Lucene search
FreeBSD Ports: openssl
๐๏ธย 31 May 2012ย 00:00:00Reported byย Copyright (C) 2012 E-Soft Inc.Typeย 
ย openvas๐ย plugins.openvas.org๐ย 22ย Views
The remote host is missing an update to the system as announced in the referenced advisory. Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation
Show more
| Reporter | Title | Published | Views | Family All 126 |
|---|---|---|---|---|
| Fedora Update for openssl FEDORA-2012-7939 | 30 Aug 201200:00 | โ | openvas |
| Mandriva Update for openssl MDVSA-2012:073 (openssl) | 3 Aug 201200:00 | โ | openvas |
| SUSE: Security Advisory (SUSE-SU-2012:0678-1) | 9 Jun 202100:00 | โ | openvas |
| Mandriva Update for openssl MDVSA-2012:073 (openssl) | 3 Aug 201200:00 | โ | openvas |
| Amazon Linux: Security Advisory (ALAS-2012-85) | 8 Sep 201500:00 | โ | openvas |
| Debian Security Advisory DSA 2475-1 (openssl) | 31 May 201200:00 | โ | openvas |
| FreeBSD Ports: openssl | 31 May 201200:00 | โ | openvas |
| SUSE: Security Advisory (SUSE-SU-2012:0679-1) | 9 Jun 202100:00 | โ | openvas |
| OpenSSL: Invalid TLS/DTLS Record Attack (20120510) - Windows | 16 Aug 202100:00 | โ | openvas |
| Debian: Security Advisory (DSA-2475-1) | 31 May 201200:00 | โ | openvas |
10
# SPDX-FileCopyrightText: 2012 E-Soft Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.71374");
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_cve_id("CVE-2012-2333");
script_version("2023-07-26T05:05:09+0000");
script_tag(name:"last_modification", value:"2023-07-26 05:05:09 +0000 (Wed, 26 Jul 2023)");
script_tag(name:"creation_date", value:"2012-05-31 11:53:51 -0400 (Thu, 31 May 2012)");
script_name("FreeBSD Ports: openssl");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2012 E-Soft Inc.");
script_family("FreeBSD Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/freebsd", "ssh/login/freebsdrel");
script_tag(name:"insight", value:"The following package is affected: openssl
CVE-2012-2333
Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and
1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC
encryption, allows remote attackers to cause a denial of service
(buffer over-read) or possibly have unspecified other impact via a
crafted TLS packet that is not properly handled during a certain
explicit IV calculation.");
script_tag(name:"solution", value:"Update your system with the appropriate patches or
software upgrades.");
script_xref(name:"URL", value:"http://www.openssl.org/news/secadv_20120510.txt");
script_xref(name:"URL", value:"http://www.vuxml.org/freebsd/dba5d1c9-9f29-11e1-b511-003067c2616f.html");
script_tag(name:"summary", value:"The remote host is missing an update to the system
as announced in the referenced advisory.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-bsd.inc");
vuln = FALSE;
txt = "";
bver = portver(pkg:"openssl");
if(!isnull(bver) && revcomp(a:bver, b:"1.0.1_2")<0) {
txt += "Package openssl version " + bver + " is installed which is known to be vulnerable.\n";
vuln = TRUE;
}
if(vuln) {
security_message(data:txt);
} else if (__pkg_match) {
exit(99);
}Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo31 May 2012 00:00Current
8.4High risk
Vulners AI Score8.4
CVSS26.8
EPSS0.05604