.7 | Upgrade to 6.7.1.2. \n6.6 | Upgrade to 6.6.5.8. \n6.5 | Upgrade to 6.5.10.4. \n \n \n\n \n\n**Reporter** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2017-3731 | 10.2 and later | Not vulnerable, fixed in 10.2.1.1. \n10.1 (has vulnerable version of OpenSSL, but not vulnerable to known vectors of impact). | Upgrade to 10.1.5.5. \n9.5 | Not vulnerable \nCVE-2017-3732 | 10.2 and later | Not vulnerable \n10.1 | Not vulnerable \n9.5 | Upgrade to 9.5.4.1. \nAll CVEs | 9.4 | Not vulnerable \n \n \n\n**SSL Visibility (SSLV)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2017-3731 | 4.1 and later | Not vulnerable, fixed in 4.1.1.1. \n4.0 (has vulnerable version of OpenSSL, but not vulnerable to known vectors of impact). | Upgrade to 4.0.2.1. \n3.x | Not vulnerable \nCVE-2017-3732 | 3.12 and later | Not vulnerable \n3.11 | Upgrade to 3.11.3.1. \n3.10 | Upgrade to 3.10.4.1. \n3.9 | Not available at this time \n \n \n\n**Unified Agent (UA)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2017-3732 | 4.8 and later | Not vulnerable, fixed in 4.8.0 \n4.7 | Upgrade to later release with fixes \n4.6 | Upgrade to later release with fixes \n4.1 | Not vulnerable \n \n \n\nThe following products contain a vulnerable version of OpenSSL, but are not vulnerable to known vectors of attack:\n\n**Advanced Secure Gateway (ASG)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2017-3731 | 7.1 | Not vulnerable, fixed in 7.1.1.1 \n6.7 | Upgrade to 6.7.3.1. \n6.6 | Upgrade to later release with fixes. \n \n \n\n**Android Mobile Agent** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2017-3731 | 2.0 | Not vulnerable, fixed \n1.3 | Upgrade to 1.3.8. \n \n \n\n**Content Analysis (CA)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2017-3731 | 2.2 and later | Not vulnerable, fixed in 2.2.1.1. \n2.1 | Upgrade to later release with fixes. \n1.3 | Upgrade to later release with fixes. \n \n \n\n**Mail Threat Defense (MTD)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2017-3731 | 1.1 | Not available at this time \n \n \n\n**Management Center (MC)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2017-3731 | 1.11 and later | Not vulnerable, fixed in 1.11.1.1. \n1.10 | Upgrade to later release with fixes. \n1.9 | Upgrade to later release with fixes. \n1.8 | Upgrade to later release with fixes. \n \n \n\n**Norman Shark Industrial Control System Protection (ICSP)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2017-3731 | 5.4 and later | Not vulnerable, fixed in 5.4.1 \n5.3 | Not available at this time \n \n \n\n**Norman Shark Network Protection (NNP)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2017-3731 | 5.3 | A fix will not be provided. \n \n \n\n**Norman Shark SCADA Protection (NSP)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2017-3731 | 5.3 | A fix will not be provided. Customers who use NSP for USB cleaning can switch to a version of ICSP with fixes. \n \n \n\n**PacketShaper (PS) S-Series** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2017-3731 | 11.9 and later | Not vulnerable, fixed in 11.9.1.1. \n11.8 | Upgrade to later release with fixes. \n11.7 | Upgrade to later release with fixes. \n11.6 | Upgrade to 11.6.4.2. \n11.5 | Upgrade to later release with fixes. \n \n \n\n**PolicyCenter (PC) S-Series** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2017-3731 | 1.1 | Upgrade to 1.1.4.2. \n \n \n\n**Security Analytics** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2017-3731 | 7.3 and later | Not vulnerable, fixed in 7.3.1. \n7.2 | Upgrade to 7.2.3. \n7.1 | Upgrade to later release with fixes. \n6.6 | Upgrade to later release with fixes. \n \n \n\n**X-Series XOS** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2017-3731 | 11.0 | Not available at this time \n10.0 | Upgrade to later release with fixes. \n9.7 | Upgrade to later release with fixes. \n \n \n\n### ADDITIONAL PRODUCT INFORMATION\n\nSymantec Network Protection products that use a native installation of OpenSSL but do not install or maintain that implementation are not vulnerable to any of these CVEs. However, the underlying platform or application that installs and maintains OpenSSL may be vulnerable. Symantec urges our customers to update the versions of OpenSSL that are natively installed for Client Connector for OS X, Proxy Client for OS X, and Reporter 9.x for Linux.\n\nSome Symantec Network Protection products do not enable or use all functionality within OpenSSL. The products listed below do not utilize the functionality described in the CVEs below and are thus not known to be vulnerable to them. However, fixes for these CVEs will be included in the patches that are provided.\n\n * **Android Mobile Agent:** CVE-2017-3731\n * **ASG:** CVE-2017-3731\n * **CA:** CVE-2017-3731\n * **Director 6.1.22.1:** CVE-2017-3732\n * **MTD:** CVE-2017-3731\n * **MA:** CVE-2017-3731\n * **MC:** CVE-2017-3731\n * **ICSP:** CVE-2017-3731\n * **NNP:** CVE-2017-3731\n * **NSP:** CVE-2017-3731\n * **PacketShaper S-Series:** CVE-2017-3731\n * **PolicyCenter S-Series:** CVE-2017-3731\n * **Reporter 9.5 and 10.1:** CVE-2017-3731\n * **Security Analytics:** CVE-2017-3731\n * **SSLV:** CVE-2017-3731\n * **Unified Agent:** CVE-2017-3731\n\nThe following products are not vulnerable: \n**AuthConnector** \n**BCAAA** \n**Symantec HSM Agent for the Luna SP \nClient Connector** \n**Cloud Data Protection for Salesforce \nCloud Data Protection for Salesforce Analytics \nCloud Data Protection for ServiceNow \nCloud Data Protection for Oracle CRM On Demand \nCloud Data Protection for Oracle Field Service Cloud \nCloud Data Protection for Oracle Sales Cloud \nCloud Data Protection Integration Server \nCloud Data Protection Communication Server \nCloud Data Protection Policy Builder \nGeneral Auth Connector Login Application \nIntelligenceCenter Data Collector \nK9 \nProxyClient \nProxyAV ConLog and ConLogXP \nWeb Isolation**\n\nSymantec no longer provides vulnerability information for the following products:\n\n**DLP** \nPlease, contact Digital Guardian technical support regarding vulnerability information for DLP. \n \n\n\n### ISSUES \n\n**CVE-2017-3730** \n--- \n**Severity / CVSSv2** | Medium / 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 95812](<https://www.securityfocus.com/bid/95812>) / NVD: [CVE-2017-3730](<https://nvd.nist.gov/vuln/detail/CVE-2017-3730>) \n**Impact** | Denial of service \n**Description** | A NULL pointer dereference flaw in the SSL client implementation allows a remote attacker to send crafted DHE or ECDHE key exchange parameters to an SSL client and cause an application crash, resulting in denial of service. \n \n \n\n**CVE-2017-3731** \n--- \n**Severity / CVSSv2** | Medium / 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 95813](<https://www.securityfocus.com/bid/95813>) / NVD: [CVE-2017-3731](<https://nvd.nist.gov/vuln/detail/CVE-2017-3731>) \n**Impact** | Denial of service \n**Description** | An out-of-bounds read flaw in the 32-bit SSL client and server implementations allows a remote attacker to send crafted packets and cause an application crash, resulting in denial of service. \n \n \n\n**CVE-2017-3732** \n--- \n**Severity / CVSSv2** | Medium / 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n**References** | SecurityFocus: [BID 95814](<https://www.securityfocus.com/bid/95814>) / NVD: [CVE-2017-3732](<https://nvd.nist.gov/vuln/detail/CVE-2017-3732>) \n**Impact** | Information disclosure \n**Description** | A flaw in the 64-bit Montgomery squaring implementation (used in RSA, DSA, and DHE) allows a remote attacker to obtain private key information. \n \n \n\n### REFERENCES\n\nOpenSSL Security Advisory - <https://www.openssl.org/news/secadv/20170126.txt> \n \n\n\n### REVISION \n\n2020-04-23 Advanced Secure Gateway (ASG) and ProxySG 7.1 and later versions are not vulnerable because fixes are available in 7.1.1.1. Industrial Control System Protection (ICSP) 5.4 is not vulnerable because a fix is available in 5.4.1. A fix for Security Analytics 7.2 is available in 7.2.3. Advisory status moved to Closed. \n2020-01-15 A fix will not be provided for ProxyAV 3.5. Content Analysis System (CAS) is a replacement product for ProxyAV. Please switch to a version of CAS with the vulnerability fixes. \n2019-10-02 Web Isolation is not vulnerable. \n2019-08-21 A fix for IntelligenceCenter (IC) 3.3 will not be provided. NetDialog NetX is a replacement product for IntelligenceCenter. Please switch to a version of NetX with the vulnerability fixes. \n2019-08-07 A fix for ASG 6.6 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2019-01-29 ICSP 5.4 is not vulnerable because a fix is available in 5.4.1. \n2019-01-21 Security Analytics 8.0 is not vulnerable. \n2019-01-12 A fix for Security Analytics 7.1 will not be provided. Please upgrade to a later release with the vulnerability fixes. \n2019-01-11 A fix for CA 2.1 will not be provided. Please upgrade to a later release with the vulnerability fixes. \n2018-08-07 A fix for CA 1.3 will not be provided. Please upgrade to a later release with the vulnerability fixes. \n2018-08-03 Customers who use NSP for USB cleaning can switch to a version of Industrial Control System Protection (ICSP) with fixes. \n2018-07-27 A fix for MA 4.2 is available in 4.2.12. \n2018-07-02 A fix for PolicyCenter 9.2 is available in 9.2.13p7. \n2018-07-01 A fix for PacketShaper 9.2 is available in 9.2.13p7. \n2018-06-29 A fix for Norman Shark Network Protection (NNP) 5.3 and Norman Shark SCADA Protection (NSP) 5.3 will not be provided. \n2018-06-04 A fix for PolicyCenter S-Series is available in 1.1.4.2. \n2018-04-22 CA 2.3 is not vulnerable. Reporter 10.2 is not vulnerable because a fix is available in 10.2.1.1. A fix for PacketShaper S-Series 11.6 is available in 11.6.4.2. PacketShaper S-Series 11.10 is not vulnerable. \n2018-04-12 A fix for Reporter 10.1 is available in 10.1.5.5. \n2018-02-22 A fix for SSLV 3.10 is available in 3.10.4.1. \n2018-02-05 A fix for Reporter 9.5 is available in 9.5.4.1. \n2018-01-31 A fix for ASG 6.7 is avaialble in 6.7.3.1. \n2017-11-16 A fix for PS S-Series 11.5, 11.7, and 11.8 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2017-11-15 SSLV 3.12 is not vulnerable because a fix is available in 3.12.1.1. \n2017-11-09 MC 1.11 is not vulnerable because a fix is available in 1.11.1.1. A fix for MC 1.10 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2017-11-08 CA 2.2 is not vulnerable because a fix is available in 2.2.1.1. \n2017-11-06 ASG 6.7 has a vulnerable version of OpenSSL, but is not vulnerable to known vectors of attack. \n2017-09-08 Added CVSS v2 base scores. Corrected response for Reporter 9.5 - it is vulnerable to CVE-2017-3732. \n2017-08-02 SSLV 4.1 is not vulnerable. \n2017-07-25 PS S-Series 11.9 is not vulnerable because a fix is available in 11.9.1.1. \n2017-07-23 MC 1.10 has a vulnerable version of OpenSSL, but is not vulnerable to known vectors of attack. A fix for MC 1.9 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2017-06-30 A fix for ProxySG 6.5 is available in 6.5.10.4. \n2017-06-22 Security Analytics 7.3 is not vulnerable because a fix is available in 7.3.1. \n2017-06-05 PS S-Series 11.8 has a vulnerable version of OpenSSL, but is not vulnerable to known vectors of attack. A fix is not available a this time. \n2017-05-22 UA 4.8 is not vulnerable because a fix is available in 4.8.0. \n2017-05-19 A fix for ProxySG 6.6 is available in 6.6.5.8. \n2017-05-18 CAS 2.1 has a vulnerable version of OpenSSL, but is not vulnerable to known vectors of attack. \n2017-04-30 A fix for Director 6.1 is available in 6.1.23.1. \n2017-04-29 A fix for CacheFlow 3.4 is available in 3.4.2.8. \n2017-04-19 A fix for ProxySG 6.7 is available in 6.7.1.2. \n2017-04-11 A fix for SSLV 3.11 is available in 3.11.3.1. \n2017-03-30 A fix for SSLV 4.0 is available in 4.0.2.1. MC 1.9 has a vulnerable version of OpenSSL, but is not vulnerable to known vectors of attack. \n2017-03-08 ProxySG 6.7 is vulnerable to CVE-2017-3731. SSLV 4.0 has a vulnerable version of OpenSSL, but is not vulnerable to known vectors of attack. \n2017-02-09 initial public release\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-02-09T08:00:00", "type": "symantec", "title": "SA141 : OpenSSL Vulnerabilities 26-Jan-2017", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3730", "CVE-2017-3731", "CVE-2017-3732"], "modified": "2021-05-04T20:40:42", "id": "SMNTC-1395", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "fortinet": [{"lastseen": "2022-04-28T11:46:53", "description": "The OpenSSL project released an advisory on Jan 26th, 2017, describing 3 Moderate, 1 Low severity vulnerabilities, as listed below: \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-07-13T00:00:00", "type": "fortinet", "title": "OpenSSL Security Advisory [26 Jan 2017]", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7055", "CVE-2017-3730", "CVE-2017-3731", "CVE-2017-3732"], "modified": "2018-07-13T00:00:00", "id": "FG-IR-17-019", "href": "https://www.fortiguard.com/psirt/FG-IR-17-019", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cisco": [{"lastseen": "2022-06-05T10:03:21", "description": "On January 26, 2017, the OpenSSL Software Foundation released a security advisory that included three new vulnerabilities. The foundation also released one vulnerability that was already disclosed in the OpenSSL advisory for November 2016 and included in the Cisco Security Advisory Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016 [\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161114-openssl\"]. OpenSSL classifies all the new vulnerabilities as \u201cModerate Severity.\u201d\n\nThe first vulnerability affects only OpenSSL used on 32-bit systems architecture and may cause OpenSSL to crash. The second vulnerability affects only version 1.1.0 and occurs only when OpenSSL is used on the client side. The second vulnerability may cause OpenSSL to crash when connecting to a malicious server. The third vulnerability affects only systems based on x86_64 architecture. A successful exploit of the third vulnerability could allow the attacker to access sensitive private key information.\n\nMultiple Cisco products incorporate a version of the OpenSSL package that is affected by one or more of these vulnerabilities.\n\nThere are no Cisco products affected by the vulnerability identified by CVE ID CVE-2017-3730.\n\nOn February 16, 2017, the OpenSSL Software Foundation released another security advisory that included one high severity vulnerability identified by CVE ID CVE-2017-3733.\n\nThere are no Cisco products affected by this vulnerability.\n\nThis advisory is available at the following link:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170130-openssl [\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170130-openssl\"]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-01-30T21:28:00", "type": "cisco", "title": "Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3730", "CVE-2017-3731", "CVE-2017-3732", "CVE-2017-3733"], "modified": "2017-07-05T11:43:00", "id": "CISCO-SA-20170130-OPENSSL", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170130-openssl", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "freebsd": [{"lastseen": "2022-01-19T15:51:31", "description": "\n\nThe OpenSSL project reports:\n\n\nTruncated packet could crash via OOB read (CVE-2017-3731)\nBad (EC)DHE parameters cause a client crash (CVE-2017-3730)\nBN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)\nMontgomery multiplication may produce incorrect results (CVE-2016-7055)\n\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-01-26T00:00:00", "type": "freebsd", "title": "OpenSSL -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7055", "CVE-2017-3730", "CVE-2017-3731", "CVE-2017-3732"], "modified": "2017-05-26T00:00:00", "id": "D455708A-E3D3-11E6-9940-B499BAEBFEAF", "href": "https://vuxml.freebsd.org/freebsd/d455708a-e3d3-11e6-9940-b499baebfeaf.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "gentoo": [{"lastseen": "2022-01-17T19:05:41", "description": "### Background\n\nOpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library. \n\n### Description\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker is able to crash applications linked against OpenSSL or could obtain sensitive private-key information via an attack against the Diffie-Hellman (DH) ciphersuite. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll OpenSSL users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/openssl-1.0.2k\"", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-02-14T00:00:00", "type": "gentoo", "title": "OpenSSL: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7055", "CVE-2017-3730", "CVE-2017-3731", "CVE-2017-3732"], "modified": "2017-02-14T00:00:00", "id": "GLSA-201702-07", "href": "https://security.gentoo.org/glsa/201702-07", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ibm": [{"lastseen": "2022-06-28T22:05:50", "description": "## Summary\n\nOpenSSL is used by IBM i. IBM i has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2017-3730_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3730>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. By sending specially crafted parameters for a DHE or ECDHE key exchange, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121311_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121311>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n \n\n\n**CVEID:** [_CVE-2017-3731_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3731>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read when using a specific cipher. By sending specially crafted truncated packets, a remote attacker could exploit this vulnerability using CHACHA20/POLY1305 to cause the application to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121312_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121312>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n \n \n \n\n\n**CVEID:** [_CVE-2017-3732_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3732>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a propagation error in the BN_mod_exp() function. An attacker could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121313_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121313>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n \n \n \n\n\n**CVEID:** [_CVE-2016-7055_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7055>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error in a Broadwell-specific Montgomery multiplication procedure. By sending specially crafted data, a remote attacker could exploit this vulnerability to trigger errors in public-key operations in configurations where multiple remote clients select an affected EC algorithm and cause a denial of service. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118748_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118748>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nReleases 7.1, 7.2 and 7.3 of IBM i are affected. \n\n## Remediation/Fixes\n\nThe issue can be fixed by applying a PTF to IBM i. \n \nReleases 7.1, 7.2 and 7.3 of IBM i are supported and will be fixed. \n\n[_http://www-933.ibm.com/support/fixcentral/_](<http://www-933.ibm.com/support/fixcentral/>)\n\n \nThe IBM i PTF numbers are: \n \n**Release 7.1 \u2013 SI63657** \n**Release 7.2 &amp; 7.3 \u2013 SI63656** \n \n**_Important note: _**_IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products._\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Type\":\"MASTER\",\"Line of Business\":{\"code\":\"LOB57\",\"label\":\"Power\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Product\":{\"code\":\"SWG60\",\"label\":\"IBM i\"},\"Platform\":[{\"code\":\"PF012\",\"label\":\"IBM i\"}],\"Version\":\"7.1.0\"}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-12-18T14:26:38", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM i", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7055", "CVE-2017-3730", "CVE-2017-3731", "CVE-2017-3732"], "modified": "2019-12-18T14:26:38", "id": "9C1D1FE90E2F187821C270EFC3B5F3A57AF88428D8DB76F072CD050048739C9F", "href": "https://www.ibm.com/support/pages/node/667857", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-28T22:06:33", "description": "## Summary\n\nMultiple vulnerabilitieshave been identified in OpenSSL (OpenSSL and Node.JS consumers) . OpenSSL is used by IBM Cloud Manager. IBM Cloud Manager has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2017-3730_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3730>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. By sending specially crafted parameters for a DHE or ECDHE key exchange, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121311_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121311>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2017-3731_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3731>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read when using a specific cipher. By sending specially crafted truncated packets, a remote attacker could exploit this vulnerability using CHACHA20/POLY1305 to cause the application to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121312_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121312>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2017-3732_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3732>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a propagation error in the BN_mod_exp() function. An attacker could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121313_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121313>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-7055_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7055>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error in a Broadwell-specific Montgomery multiplication procedure. By sending specially crafted data, a remote attacker could exploit this vulnerability to trigger errors in public-key operations in configurations where multiple remote clients select an affected EC algorithm and cause a denial of service. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118748_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118748>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nIBM Cloud Manager with OpenStack 4.3.0 through 4.3.0.8, \nIBM Cloud Manager with OpenStack 4.1.0 through 4.1.0.5,\n\n## Remediation/Fixes\n\nProduct\n\n| VRMF| APAR| Remediation/First Fix \n---|---|---|--- \nIBM Cloud Manager with OpenStack| 4.1| None| IBM Cloud Manager with Openstack 4.1 interim fix 8 for fix pack 5: \n[`_http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FCloud+Manager+with+Openstack&fixids=4.1.0.5-IBM-CMWO-IF008&source=SAR_`](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FCloud+Manager+with+Openstack&fixids=4.1.0.5-IBM-CMWO-IF008&source=SAR>) \nIBM Cloud Manager with OpenStack| 4.3| None| IBM Cloud Manager with Openstack 4.3 interim fix 1 for fix pack 8: \n[](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FCloud+Manager+with+Openstack&fixids=4.3.0.7-IBM-CMWO-FP07&source=SAR&function=fixId&parent=ibm/Other%20software>)[](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FCloud+Manager+with+Openstack&fixids=4.3.0.8-IBM-CMWO-IF001&source=SAR>)[`_http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FCloud+Manager+with+Openstack&fixids=4.3.0.8-IBM-CMWO-IF001&source=SAR_`](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FCloud+Manager+with+Openstack&fixids=4.3.0.8-IBM-CMWO-IF001&source=SAR>) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n&lt; 06 September 2017 &gt;: Original version published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SST55W\",\"label\":\"IBM Cloud Manager with OpenStack\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"4.1.0;4.3.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-08-08T04:13:55", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Cloud Manager", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7055", "CVE-2017-3730", "CVE-2017-3731", "CVE-2017-3732"], "modified": "2018-08-08T04:13:55", "id": "374411ADB66A6B6C60B3EE4DE9977ADF2AE7482BB4DDC9927957858BCCD39B02", "href": "https://www.ibm.com/support/pages/node/631885", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-28T22:10:36", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on January 26, 2017 by the OpenSSL Project. OpenSSL was used by IBM FSM SMIA configuration tool (commonly known as Network Advisor). This bulletin addresses the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2017-3730_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3730>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. By sending specially crafted parameters for a DHE or ECDHE key exchange, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121311_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121311>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2017-3731_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3731>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read when using a specific cipher. By sending specially crafted truncated packets, a remote attacker could exploit this vulnerability using CHACHA20/POLY1305 to cause the application to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121312_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121312>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2017-3732_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3732>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a propagation error in the BN_mod_exp() function. An attacker could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121313_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121313>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-7055_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7055>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error in a Broadwell-specific Montgomery multiplication procedure. By sending specially crafted data, a remote attacker could exploit this vulnerability to trigger errors in public-key operations in configurations where multiple remote clients select an affected EC algorithm and cause a denial of service. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118748_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118748>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nFlex System Manager 1.3.4.0 \nFlex System Manager 1.3.3.0 \nFlex System Manager 1.3.2.1 \nFlex System Manager 1.3.2.0 \n\n## Remediation/Fixes\n\nIBM recommends updating the FSM SMIA configuration tool using the instructions referenced in this table. \n \n**IMPORTANT: **Before installing a SMIA iFix you need to determine the version that is currently installed. To determine the SMIA version level installed on the FSM log into your FSM Web-based UI and navigate to the Home page then the Applications tab. The version is listed next to the \"SMIA Configuration Tool\" link. \n\n * If your SMIA version is less than 12.3.4, update your FSM using the instructions listed in this Security Bulletin (<https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098656>), restart the FSM and then install the iFix listed in this table. \n * If your version is 12.3.4 or greater, then install the iFix listed in this table.\n \n\n\nProduct | \n\nVRMF | \n\nAPAR | \n\nSMIA Remediation \n---|---|---|--- \nFlex System Manager| \n\n1.3.4.0 | \n\nIT18573\n\n| Install [fsmfix1.3.4.0_IT18573](<https://www-945.ibm.com/support/fixcentral/systemx/selectFixes?product=ibm%2Fsystemx%2F8731&fixids=fsmfix1.3.4.0_IT18573&function=fixId&parent=Flex%20System%20Manager%20Node>) \nFlex System Manager| \n\n1.3.3.0 | \n\nIT18573\n\n| Install [fsmfix1.3.3.0_IT18573](<https://www-945.ibm.com/support/fixcentral/systemx/selectFixes?product=ibm%2Fsystemx%2F8731&fixids=fsmfix1.3.3.0_IT18573&function=fixId&parent=Flex%20System%20Manager%20Node>) \nFlex System Manager| \n\n1.3.2.1 \n1.3.2.0 | \n\nIT18573\n\n| [](<https://www-945.ibm.com/support/fixcentral/systemx/selectFixes?product=ibm%2Fsystemx%2F8731&fixids=fsmfix1.3.3.0_IT12600_IT17778&function=fixId&parent=Flex%20System%20Manager%20Node>)Install [fsmfix1.3.2.0_IT18573](<https://www-945.ibm.com/support/fixcentral/systemx/selectFixes?product=ibm%2Fsystemx%2F8731&fixids=fsmfix1.3.2.0_IT18573&function=fixId&parent=Flex%20System%20Manager%20Node>) \n \nFor a complete list of FSM security bulletins refer to this technote: [http://www-01.ibm.com/support/docview.wss?uid=nas7797054ebc3d9857486258027006ce4a0&amp;myns=purflex&amp;mync=E&amp;cm_sp=purflex-_-NULL-_-E](<http://www-01.ibm.com/support/docview.wss?uid=nas7797054ebc3d9857486258027006ce4a0&myns=purflex&mync=E&cm_sp=purflex-_-NULL-_-E>) \n \nFor 1.1.x.x, 1.2.x.x, 1.3.0.x and 1.3.1.x IBM recommends upgrading to a fixed, supported version/release of the product. (x=any number) \n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n10 February 2017: Original version published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"HW94A\",\"label\":\"Flex System Manager Node\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"Version Independent\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-18T01:35:03", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Flex System Manager (FSM) Storage Manager Install Anywhere (SMIA) configuration tool", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7055", "CVE-2017-3730", "CVE-2017-3731", "CVE-2017-3732"], "modified": "2018-06-18T01:35:03", "id": "4337F9AE4A5A2285A37D88E12A5DAC941D106D987FD93F7005C756BEB07720F5", "href": "https://www.ibm.com/support/pages/node/630613", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-28T22:09:28", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on January 26, 2017 by the OpenSSL Project. OpenSSL is used by Rational Reporting for Development Intelligence (RRDI). RRDI has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2017-3730](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3730>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. By sending specially crafted parameters for a DHE or ECDHE key exchange, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/121311> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2017-3731](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3731>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read when using a specific cipher. By sending specially crafted truncated packets, a remote attacker could exploit this vulnerability using CHACHA20/POLY1305 to cause the application to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/121312> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2017-3732](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3732>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a propagation error in the BN_mod_exp() function. An attacker could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/121313> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2016-7055](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7055>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error in a Broadwell-specific Montgomery multiplication procedure. By sending specially crafted data, a remote attacker could exploit this vulnerability to trigger errors in public-key operations in configurations where multiple remote clients select an affected EC algorithm and cause a denial of service. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118748> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product(s) and Version(s) \n---|--- \nRRDI 2.0, 2.0.1, 2.0.3 and 2.0.4| Cognos BI 10.1.1 \nRRDI 2.0.5 and 2.0.6| Cognos BI 10.2.1 \nRRDI 5.0, 5.0.1 and 5.0.2| Cognos BI 10.2.1 Fix pack 2 \nJazz Reporting Service 5.0, 5.0.1 and 5.0.2 \n \n## Remediation/Fixes\n\n \nApply the recommended fixes to all affected versions of RRDI. \n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**RRDI 2.0, 2.0.1, 2.0.3 and 2.0.4** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.1.1 Interim Fix 22 (Implemented by file 10.1.6306.521)](<http://www-01.ibm.com/support/docview.wss?uid=swg24043663>). \nReview technote [1679281: Install a Cognos Business Intelligence 10.1.1 fix package in Rational Reporting for Development Intelligence 2.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679281>) for the detailed instructions for patch application.\n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**RRDI 2.0.5 and 2.0.6 ** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.2.1 Interim Fix 20 (Implemented by file 10.2.5000.539)](<http://www-01.ibm.com/support/docview.wss?uid=swg24043664>). \nReview technote [1679283: Installing Cognos Business Intelligence 10.2.1.x fix pack in Rational Reporting for Development Intelligence 2.0.x/5.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679283>) for the detailed instructions for patch application.\n \n**RRDI 5.0 and 5.0.1 and 5.0.2 ** \n \n\n\n * If the Cognos-based reporting server is used, also perform this step. \nDownload the [IBM Cognos Business Intelligence 10.2.1.1 Interim Fix 19 (Implemented by file 10.2.5012.508)](<http://www-01.ibm.com/support/docview.wss?uid=swg24043664>). \nReview technote [1679283: Installing Cognos Business Intelligence 10.2.1.x fix pack in Rational Reporting for Development Intelligence 2.0.x/5.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679283>) for the detailed instructions for patch application.\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n18 July 2017: Initial publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n## Internal Use Only\n\nPSIRT # 7744 Record # 90309\n\n[{\"Product\":{\"code\":\"SSAVQ5\",\"label\":\"Rational Reporting for Development Intelligence\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud &amp; Data Platform\"},\"Component\":\"Report Server\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"2.0;2.0.1;2.0.3;2.0.4;2.0.5;2.0.6;5.0;5.0.1;5.0.2\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-17T05:22:48", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect Rational Reporting for Development Intelligence", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7055", "CVE-2017-3730", "CVE-2017-3731", "CVE-2017-3732"], "modified": "2018-06-17T05:22:48", "id": "0F4490A26A7A5960275AF6437143D350A19CD931C617E64E2575EA3E557FDA61", "href": "https://www.ibm.com/support/pages/node/564739", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-28T22:15:31", "description": "## Summary\n\nMultiple N series products incorporate the OpenSSL software libraries to provide cryptographic capabilities. OpenSSL versions below 1.0.2k and 1.1.0d are susceptible to vulnerabilities that could lead to out-of-bound reads, process crashes, Denial of Service (DoS) attacks, or incorrect results. Multiple N series products has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2017-3730_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3730>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. By sending specially crafted parameters for a DHE or ECDHE key exchange, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121311_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121311>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2017-3731_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3731>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read when using a specific cipher. By sending specially crafted truncated packets, a remote attacker could exploit this vulnerability using CHACHA20/POLY1305 to cause the application to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121312_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121312>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2017-3732_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3732>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a propagation error in the BN_mod_exp() function. An attacker could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121313_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121313>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-7055_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7055>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error in a Broadwell-specific Montgomery multiplication procedure. By sending specially crafted data, a remote attacker could exploit this vulnerability to trigger errors in public-key operations in configurations where multiple remote clients select an affected EC algorithm and cause a denial of service. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118748_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118748>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nData ONTAP operating in 7-Mode: 8.2.1, 8.2.2, 8.2.3, 8.2.4; \nSnapDrive for Windows: 7.1.1, 7.1.2, 7.1.3, 7.1.4;\n\n## Remediation/Fixes\n\nFor_ _Data ONTAP operating in 7-Mode: the fix exists from microcode version 8.2.5; \nFor_ _SnapDrive for Windows: the fix exists from microcode version 7.1.4P1; \nPlease contact IBM support or go to this [_link_](<https://www-945.ibm.com/support/fixcentral/>) to download a supported release. \n\n## Workarounds and Mitigations\n\nNone.\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n3 May 2018: Original Version Published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n## Internal Use Only\n\n<https://security.netapp.com/advisory/ntap-20170127-0001/>\n\n[{\"Product\":{\"code\":\"STSTMW\",\"label\":\"Data ONTAP - Network Attached Storage (NAS)\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"\",\"label\":\"Data ONTAP\"}],\"Version\":\"8.2;8.2.1;8.2.1RC1;8.2.2;8.2.3;8.2.4;8.2.5\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-12-15T18:05:07", "type": "ibm", "title": "Security Bulletin: Jnuary 2017 OpenSSL Vulnerabilities affect Multiple N series Products", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7055", "CVE-2017-3730", "CVE-2017-3731", "CVE-2017-3732"], "modified": "2021-12-15T18:05:07", "id": "7FE72ED4C858FD4F010CC95764D03AAC86CD4C73FE6C4B388FE981C9E76DD0F6", "href": "https://www.ibm.com/support/pages/node/650961", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-28T22:12:20", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on Dec 16, 2016 by the OpenSSL Project. OpenSSL is used by IBM Worklight and IBM MobileFirst Platform Foundation. IBM Worklight and IBM MobileFirst Platform Foundation have addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2017-3730_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3730>)**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. By sending specially crafted parameters for a DHE or ECDHE key exchange, a remote attacker could exploit this vulnerability to cause the application to crash.CVSS Base Score: 5.3CVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121311_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121311>) for the current scoreCVSS Environmental Score*: UndefinedCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2017-3731_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3731>)**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read when using a specific cipher. By sending specially crafted truncated packets, a remote attacker could exploit this vulnerability using CHACHA20/POLY1305 to cause the application to crash.CVSS Base Score: 5.3CVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121312_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121312>) for the current scoreCVSS Environmental Score*: UndefinedCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2017-3732_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3732>)**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a propagation error in the BN_mod_exp() function. An attacker could exploit this vulnerability to obtain information about the private key.CVSS Base Score: 5.3CVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121313_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121313>) for the current scoreCVSS Environmental Score*: UndefinedCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-7055_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7055>)**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error in a Broadwell-specific Montgomery multiplication procedure. By sending specially crafted data, a remote attacker could exploit this vulnerability to trigger errors in public-key operations in configurations where multiple remote clients select an affected EC algorithm and cause a denial of service.CVSS Base Score: 5.3CVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118748_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118748>) for the current scoreCVSS Environmental Score*: UndefinedCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nIBM MobileFirst Platform Foundation 8.0.0.0 \nIBM MobileFirst Platform Foundation 7.1.0.0 \nIBM MobileFirst Platform Foundation 7.0.0.0 \nIBM MobileFirst Platform Foundation 6.3.0.0 \nIBM Worklight Enterprise Edition 6.2.0.1 \nIBM Worklight Enterprise Edition 6.1.0.2\n\n## Remediation/Fixes\n\n**Product**\n\n| **VRMF**| **APAR**| **Remediation/First Fix** \n---|---|---|--- \nIBM Worklight| 6.x| PI86907| Download the latest iFix for [_IBM Worklight Enterprise Edition on FixCentral_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EOther%2Bsoftware&product=ibm/Other+software/IBM+Worklight+Enterprise+Edition&release=All&platform=All&function=all&source=fc>) \nDownload the latest iFix for [_IBM Worklight Consumer Edition on FixCentral_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EOther%2Bsoftware&product=ibm/Other+software/IBM+Worklight+Consumer+Edition&release=All&platform=All&function=all&source=fc>) \nIBM Mobile Foundation| 6.x| Download the latest iFix for [_IBM Mobile Foundation Enterprise Edition on FixCentral_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EOther%2Bsoftware&product=ibm/Other+software/IBM+Mobile+Foundation+Enterprise+Edition&release=All&platform=All&function=all&source=fc>) \nDownload the latest iFix for [_IBM Mobile Foundation Consumer Edition on FixCentral_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EOther%2Bsoftware&product=ibm/Other+software/IBM+Mobile+Foundation+Enterprise+Edition&release=All&platform=All&function=all&source=fc>) \nIBM MobileFirst Platform Foundation| 6.x and 7.x| Download the latest iFix for [_IBM MobileFirst Platform Foundation on FixCentral_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EOther%2Bsoftware&product=ibm/Other+software/IBM+MobileFirst+Platform+Foundation&release=All&platform=All&function=all&source=fc>) \nIBM MobileFirst Platform Foundation| 8.0| PI86907| Download the latest iFix for [_IBM MobileFirst Platform Foundation on FixCentral_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%2Bsoftware&product=ibm/Other+software/IBM+MobileFirst+Platform+Foundation&release=8.0.0.0&platform=All&function=all&source=fc>) \n \n**Note:** CVE-2017-3730 does not affect OpenSSL version 1.0.2. Please refer link below for further details \u2013 \n<https://www.openssl.org/news/secadv/20170126.txt>\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n[_Complete CVSS v3 Guide_](<http://www.first.org/cvss/user-guide>) [](<http://www.first.org/cvss/calculator/3.0>) \n[_On-line Calculator v3_](<http://www.first.org/cvss/calculator/3.0>)\n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n[_IBM Secure Engineering Web Portal_](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[_IBM Product Security Incident Response Blog_](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\nNone\n\n## Change History\n\n22/09/2017 - Publish\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSVNUQ\",\"label\":\"IBM MobileFirst Platform Foundation\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud &amp; Data Platform\"},\"Component\":\"Security\",\"Platform\":[{\"code\":\"\",\"label\":\"Apple iOS\"},{\"code\":\"\",\"label\":\"Google Android\"}],\"Version\":\"6.3;7.0;7.1;6.1;6.2;8.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-17T22:33:35", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7055", "CVE-2017-3730", "CVE-2017-3731", "CVE-2017-3732"], "modified": "2018-06-17T22:33:35", "id": "ACF676405BBB5AE27485D9F48AD72AC6E8FE2D60EE0D4B0D45374459BCE07DA3", "href": "https://www.ibm.com/support/pages/node/609313", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-28T22:01:02", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on January 26, 2017 by the OpenSSL Project. OpenSSL is used by Rational Insight. Rational Insight has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2017-3730](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3730>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. By sending specially crafted parameters for a DHE or ECDHE key exchange, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/121311> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2017-3731](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3731>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read when using a specific cipher. By sending specially crafted truncated packets, a remote attacker could exploit this vulnerability using CHACHA20/POLY1305 to cause the application to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/121312> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2017-3732](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3732>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a propagation error in the BN_mod_exp() function. An attacker could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/121313> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2016-7055](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7055>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error in a Broadwell-specific Montgomery multiplication procedure. By sending specially crafted data, a remote attacker could exploit this vulnerability to trigger errors in public-key operations in configurations where multiple remote clients select an affected EC algorithm and cause a denial of service. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118748> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product(s) and Version(s) \n---|--- \nRational Insight 1.1, 1.1.1, 1.1.1.1 and 1.1.1.2| Cognos BI 10.1.1 \nRational Insight 1.1.1.3| Cognos BI 10.2.1 \nRational Insight 1.1.1.4, 1.1.1.5 and 1.1.1.6| Cognos BI 10.2.1 Fix pack 2 \nJazz Reporting Service 5.0, 5.0.1 and 5.0.2 \nRational Insight 1.1.1.7| Cognos BI 10.2.1 Fix pack 2 \nJazz Reporting Service 6.0 \n \n## Remediation/Fixes\n\n \nApply the recommended fixes to all affected versions of Rational Insight. \n \n**Rational Insight 1.1 ** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.1.1 Interim Fix 22 (Implemented by file 10.1.6306.521)](<http://www-01.ibm.com/support/docview.wss?uid=swg24043663>). \nReview technote [1679272: Install a Cognos Business Intelligence 10.1.1 fix package in Rational Insight 1.1](<http://www-01.ibm.com/support/docview.wss?uid=swg21679272>) for detailed instructions.\n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**Rational Insight 1.1.1, 1.1.1.1 and 1.1.1.2 ** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.1.1 Interim Fix 22 (Implemented by file 10.1.6306.521)](<http://www-01.ibm.com/support/docview.wss?uid=swg24043663>). \nRead technote [1679281: Install a Cognos Business Intelligence 10.1.1 fix package in Rational Reporting for Development Intelligence 2.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679281>) for the detailed instructions for patch application.\n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**Rational Insight 1.1.1.3 ** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.2.1 Interim Fix 20 (Implemented by file 10.2.5000.539)](<http://www-01.ibm.com/support/docview.wss?uid=swg24043664>). \nReview technote [1679283: Installing Cognos Business Intelligence 10.2.1.x fix pack in Rational Reporting for Development Intelligence 2.0.x/5.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679283>) for the detailed instructions for patch application.\n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**Rational Insight 1.1.1.4 and 1.1.1.5 and 1.1.1.6 and 1.1.1.7 ** \n \n\n\n * If the Cognos-based reporting server is used, also perform this step. \nDownload the [IBM Cognos Business Intelligence 10.2.1.1 Interim Fix 19 (Implemented by file 10.2.5012.508)](<http://www-01.ibm.com/support/docview.wss?uid=swg24043664>). \nReview technote [1679283: Installing Cognos Business Intelligence 10.2.1.x fix pack in Rational Reporting for Development Intelligence 2.0.x/5.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679283>) for the detailed instructions for patch application.\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n18 July 2017: Initial publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n## Internal Use Only\n\nPSIRT # 7744 Record # 90310\n\n[{\"Product\":{\"code\":\"SSRL5J\",\"label\":\"Rational Insight\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud &amp; Data Platform\"},\"Component\":\"General Information\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"1.1;1.1.1;1.1.1.1;1.1.1.2;1.1.1.3;1.1.1.4;1.1.1.5;1.1.1.6;1.1.1.7\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-17T05:22:48", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect Rational Insight", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7055", "CVE-2017-3730", "CVE-2017-3731", "CVE-2017-3732"], "modified": "2018-06-17T05:22:48", "id": "C2E8B6DDE464206AEDDA1C71AA033CD48E5CBB40D6C71D0239B45AA056C35190", "href": "https://www.ibm.com/support/pages/node/564741", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-28T22:06:21", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on January 26, 2017 by the OpenSSL Project. OpenSSL is used by IBM InfoSphere Information Server. IBM InfoSphere Information Server has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2017-3731_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3731>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read when using a specific cipher. By sending specially crafted truncated packets, a remote attacker could exploit this vulnerability using CHACHA20/POLY1305 to cause the application to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121312_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121312>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2017-3732_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3732>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a propagation error in the BN_mod_exp() function. An attacker could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121313_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121313>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-7055_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7055>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error in a Broadwell-specific Montgomery multiplication procedure. By sending specially crafted data, a remote attacker could exploit this vulnerability to trigger errors in public-key operations in configurations where multiple remote clients select an affected EC algorithm and cause a denial of service. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118748_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118748>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nThe following products, running on all supported platforms, are affected: \nIBM InfoSphere Information Server: versions 9.1, 11.3, 11.5 and 11.7 \nIBM InfoSphere Information Server on Cloud: version 11.5\n\n## Remediation/Fixes\n\n \n\n\n_Product_| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nInfoSphere Information Server| 11.7| [_JR57654_](<http://www.ibm.com/support/docview.wss?uid=swg1JR57654>)| \\--Upgrade to [_DataDirect ODBC drivers version 7.1.6_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&release=11.7&function=fixId&fixids=is_ddodbc_7.1.6_server*>) \n\\--Use [_TechNote_](<http://www-01.ibm.com/support/docview.wss?uid=swg21980217>) to choose which OpenSSL version the drivers will use \n\\--Use [_TechNote_](<http://www-01.ibm.com/support/docview.wss?uid=swg21679867>) to follow additional post installation configuration steps \nInfoSphere Information Server, Information Server on Cloud| 11.5| [_JR57654_](<http://www.ibm.com/support/docview.wss?uid=swg1JR57654>)| \\--Upgrade to [_DataDirect ODBC drivers version 7.1.6_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&release=11.5&function=fixId&fixids=is_ddodbc_7.1.6_server*>) \n\\--Use [_TechNote_](<http://www-01.ibm.com/support/docview.wss?uid=swg21980217>) to choose which OpenSSL version the drivers will use \n\\--Use [_TechNote_](<http://www-01.ibm.com/support/docview.wss?uid=swg21679867>) to follow additional post installation configuration steps \nInfoSphere Information Server| 11.3| [_JR57654_](<http://www.ibm.com/support/docview.wss?uid=swg1JR57654>)| \\--Upgrade to [_DataDirect ODBC drivers version 7.1.6_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&release=11.3.1&function=fixId&fixids=is_ddodbc_7.1.6_server*>) \n\\--Use [_TechNote_](<http://www-01.ibm.com/support/docview.wss?uid=swg21980217>) to choose which OpenSSL version the drivers will use \n\\--Use [_TechNote_](<http://www-01.ibm.com/support/docview.wss?uid=swg21679867>) to follow additional post installation configuration steps \nInfoSphere Information Server| 9.1| [_JR57654_](<http://www.ibm.com/support/docview.wss?uid=swg1JR57654>)| \\--Upgrade to [_DataDirect ODBC drivers version 7.1.6_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&release=9.1&function=fixId&fixids=is91_ddodbc_7.1.6_server*>) \n\\--Use [_TechNote_](<http://www-01.ibm.com/support/docview.wss?uid=swg21980217>) to choose which OpenSSL version the drivers will use \n\\--Use [_TechNote_](<http://www-01.ibm.com/support/docview.wss?uid=swg21679867>) to follow additional post installation configuration steps \n \nFor IBM InfoSphere Information Server version 8.7, IBM recommends upgrading to a fixed, supported version/release/platform of the product. \n\n## Workarounds and Mitigations\n\nCVE-2017-3731 \u2013Disable RC4 and MD5 cipher suites. \nCVE-2017-3732 \u2013Avoid or disable DHE cipher suites. \n \nCipher suites can be disabled by using the hidden connection option \u201cCipherList\u201d. This controls which cipher suites can be used by the driver. For information on the format of CipherList, refer to [_https://www.openssl.org/docs/man1.0.2/apps/ciphers.html_](<https://www.openssl.org/docs/man1.0.2/apps/ciphers.html>) \n \nFor example, to disable the RC4 and MD5, specify the following value for the undocumented CipherList connection option: \nCipherList=DEFAULT:-RC4:-MD5 \n \nIf you have already specified a value for CipherList, add the following to the existing value: \nDEFAULT:-RC4:-MD5\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n26 May 2017: Original Version Published \n16 Feb 2018: Added version 11.7 remediation \n20 April 2018: Updated links in Remediation table to filter by release. The 9.1 driver version was not changed, but the release date changed due to re-publish.\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSZJPZ\",\"label\":\"IBM InfoSphere Information Server\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF010\",\"label\":\"HP-UX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"9.1;11.5;11.3;11.7\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}},{\"Product\":{\"code\":\"SSZJPZ\",\"label\":\"IBM InfoSphere Information Server\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF010\",\"label\":\"HP-UX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"9.1;11.5;11.3;11.7\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-16T13:47:58", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect IBM InfoSphere Information Server", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7055", "CVE-2017-3731", "CVE-2017-3732"], "modified": "2018-06-16T13:47:58", "id": "8A3C4FBF20635DD01A5B58269ABD76FF6451A13FCBB437C76C92D2484A5C9ECA", "href": "https://www.ibm.com/support/pages/node/559877", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-28T21:59:18", "description": "## Summary\n\nOpenSSL is shipped with Tivoli Network Manager IP Edition. Information about security vulnerabilities affecting OpenSSL have been published in a security bulletin.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2017-3731_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3731>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read when using a specific cipher. By sending specially crafted truncated packets, a remote attacker could exploit this vulnerability using CHACHA20/POLY1305 to cause the application to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121312_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121312>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2017-3732_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3732>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a propagation error in the BN_mod_exp() function. An attacker could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121313_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121313>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-7055_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7055>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error in a Broadwell-specific Montgomery multiplication procedure. By sending specially crafted data, a remote attacker could exploit this vulnerability to trigger errors in public-key operations in configurations where multiple remote clients select an affected EC algorithm and cause a denial of service. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118748_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118748>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nIBM Tivoli Network Manager IP Edition 3.9 Fix Pack 4** **\n\n## Remediation/Fixes\n\n**Product**\n\n| **VRMF**| **APAR**| **Remediation/First Fix** \n---|---|---|--- \n \n| \n| \n| \n \nIBM Tivoli Network Manager IP Edition 3.9 | 3.9.0.4 | IV94607| Please call IBM service and reference APAR IV94607, to obtain an openssl-1.0.2k fix. Only HTTPS Support for Perl Collector Install is affected. \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n25 April 2017 : Original Version Published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSSHRK\",\"label\":\"Tivoli Network Manager IP Edition\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud &amp; Data Platform\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"3.9\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-17T15:39:17", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities have been identified in OpenSSL shipped with IBM Tivoli Network Manager IP Edition(CVE-2016-7055, CVE-2017-3731, CVE-2017-3732)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7055", "CVE-2017-3731", "CVE-2017-3732"], "modified": "2018-06-17T15:39:17", "id": "068E4774F9835C8E080EE324144DDF1D362B4CFF31E92E6F3B859DDEBD2C9E8C", "href": "https://www.ibm.com/support/pages/node/558971", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-28T22:02:53", "description": "## Summary\n\nOpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read when using a specific cipher. \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2017-3731](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3731>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read when using a specific cipher. By sending specially crafted truncated packets, a remote attacker could exploit this vulnerability using CHACHA20/POLY1305 to cause the application to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/121312> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n## Affected Products and Versions\n\nIBM Security Guardium V10.0, 10.0.1, 10.1, 10.1.2\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _Remediation/First Fix_ \n---|---|--- \nIBM Security Guardium| 10x| [https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Information+Management/InfoSphere+Guardium&amp;release=All&amp;platform=All&amp;function=fixId&amp;fixids=SqlGuard_10.0p6023_SecurityUpdate&amp;includeSupersedes=0&amp;source=fc](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_10.0p6023_SecurityUpdate&includeSupersedes=0&source=fc>) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n04/07/2017: Original version published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSMPHH\",\"label\":\"IBM Security Guardium\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"10.0;10.0.1;10.1;10.1.2\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-16T21:51:08", "type": "ibm", "title": "Security Bulletin: OpenSSL vulnerability affects IBM Security Guardium (CVE-2017-3731)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3731"], "modified": "2018-06-16T21:51:08", "id": "C810968492FABE70B0CBF249C3674187F1C428AC5C884D1DBAAB3F0B6A3A7FC9", "href": "https://www.ibm.com/support/pages/node/294427", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-28T22:09:14", "description": "## Summary\n\nOpenSSL is used by IBM SONAS. IBM SONAS has addressed the applicable CVEs.\n\n## Vulnerability Details\n\nOpenSSL is used in IBM SONAS for providing communication security by encrypting data being transmitted. \n \n**CVEID:** [_CVE-2017-3731_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3731>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read when using a specific cipher. By sending specially crafted truncated packets, a remote attacker could exploit this vulnerability using CHACHA20/POLY1305 to cause the application to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121312_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121312>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n## Affected Products and Versions\n\nIBM SONAS \nThe product is affected when running a code releases 1.5.0.0 to 1.5.2.5\n\n## Remediation/Fixes\n\nA fix for these issues is in version 1.5.2.6 of IBM SONAS. Customers running an affected version of SONAS should upgrade to 1.5.2.6 or a later version, so that the fix gets applied. \n \nPlease contact IBM support for assistance in upgrading your system.\n\n## Workarounds and Mitigations\n\nWorkaround(s): None \n \nMitigation(s): \nEnsure that all users who have access to the system are authenticated by another security system such as a firewall.\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n19 May 2017: Original version published.\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"STAV45\",\"label\":\"Network Attached Storage (NAS)-&gt;Scale Out Network Attached Storage\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"1.5.2.5\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"1.5\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-18T00:32:51", "type": "ibm", "title": "Security Bulletin: Vulnerability in OpenSSL affect IBM SONAS (CVE-2017-3731)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3731"], "modified": "2018-06-18T00:32:51", "id": "A40A589B8B7C643E28A9A4004401F03C17A0AC69DEA5C00BDCF2D7C08F573EA9", "href": "https://www.ibm.com/support/pages/node/697211", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-29T01:58:22", "description": "## Summary\n\nA security vulnerability has been identified in OpenSSL that is embedded in IBM FSM. This bulletin addresses this issue.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2017-3731_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3731>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read when using a specific cipher. By sending specially crafted truncated packets, a remote attacker could exploit this vulnerability using CHACHA20/POLY1305 to cause the application to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121312_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121312>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n## Affected Products and Versions\n\nFlex System Manager 1.3.4.0 \nFlex System Manager 1.3.3.0 \nFlex System Manager 1.3.2.1 \nFlex System Manager 1.3.2.0\n\n## Remediation/Fixes\n\nIBM recommends updating the FSM using the instructions referenced in this table. \n \n \n\n\nProduct | \n\nVRMF | \n\nRemediation \n---|---|--- \n \nFlex System Manager | \n\n1.3.4.0 | \n\nDisable RC4 ciphers as was described in this September 2015 security bulletin: <https://support.podc.sl.edst.ibm.com/support/home/docdisplay?lndocid=MIGR-5098709>. \n \nFlex System Manager | \n\n1.3.3.0 | \n\nDisable RC4 ciphers as was described in this September 2015 security bulletin:<https://support.podc.sl.edst.ibm.com/support/home/docdisplay?lndocid=MIGR-5098709>. \n \nFlex System Manager | \n\n1.3.2.1 \n1.3.2.0 | \n\nDisable RC4 ciphers as was described in this September 2015 security bulletin:<https://support.podc.sl.edst.ibm.com/support/home/docdisplay?lndocid=MIGR-5098709>. \n \nFor all VRMF not listed in this table, IBM recommends upgrading to a fixed and supported version/release of the product. \n \nFor a complete list of FSM security bulletins refer to this technote: [http://www-01.ibm.com/support/docview.wss?uid=nas7797054ebc3d9857486258027006ce4a0&amp;myns=purflex&amp;mync=E&amp;cm_sp=purflex-_-NULL-_-E](<http://www-01.ibm.com/support/docview.wss?uid=nas7797054ebc3d9857486258027006ce4a0&myns=purflex&mync=E&cm_sp=purflex-_-NULL-_-E>)\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n29 March 2017: Original version published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"HW94A\",\"label\":\"Flex System Manager Node\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"Version Independent\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-18T01:35:33", "type": "ibm", "title": "Security Bulletin: IBM Flex System Manager (FSM) is affected by a OpenSSL vulnerability (CVE-2017-3731)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3731"], "modified": "2018-06-18T01:35:33", "id": "ED421E5B06D77F465CCEA96D8345D19C2837ECC2D4297803042D83E3B60C624B", "href": "https://www.ibm.com/support/pages/node/630889", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-28T22:12:02", "description": "## Summary\n\nOpenSSL is used by IBM Storwize V7000 Unified. IBM Storwize V7000 Unified has addressed the applicable CVEs.\n\n## Vulnerability Details\n\nOpenSSL is used in IBM Storwize V7000 Unfied for providing communication security by encrypting data being transmitted. \n \n**CVEID:** [_CVE-2017-3731_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3731>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read when using a specific cipher. By sending specially crafted truncated packets, a remote attacker could exploit this vulnerability using CHACHA20/POLY1305 to cause the application to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121312_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121312>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n## Affected Products and Versions\n\nIBM Storwize V7000 Unified \nThe product is affected when running code releases 1.5.0.0 to 1.5.2.5 and 1.6.0.0 to 1.6.2.1\n\n## Remediation/Fixes\n\nA fix for these issues is in version 1.5.2.6 and 1.6.2.2 of IBM Storwize V7000 Unified. Customers running an affected version of IBM Storwize V7000 Unified should upgrade to 1.5.2.6 or 1.6.2.2 or a later version, so that the fix gets applied. \n \n[_Latest Storwize V7000 Unified Software_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1003918&myns=s028&mynp=OCST5Q4U&mync=E>) \n \nPlease contact IBM support for assistance in upgrading your system.\n\n## Workarounds and Mitigations\n\nWorkaround(s): None \n \nMitigation(s): Although IBM recommends that you install a level of code with a fix for this vulnerability, you can mitigate, although not eliminate, your risk until you have done so by ensuring that all users who have access to the system are authenticated by another security system such as a firewall.\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n20 July 2017: Original version published.\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"ST5Q4U\",\"label\":\"IBM Storwize V7000 Unified (2073)\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Component\":\"1.6.2\",\"Platform\":[{\"code\":\"\",\"label\":\"IBM Storwize V7000\"}],\"Version\":\"1.5;1.6.2.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-18T00:32:51", "type": "ibm", "title": "Security Bulletin: Vulnerabilitiy in OpenSSL affect IBM Storwize V7000 Unified", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3731"], "modified": "2018-06-18T00:32:51", "id": "5C71C4B21EF8CF2C7925B0511520A2651B8EF89C97FD0A4F71D6C559935F0CC2", "href": "https://www.ibm.com/support/pages/node/697213", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-28T21:57:48", "description": "## Summary\n\nVulnerabilities have been discovered in OpenSSL used in the IBM FSM. These issues are addressed in this bulletin.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-2177_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2177>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by the incorrect use of pointer arithmetic for heap-buffer boundary checks. By leveraging unexpected malloc behavior, a remote attacker could exploit this vulnerability to trigger an integer overflow and cause the application to crash. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113890_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113890>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n**CVEID:** [_CVE-2016-2178_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2178>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DSA implementation that allows the following of a non-constant time codepath for certain operations. An attacker could exploit this vulnerability using a cache-timing attack to recover the private DSA key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-2179_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2179>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service. By sending specially crafted DTLS record fragments to fill up buffer queues, a remote attacker could exploit this vulnerability to open a large number of simultaneous connections and consume all available memory resources. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116343_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116343>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-6306_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6306>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by missing message length checks when parsing certificates. A remote authenticated attacker could exploit this vulnerability to trigger an out-of-bounds read and cause a denial of service. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117112_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117112>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-2183_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-2181_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2181>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error in the DTLS replay protection implementation. By sending a specially crafted sequence number, a remote attacker could exploit this vulnerability to cause valid packets to be dropped. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116344_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116344>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-6302_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6302>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by the failure to consider the HMAC size during validation of the ticket length by the tls_decrypt_ticket function A remote attacker could exploit this vulnerability using a ticket that is too short to cause a denial of service. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117024_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117024>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-6304_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6304>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by multiple memory leaks in t1_lib.c during session renegotiation. By sending an overly large OCSP Status Request extension, a remote attacker could exploit this vulnerability to consume all available memory resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117110_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117110>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n \n**CVEID:** [_CVE-2017-3730_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3730>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. By sending specially crafted parameters for a DHE or ECDHE key exchange, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121311_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121311>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2017-3731_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3731>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read when using a specific cipher. By sending specially crafted truncated packets, a remote attacker could exploit this vulnerability using CHACHA20/POLY1305 to cause the application to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121312_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121312>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2017-3732_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3732>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a propagation error in the BN_mod_exp() function. An attacker could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121313_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121313>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nFlex System Manager 1.3.4.0 \nFlex System Manager 1.3.3.0 \nFlex System Manager 1.3.2.1 \nFlex System Manager 1.3.2.0\n\n## Remediation/Fixes\n\nIBM recommends updating the FSM using the instructions referenced in this table. \n \n\n\nProduct| \n\nVRMF\n\n| \n\nRemediation \n---|---|--- \nFlex System Manager| \n\n1.3.4.0\n\n| \n\nNavigate to the [Support Portal](<http://www-01.ibm.com/support/search.wss?rs=0&q=eServerOnDemandKBRCH&r=100&sort=desc>) and search for Technote [814790692](<http://www-01.ibm.com/support/docview.wss?uid=nas75b2a82963dc99d6e8625811000636a60>) for instructions on installing updates for FSM version 1.3.4 and Agents \nFlex System Manager| \n\n1.3.3.0\n\n| \n\nNavigate to the [Support Portal](<http://www-01.ibm.com/support/search.wss?rs=0&q=eServerOnDemandKBRCH&r=100&sort=desc>) and search for Technote [814790692](<http://www-01.ibm.com/support/docview.wss?uid=nas75b2a82963dc99d6e8625811000636a60>) for instructions on installing updates for FSM version 1.3.3 and Agents \nFlex System Manager| \n\n1.3.2.1 \n1.3.2.0\n\n| \n\nNavigate to the [Support Portal](<http://www-01.ibm.com/support/search.wss?rs=0&q=eServerOnDemandKBRCH&r=100&sort=desc>) and search for Technote [814790692](<http://www-01.ibm.com/support/docview.wss?uid=nas75b2a82963dc99d6e8625811000636a60>) for instructions on installing updates for FSM version 1.3.2 and Agents \n \nFor all VRMF not listed in this table, IBM recommends upgrading to a fixed and supported version/release of the product. \n \nFor a complete list of FSM security bulletins refer to this technote: [http://www-01.ibm.com/support/docview.wss?uid=nas7797054ebc3d9857486258027006ce4a0&amp;myns=purflex&amp;mync=E&amp;cm_sp=purflex-_-NULL-_-E](<http://www-01.ibm.com/support/docview.wss?uid=nas7797054ebc3d9857486258027006ce4a0&myns=purflex&mync=E&cm_sp=purflex-_-NULL-_-E>)\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n15 May, 2017 : Original version published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"HW94A\",\"label\":\"Flex System Manager Node\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"Version Independent\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-18T01:35:46", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect IBM Flex System Manager (FSM)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2177", "CVE-2016-2178", "CVE-2016-2179", "CVE-2016-2181", "CVE-2016-2183", "CVE-2016-6302", "CVE-2016-6304", "CVE-2016-6306", "CVE-2017-3730", "CVE-2017-3731", "CVE-2017-3732"], "modified": "2018-06-18T01:35:46", "id": "B36A668C28C4D760F6B565A18CA1708BA647B0486720FF7FEE833AC59F8D4800", "href": "https://www.ibm.com/support/pages/node/631051", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-12-30T21:50:53", "description": "## Summary\n\nTwo potential denial of service vulnerabilities have been reported by the OpenSSL project. IBM DataPower Gateways has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**Relevant CVE Information:**\n\n**CVEID:** [_CVE-2017-3731_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3731>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read when using a specific cipher. By sending specially crafted truncated packets, a remote attacker could exploit this vulnerability using CHACHA20/POLY1305 to cause the application to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121312_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121312>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-7055_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7055>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error in a Broadwell-specific Montgomery multiplication procedure. By sending specially crafted data, a remote attacker could exploit this vulnerability to trigger errors in public-key operations in configurations where multiple remote clients select an affected EC algorithm and cause a denial of service. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118748_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118748>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nCVE-2016-7055 - DataPower versions 7.2.0.0-7.2.0.13, 7.5.0.0-7.5.0.7, 7.5.1.0-7.5.1.6 and 7.5.2.0-7.5.2.6 \nCVE-2017-3731 - DataPower versions 7.0.0.0-7.0.0.18, 7.1.0.0-7.1.0.16, 7.2.0.0-7.2.0.13, 7.5.0.0-7.5.0.7, 7.5.1.0-7.5.1.6 and 7.5.2.0-7.5.2.6\n\n## Remediation/Fixes\n\nFix is available in versions 7.0.0.19, 7.1.0.17, 7.2.0.14, 7.5.0.8, 7.5.1.7, 7.5.2.7. Refer to [_APAR IT20690_](<http://www.ibm.com/support/docview.wss?uid=swg1IT20690>) for URLs to download the fix. \n \nYou should verify applying this fix does not cause any compatibility issues. \n\n_For DataPower customers using versions 6.x and earlier versions, IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n1 June 2017: Original version published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Product\":{\"code\":\"SS9H2Y\",\"label\":\"IBM DataPower Gateway\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud &amp; Data Platform\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF009\",\"label\":\"Firmware\"}],\"Version\":\"7.5.2;7.5.1;7.5;7.2;7.1;7.0.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-08-30T07:48:35", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in SSL affect IBM DataPower Gateways (CVE-2017-3731, CVE-2016-7055)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7055", "CVE-2017-3731"], "modified": "2019-08-30T07:48:35", "id": "9D369F46B0635D31A8A683338B578CAD380D46F2A6EAA8E945524F1CAD77AC5B", "href": "https://www.ibm.com/support/pages/node/561273", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-28T22:13:07", "description": "## Summary\n\nSecurity vulnerabilities have been discovered in OpenSSL, which is used by IBM Security Network Protection.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-8610_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8610>)** \nDESCRIPTION:** The SSL/TLS protocol is vulnerable to a denial of service, caused by an error when processing ALERT packets during a SSL handshake. By sending specially-crafted plain-text ALERT packets, a remote attacker could exploit this vulnerability to consume all available CPU resources. Note: This vulnerability is called \"SSL-Death-Alert\". \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118296_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118296>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n**CVEID:** [_CVE-2017-3731_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3731>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read when using a specific cipher. By sending specially crafted truncated packets, a remote attacker could exploit this vulnerability using CHACHA20/POLY1305 to cause the application to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121312_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121312>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nIBM Security Network Protection 5.3.1 \nIBM Security Network Protection 5.3.3\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _Remediation/First Fix_ \n---|---|--- \nIBM Security Network Protection| Firmware version 5.3.1| Download Firmware 5.3.1.13 from [IBM Security License Key and Download Center](<https://ibmss.flexnetoperations.com/control/isdl/home>) and upload and install via the Available Updates page of the Local Management Interface. \nIBM Security Network Protection| Firmware version 5.3.3| Download Firmware 5.3.3.3 from [IBM Security License Key and Download Center](<https://ibmss.flexnetoperations.com/control/isdl/home>) and upload and install via the Available Updates page of the Local Management Interface. \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n16 May 2017: Original Version Published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSHLHV\",\"label\":\"IBM Security Network Protection\"},\"Business Unit\":{\"code\":\"BU008\",\"label\":\"Security\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF009\",\"label\":\"Firmware\"}],\"Version\":\"5.3.1;5.3.3\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-16T21:50:31", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect IBM Security Network Protection (CVE-2016-8610, and CVE-2017-3731)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8610", "CVE-2017-3731"], "modified": "2018-06-16T21:50:31", "id": "2D6ABFD773A139FAF4A5896B0D244FEA196722BEDC26C16CCA61755624C6067D", "href": "https://www.ibm.com/support/pages/node/292505", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-28T22:12:06", "description": "## Summary\n\nThere are multiple security vulnerabilities in various components used by IBM Security Identity Governance and Intelligence regarding OpenSSL \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-8610_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8610>)** \nDESCRIPTION:** The SSL/TLS protocol is vulnerable to a denial of service, caused by an error when processing ALERT packets during a SSL handshake. By sending specially-crafted plain-text ALERT packets, a remote attacker could exploit this vulnerability to consume all available CPU resources. Note: This vulnerability is called \"SSL-Death-Alert\". \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118296_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118296>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n**CVEID:** [_CVE-2017-3731_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3731>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read when using a specific cipher. By sending specially crafted truncated packets, a remote attacker could exploit this vulnerability using CHACHA20/POLY1305 to cause the application to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121312_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121312>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nIBM Security Identity Governance and Intelligence 5.2.1 \n\n## Remediation/Fixes\n\nProduct Name \n\n| VRMF | APAR| Remediation/Fix \n---|---|---|--- \nIBM Security Identity Governance and Intelligence| 5.2.1| None| [](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=5.2.0.0&platform=Linux&function=all>)[_5.2.1.6-ISS-SIGI-IF0007_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=5.2.1.0&platform=Linux&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n26 April 2017: Published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSGHJR\",\"label\":\"IBM Security Identity Governance and Intelligence\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF004\",\"label\":\"Appliance\"}],\"Version\":\"5.2.1\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-16T21:59:07", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect IBM Security Identity Governance (CVE-2016-8610 CVE-2017-3731)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8610", "CVE-2017-3731"], "modified": "2018-06-16T21:59:07", "id": "9D74E16E695D45F37788D786140C9FB31C6F44CCE29B81D1A1A36FDFC8AFFEE7", "href": "https://www.ibm.com/support/pages/node/559259", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-28T21:58:43", "description": "## Summary\n\nPowerKVM is affected by vulnerabilities in OpenSSL. IBM has now addressed these vulnerabilities.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-8610_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8610>)** \nDESCRIPTION:** The SSL/TLS protocol is vulnerable to a denial of service, caused by an error when processing ALERT packets during a SSL handshake. By sending specially-crafted plain-text ALERT packets, a remote attacker could exploit this vulnerability to consume all available CPU resources. Note: This vulnerability is called \"SSL-Death-Alert\". \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118296_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118296>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n**CVEID:** [_CVE-2017-3731_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3731>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read when using a specific cipher. By sending specially crafted truncated packets, a remote attacker could exploit this vulnerability using CHACHA20/POLY1305 to cause the application to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121312_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121312>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nPowerKVM 2.1 and PowerKVM 3.1\n\n## Remediation/Fixes\n\nCustomers can update PowerKVM systems by using \"yum update\". \n\nFix images are made available via Fix Central. For version 3.1, see [_https://ibm.biz/BdHggw_](<https://ibm.biz/BdHggw>). This issue is addressed as of 3.1.0.2 update 5 or later.\n\nFor version 2.1, see [_https://ibm.biz/BdEnT8_](<https://ibm.biz/BdEnT8>). This issue is addressed as of PowerKVM 2.1.1.3-65 update 15 or later. Customers running v2.1 are, in any case, encouraged to upgrade to v3.1. \n\nFor v2.1 systems currently running fix levels of PowerKVM prior to 2.1.1, please see <http://download4.boulder.ibm.com/sar/CMA/OSA/05e4c/0/README> for prerequisite fixes and instructions.\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n20 Feb 2017 - Initial Version\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSZJY4\",\"label\":\"PowerKVM\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"2.1;3.1\",\"Edition\":\"KVM\",\"Line of Business\":{\"code\":\"LOB08\",\"label\":\"Cognitive Systems\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-18T01:35:10", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect PowerKVM", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8610", "CVE-2017-3731"], "modified": "2018-06-18T01:35:10", "id": "5B0B2EDD5203252F048F6F7FEAB4D8B03C3C046A6B06FEEAD861F79A36B2F860", "href": "https://www.ibm.com/support/pages/node/630689", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-28T21:57:02", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 8.5.15 used by Rational Asset Analyzer. Rational Asset Analyzer has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2017-3736](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3736>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134397> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2017-3732](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3732>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagating bug in the x86_64 Montgomery squaring procedure. An attacker could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/121313> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\n# **Product**\n\n| \n\n# **Affected Versions** \n \n---|--- \nRational Asset Analyzer | 6.1.0.0 - 6.1.0.18 \n \n## Remediation/Fixes\n\n# **Product**\n\n| \n\n# **VRMF**\n\n| \n\n# ** APAR **\n\n| \n\n# ** Remediation **/ First Fix \n \n---|---|---|--- \n \nRational Asset Analyzer\n\n| 6.1.0.19 | \n\n-\n\n| \n\n[ RAA 6.1 Fix Pack 19](<http://www-01.ibm.com/support/docview.wss?uid=swg27021389>) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n## Important Note\n\nIBM strongly suggests that all System z customers be subscribed to the System z Security Portal to receive the latest critical System z security and integrity service. If you are not subscribed, see the instructions on the [System z Security web site](<http://www.ibm.com/systems/z/solutions/security_subintegrity.html>). Security and integrity APARs and associated fixes will be posted to this portal. IBM suggests reviewing the CVSS scores and applying all security or integrity fixes as soon as possible to minimize any potential risk.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Product\":{\"code\":\"SS3JHP\",\"label\":\"Rational Asset Analyzer\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF033\",\"label\":\"Windows\"},{\"code\":\"PF035\",\"label\":\"z\\/OS\"}],\"Version\":\"All Versions\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB35\",\"label\":\"Mainframe SW\"}}]", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-12-01T05:35:01", "type": "ibm", "title": "Security Bulletin: There are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 8.5.15 used by Rational Asset Analyzer. Rational Asset Analyzer has addressed the applicable CVEs.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3732", "CVE-2017-3736"], "modified": "2018-12-01T05:35:01", "id": "9CCEB90B89301ED91DF7A501EF3103FD54D3AD611D342CF6E4B19E5105E84E35", "href": "https://www.ibm.com/support/pages/node/743097", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-06-28T22:06:24", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Workload Manager. IBM Workload Manager has addressed the applicable CVEs\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2017-3732](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3732>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a propagation error in the BN_mod_exp() function. An attacker could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/121313> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [CVE-2017-3735](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3735>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error while parsing an IPAdressFamily extension in an X.509 certificate. An attacker could exploit this vulnerability to trigger an out-of-bounds read, resulting in an incorrect text display of the certificate. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/131047> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) \n\n## Affected Products and Versions\n\nTWS uses OpenSSL only for secure communication between internal processes. \n\nFor Tivoli Workload Scheduler Distributed, TWS nodes are impacted by OpenSSL security exposures only if the TWS workstation has been defined with \u201csecuritylevel\u201d set to _on_ or _enabled_ or _force_.\n\nThese security exposures do not apply to the embedded WebSphere Application Server but only to programs installed under &lt;TWS home&gt;/bin. \n\nTivoli Workload Scheduler Distributed 8.6.0 FP04 and earlier\n\n \nTivoli Workload Scheduler Distributed 9.1.0 FP02 and earlier \nTivoli Workload Scheduler Distributed 9.2.0 FP02 and earlier \nIBM Workload Scheduler Distributed 9.3.0 FP03 and earlier \nIBM Workload Scheduler Distributed 9.4.0 FP01 and earlier \n\n## Remediation/Fixes\n\nAPAR IJ00716 has been opened to address the openssl vulnerabilities for Tivoli Workload Scheduler. \n\nThe following limited availability fixes for IJ00716 are available for download on FixCentral\n\n8.6.0-TIV-TWS-FP0004-IJ00716 \nto be applied on top of Tivoli Workload Scheduler Distributed 8.6.0 FP04\n\n9.1.0-TIV-TWS-FP0002-IJ00716 \nto be applied on top of Tivoli Workload Scheduler Distributed 9.1.0 FP02\n\n9.2.0-TIV-TWS-FP0002-IJ00716 \nto be applied on top of Tivoli Workload Scheduler Distributed 9.2.0 FP02\n\n9.3.0-TIV-TWS-FP0003-IJ00716 \nto be applied on top of Tivoli Workload Scheduler Distributed 9.3.0 FP03\n\n9.4.0-TIV-TWS-FP0001-IJ00716 \nto be applied on top of Tivoli Workload Scheduler Distributed 9.4.0 FP01\n\nFor these affected releases IJ00716, supersedes IV85683, IV82641, IV71646, IV70763, IV66395, IV66398, IV62010, IV61392, IV75062, IV91052.\n\nFor Unsupported releases IBM recommends upgrading to a fixed, supported release of the product.\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\nOctober 31st 2017: Original Version Published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSGSPN\",\"label\":\"IBM Workload Scheduler\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud &amp; Data Platform\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF010\",\"label\":\"HP-UX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"8.6;9.1;9.2;9.3;9.4\",\"Edition\":\"All Editions\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-17T15:47:06", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Workload Scheduler", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3732", "CVE-2017-3735"], "modified": "2018-06-17T15:47:06", "id": "9D892AD714895E9B8DA3E59547784D03B32EADD3AC421AB0003E3191C1AE27AD", "href": "https://www.ibm.com/support/pages/node/299009", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-06-28T22:13:11", "description": "## Summary\n\nA vulnerability has been addressed in the GSKit component of IBM Sterling Connect:Direct for UNIX. Further, OpenSSL vulnerabilities disclosed by the OpenSSL Project affect GSKit. IBM Sterling Connect:Direct for UNIX uses GSKit and therefore is also vulnerable.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2018-1427](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1427>) \n**DESCRIPTION: **IBM GSKit contains several environment variables that a local attacker could overflow and cause a denial of service. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See[https://exchange.xforce.ibmcloud.com/vulnerabilities/139072](<https://exchange.xforce.ibmcloud.com/vulnerabilities/139072>)for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID: **[CVE-2017-3732](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3732>) \n**DESCRIPTION: **OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagating bug in the x86_64 Montgomery squaring procedure. An attacker could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See[https://exchange.xforce.ibmcloud.com/vulnerabilities/121313](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121313>)for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID: **[CVE-2017-3736](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3736>) \n**DESCRIPTION: **OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See[https://exchange.xforce.ibmcloud.com/vulnerabilities/134397](<https://exchange.xforce.ibmcloud.com/vulnerabilities/134397>)for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Sterling Connect:Direct for Unix 4.2.0\n\n## Remediation/Fixes\n\n**V.R.M.F** | **APAR** | **Remediation/First Fix** \n---|---|--- \n4.2.0 | None | Apply 4.2.0.4.iFix086, available in cumulative iFix088 on [_Fix Central_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Sterling+Connect%3ADirect+for+UNIX&release=4.1.0.4&platform=All&function=fixId&fixids=4.2.0.4*iFix088*&includeSupersedes=0>) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n## Important Note\n\nIBM strongly suggests that all System z customers be subscribed to the System z Security Portal to receive the latest critical System z security and integrity service. If you are not subscribed, see the instructions on the [System z Security web site](<http://www.ibm.com/systems/z/solutions/security_subintegrity.html>). Security and integrity APARs and associated fixes will be posted to this portal. IBM suggests reviewing the CVSS scores and applying all security or integrity fixes as soon as possible to minimize any potential risk.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\nNone\n\n## Change History\n\n17 August 2018: Original version published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSKTYY\",\"label\":\"IBM Sterling Connect:Direct for UNIX\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"4.2.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}}]", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-07-24T22:19:08", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in GSKit affects IBM Sterling Connect:Direct for UNIX", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3732", "CVE-2017-3736", "CVE-2018-1427"], "modified": "2020-07-24T22:19:08", "id": "6DB274E6F7EB4D6F538135EC07CF4443980A5C2FC8C1652E16833E39D5F430D2", "href": "https://www.ibm.com/support/pages/node/726077", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-06-28T22:07:11", "description": "## Summary\n\nFileNet Capture has addressed multiple GSKit and GSKit-Crypto vulnerabilities.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2017-3732_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3732>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagating bug in the x86_64 Montgomery squaring procedure. An attacker could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121313_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121313>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2017-3736_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3736>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/134397_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/134397>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2018-1447_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1447>) \n**DESCRIPTION:** The GSKit CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. Note: After update the customer should change password to ensure the new password is stored more securely. Products should encourage customers to take this step as a high priority action. \nCVSS Base Score: 5.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/139972_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/139972>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nFileNet Capture 5.2.1\n\n## Remediation/Fixes\n\n**Product**\n\n| **VRM** | **Remediation** \n---|---|--- \nFileNet Capture | 5.2.1 | Use FileNet Capture 5.2.1.8 [Interim Fix 001](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=FileNet%20Product%20Family&product=ibm/Information+Management/FileNet+Capture&release=5.2.1.8&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\nJuly 2, 2018: Original Version Published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSNVMX\",\"label\":\"FileNet Capture\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud &amp; Data Platform\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"5.2.1\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-07-02T18:45:28", "type": "ibm", "title": "Security Bulletin: FileNet Capture is affected by GSKit and GSKit-Crypto vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3732", "CVE-2017-3736", "CVE-2018-1447"], "modified": "2018-07-02T18:45:28", "id": "5B4C19B2CA9D2714AEF1546FC810D709406148AD04288568A5EFCF5FDEF9B2D5", "href": "https://www.ibm.com/support/pages/node/715255", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-06-28T22:03:23", "description": "## Summary\n\nThis bulletin addresses several security vulnerabilities. \n \nOpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Cognos Controller. IBM Cognos Controller has addressed the applicable CVEs. \n \nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 7 and the IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 8 that are used by IBM Cognos Controller. These issues were disclosed as part of the IBM Java SDK updates in January 2017. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2017-3730_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3730>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. By sending specially crafted parameters for a DHE or ECDHE key exchange, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121311_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121311>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2017-3731_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3731>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read when using a specific cipher. By sending specially crafted truncated packets, a remote attacker could exploit this vulnerability using CHACHA20/POLY1305 to cause the application to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121312_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121312>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2017-3732_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3732>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a propagation error in the BN_mod_exp() function. An attacker could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121313_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121313>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-7055_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7055>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error in a Broadwell-specific Montgomery multiplication procedure. By sending specially crafted data, a remote attacker could exploit this vulnerability to trigger errors in public-key operations in configurations where multiple remote clients select an affected EC algorithm and cause a denial of service. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118748_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118748>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n \n \n**CVEID:** [_CVE-2017-3289_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3289>) \n**DESCRIPTION:** An unspecified vulnerability related to the VM component has high confidentiality impact, high integrity impact, and high availability impact. \nCVSS Base Score: 9.6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120861_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120861>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID:** [_CVE-2017-3272_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3272>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component has high confidentiality impact, high integrity impact, and high availability impact. \nCVSS Base Score: 9.6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120862_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120862>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID:** [_CVE-2017-3241_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3241>) \n**DESCRIPTION:** An unspecified vulnerability related to the RMI component has high confidentiality impact, high integrity impact, and high availability impact. \nCVSS Base Score: 9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120867_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120867>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) \n \n**CVEID:** [_CVE-2016-5546_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5546>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID:** [_CVE-2017-3253_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3253>) \n**DESCRIPTION:** An unspecified vulnerability related to the 2D component could allow a remote attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120868_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120868>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID:** [_CVE-2016-5548_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5548>) \nDESCRIPTION: An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5549_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5549>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2017-3252_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3252>) \n**DESCRIPTION:** An unspecified vulnerability related to the JAAS component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N) \n \n**CVEID:** [_CVE-2016-5547_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5547>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2016-5552_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5552>) \n**DESCRIPTION:** An unspecified vulnerability related to the Networking component has no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120872_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120872>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID:** [_CVE-2017-3261_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3261>) \n**DESCRIPTION:** An unspecified vulnerability related to the Networking component could allow a remote attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120866_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120866>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2017-3231_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3231>) \n**DESCRIPTION:** An unspecified vulnerability related to the Networking component could allow a remote attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120865_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120865>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2017-3259_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3259>) \n**DESCRIPTION:** An unspecified vulnerability related to the Deployment component could allow a remote attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120859_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120859>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2016-2183_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n## Affected Products and Versions\n\nIBM Cognos Controller 10.2.0 \n\nIBM Cognos Controller 10.2.1\n\nIBM Cognos Controller 10.3.0\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix for versions listed as soon as practical: \n10.2.0: <http://www-01.ibm.com/support/docview.wss?uid=swg24043783> \n10.2.1: <http://www-01.ibm.com/support/docview.wss?uid=swg24043783> \n10.3.0: <http://www-01.ibm.com/support/docview.wss?uid=swg24043784>\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n[_IBM Java SDK Security Bulletin_](<http://www-01.ibm.com/support/docview.wss?uid=swg21997194>)\n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n20 June 2017: Original version published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\&qu