Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2009 E-Soft Inc.OPENVAS:136141256231066517
HistoryDec 14, 2009 - 12:00 a.m.

Gentoo Security Advisory GLSA 200912-01 (openssl)

2009-12-1400:00:00
Copyright (C) 2009 E-Soft Inc.
plugins.openvas.org
10

6.2 Medium

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

0.117 Low

EPSS

Percentile

95.2%

JSON

The remote host is missing updates announced in
advisory GLSA 200912-01.

# SPDX-FileCopyrightText: 2009 E-Soft Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.66517");
  script_version("2023-07-14T16:09:26+0000");
  script_tag(name:"last_modification", value:"2023-07-14 16:09:26 +0000 (Fri, 14 Jul 2023)");
  script_tag(name:"creation_date", value:"2009-12-14 23:06:43 +0100 (Mon, 14 Dec 2009)");
  script_cve_id("CVE-2009-1377", "CVE-2009-1378", "CVE-2009-1379", "CVE-2009-1387", "CVE-2009-2409", "CVE-2009-3555");
  script_tag(name:"cvss_base", value:"5.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:P");
  script_name("Gentoo Security Advisory GLSA 200912-01 (openssl)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2009 E-Soft Inc.");
  script_family("Gentoo Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/gentoo", "ssh/login/pkg");
  script_tag(name:"insight", value:"Multiple vulnerabilities in OpenSSL might allow remote attackers to conduct
    multiple attacks, including the injection of arbitrary data into
encrypted
    byte streams.");
  script_tag(name:"solution", value:"All OpenSSL users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose '>=dev-libs/openssl-0.9.8l-r2'");

  script_xref(name:"URL", value:"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200912-01");
  script_xref(name:"URL", value:"http://bugs.gentoo.org/show_bug.cgi?id=270305");
  script_xref(name:"URL", value:"http://bugs.gentoo.org/show_bug.cgi?id=280591");
  script_xref(name:"URL", value:"http://bugs.gentoo.org/show_bug.cgi?id=292022");
  script_tag(name:"summary", value:"The remote host is missing updates announced in
advisory GLSA 200912-01.");
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

include("pkg-lib-gentoo.inc");
include("revisions-lib.inc");

res = "";
report = "";
report = "";
if ((res = ispkgvuln(pkg:"dev-libs/openssl", unaffected: make_list("ge 0.9.8l-r2"), vulnerable: make_list("lt 0.9.8l-r2"))) != NULL) {
    report += res;
}

if (report != "") {
    security_message(data:report);
} else if (__pkg_match) {
    exit(99);
}

Related

openvas 68
nessus 43
gentoo 1
debian 1
ubuntu 2
altlinux 8
osv 1
securityvulns 6
fedora 7
oraclelinux 3
seebug 7
freebsd 1
centos 3
redhat 5
exploitpack 1
f5 10
debiancve 5
cve 5
prion 5
ubuntucve 5
veracode 5
openssl 4
vmware 2
suse 1
openvas
openvas
Gentoo Security Advisory GLSA 200912-01 (openssl)
2009-12-14 00:00:00
Mandriva Security Advisory MDVSA-2009:310 (openssl)
2009-12-10 00:00:00
Debian Security Advisory DSA 1888-1 (openssl, openssl097)
2009-09-21 00:00:00
nessus
nessus
GLSA-200912-01 : OpenSSL: Multiple vulnerabilities
2009-12-02 00:00:00
Mandriva Linux Security Advisory : openssl (MDVSA-2009:310)
2009-12-04 00:00:00
Debian DSA-1888-1 : openssl, openssl097 - cryptographic weakness
2010-02-24 00:00:00
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2009-12-01 00:00:00
debian
debian
[SECURITY] [DSA 1888-1] New openssl packages deprecate MD2 hash signatures
2009-09-15 21:37:22
ubuntu
ubuntu
OpenSSL vulnerabilities
2009-06-25 00:00:00
OpenSSL vulnerability
2009-09-14 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl1.1 version 0.9.8k-alt2
2009-05-21 00:00:00
Security fix for the ALT Linux 8 package openssl10 version 0.9.8k-alt2
2009-05-21 00:00:00
Security fix for the ALT Linux 6 package openssl10 version 0.9.8k-alt2
2009-05-21 00:00:00
osv
osv
openssl - cryptographic weakness
2009-09-15 00:00:00
securityvulns
securityvulns
[USN-792-1] OpenSSL vulnerabilities
2009-06-25 00:00:00
Multiple OpenSSL DoS conditions
2009-06-25 00:00:00
OpenSSL multiple security vulnerabilities
2009-05-21 00:00:00
fedora
fedora
[SECURITY] Fedora 11 Update: openssl-0.9.8k-5.fc11
2009-06-19 13:42:48
[SECURITY] Fedora 10 Update: openssl-0.9.8g-14.fc10
2009-06-19 13:35:27
[SECURITY] Fedora 11 Update: openssl-0.9.8n-1.fc11
2010-04-16 23:49:46
oraclelinux
oraclelinux
openssl security, bug fix, and enhancement update
2009-09-08 00:00:00
gnutls security update
2010-03-25 00:00:00
openssl security update
2010-03-25 00:00:00
seebug
seebug
OpenSSL DTLS报文多个拒绝服务漏洞
2009-05-21 00:00:00
OpenSSL <= 0.9.8k 1.0.0-beta2 DTLS Remote Memory Exhaustion DoS
2009-05-18 00:00:00
OpenSSL <= 0.9.8k, 1.0.0-beta2 DTLS Remote Memory Exhaustion DoS
2014-07-01 00:00:00
freebsd
freebsd
openssl -- denial of service in DTLS implementation
2009-05-18 00:00:00
centos
centos
openssl security update
2009-09-15 18:42:01
gnutls security update
2010-03-26 21:48:08
openssl security update
2010-03-25 22:38:39
redhat
redhat
(RHSA-2009:1335) Moderate: openssl security, bug fix, and enhancement update
2009-09-02 09:47:12
(RHSA-2010:0166) Moderate: gnutls security update
2010-03-25 00:00:00
(RHSA-2010:0163) Moderate: openssl security update
2010-03-25 00:00:00
exploitpack
exploitpack
OpenSSL 0.9.8k1.0.0-beta2 - DTLS Remote Memory Exhaustion Denial of Service
2009-05-18 00:00:00
f5
f5
SOL15359 - OpenSSL vulnerability CVE-2009-1378
2014-06-19 00:00:00
SOL15355 - OpenSSL DTLS Buffer vulnerability CVE-2009-1379
2014-06-19 00:00:00
K15663 : MD2 Message-Digest Algorithm vulnerability CVE-2009-2409
2014-10-23 00:00:00
debiancve
debiancve
CVE-2009-1378
2009-05-19 19:30:00
CVE-2009-2409
2009-07-30 19:30:00
CVE-2009-1377
2009-05-19 19:30:00
cve
cve
CVE-2009-1378
2009-05-19 19:30:00
CVE-2009-1377
2009-05-19 19:30:00
CVE-2009-2409
2009-07-30 19:30:00
prion
prion
Memory corruption
2009-05-19 19:30:00
Code injection
2009-07-30 19:30:00
Design/Logic Flaw
2009-05-19 19:30:00
ubuntucve
ubuntucve
CVE-2009-1378
2009-05-19 00:00:00
CVE-2009-1377
2009-05-19 00:00:00
CVE-2009-1379
2009-05-19 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:41:59
Denial Of Service (DoS)
2020-04-10 00:42:00
Denial Of Service (DoS)
2020-04-10 00:42:00
openssl
openssl
Vulnerability in OpenSSL CVE-2009-1377
2009-05-12 00:00:00
Vulnerability in OpenSSL CVE-2009-1379
2009-05-12 00:00:00
Vulnerability in OpenSSL CVE-2009-1378
2009-05-12 00:00:00
vmware
vmware
VMware ESX third party updates for Service Console
2010-12-07 00:00:00
VMware ESX third party updates for Service Console
2010-12-07 00:00:00
suse
suse
man-in-the-middle attack in openssl
2009-11-18 09:50:39

6.2 Medium

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

0.117 Low

EPSS

Percentile

95.2%

JSON
Related for OPENVAS:136141256231066517
openvas68nessus43gentoo1debian1ubuntu2altlinux8osv1securityvulns6fedora7oraclelinux3seebug7freebsd1centos3redhat5exploitpack1f510debiancve5cve5prion5ubuntucve5veracode5openssl4vmware2suse1