Lucene search
Copyright (c) 2010 Greenbone Networks GmbHOPENVAS:1361412562310830842HistoryJan 22, 2010 - 12:00 a.m.
Mandriva Update for openssl MDVSA-2010:022 (openssl)
2010-01-2200:00:00
Copyright (c) 2010 Greenbone Networks GmbH
plugins.openvas.org
11
0.204 Low
EPSS
Percentile
96.4%
Check for the Version of openssl
###############################################################################
# OpenVAS Vulnerability Test
#
# Mandriva Update for openssl MDVSA-2010:022 (openssl)
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "Some vulnerabilities were discovered and corrected in openssl:
Memory leak in the zlib_stateful_finish function in
crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta
through Beta 4 allows remote attackers to cause a denial of service
(memory consumption) via vectors that trigger incorrect calls to the
CRYPTO_free_all_ex_data function, as demonstrated by use of SSLv3
and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678
(CVE-2009-4355).
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.
The updated packages have been patched to correct thies issue.";
tag_affected = "openssl on Mandriva Linux 2008.0,
Mandriva Linux 2008.0/X86_64,
Mandriva Linux 2009.0,
Mandriva Linux 2009.0/X86_64,
Mandriva Linux 2009.1,
Mandriva Linux 2009.1/X86_64,
Mandriva Linux 2010.0,
Mandriva Linux 2010.0/X86_64,
Mandriva Enterprise Server 5,
Mandriva Enterprise Server 5/X86_64";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_xref(name : "URL" , value : "http://lists.mandriva.com/security-announce/2010-01/msg00067.php");
script_oid("1.3.6.1.4.1.25623.1.0.830842");
script_version("$Revision: 8438 $");
script_tag(name:"last_modification", value:"$Date: 2018-01-16 18:38:23 +0100 (Tue, 16 Jan 2018) $");
script_tag(name:"creation_date", value:"2010-01-22 10:23:05 +0100 (Fri, 22 Jan 2010)");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_xref(name: "MDVSA", value: "2010:022");
script_cve_id("CVE-2008-1678", "CVE-2009-4355");
script_name("Mandriva Update for openssl MDVSA-2010:022 (openssl)");
script_tag(name: "summary" , value: "Check for the Version of openssl");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
script_family("Mandrake Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/mandriva_mandrake_linux", "ssh/login/release");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "MNDK_2008.0")
{
if ((res = isrpmvuln(pkg:"libopenssl0.9.8", rpm:"libopenssl0.9.8~0.9.8e~8.5mdv2008.0", rls:"MNDK_2008.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libopenssl0.9.8-devel", rpm:"libopenssl0.9.8-devel~0.9.8e~8.5mdv2008.0", rls:"MNDK_2008.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libopenssl0.9.8-static-devel", rpm:"libopenssl0.9.8-static-devel~0.9.8e~8.5mdv2008.0", rls:"MNDK_2008.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"openssl", rpm:"openssl~0.9.8e~8.5mdv2008.0", rls:"MNDK_2008.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64openssl0.9.8", rpm:"lib64openssl0.9.8~0.9.8e~8.5mdv2008.0", rls:"MNDK_2008.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64openssl0.9.8-devel", rpm:"lib64openssl0.9.8-devel~0.9.8e~8.5mdv2008.0", rls:"MNDK_2008.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64openssl0.9.8-static-devel", rpm:"lib64openssl0.9.8-static-devel~0.9.8e~8.5mdv2008.0", rls:"MNDK_2008.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "MNDK_mes5")
{
if ((res = isrpmvuln(pkg:"libopenssl0.9.8", rpm:"libopenssl0.9.8~0.9.8h~3.6mdvmes5", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libopenssl0.9.8-devel", rpm:"libopenssl0.9.8-devel~0.9.8h~3.6mdvmes5", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libopenssl0.9.8-static-devel", rpm:"libopenssl0.9.8-static-devel~0.9.8h~3.6mdvmes5", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"openssl", rpm:"openssl~0.9.8h~3.6mdvmes5", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64openssl0.9.8", rpm:"lib64openssl0.9.8~0.9.8h~3.6mdvmes5", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64openssl0.9.8-devel", rpm:"lib64openssl0.9.8-devel~0.9.8h~3.6mdvmes5", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64openssl0.9.8-static-devel", rpm:"lib64openssl0.9.8-static-devel~0.9.8h~3.6mdvmes5", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "MNDK_2010.0")
{
if ((res = isrpmvuln(pkg:"libopenssl0.9.8", rpm:"libopenssl0.9.8~0.9.8k~5.1mdv2010.0", rls:"MNDK_2010.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libopenssl0.9.8-devel", rpm:"libopenssl0.9.8-devel~0.9.8k~5.1mdv2010.0", rls:"MNDK_2010.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libopenssl0.9.8-static-devel", rpm:"libopenssl0.9.8-static-devel~0.9.8k~5.1mdv2010.0", rls:"MNDK_2010.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"openssl", rpm:"openssl~0.9.8k~5.1mdv2010.0", rls:"MNDK_2010.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64openssl0.9.8", rpm:"lib64openssl0.9.8~0.9.8k~5.1mdv2010.0", rls:"MNDK_2010.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64openssl0.9.8-devel", rpm:"lib64openssl0.9.8-devel~0.9.8k~5.1mdv2010.0", rls:"MNDK_2010.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64openssl0.9.8-static-devel", rpm:"lib64openssl0.9.8-static-devel~0.9.8k~5.1mdv2010.0", rls:"MNDK_2010.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "MNDK_2009.1")
{
if ((res = isrpmvuln(pkg:"libopenssl0.9.8", rpm:"libopenssl0.9.8~0.9.8k~1.4mdv2009.1", rls:"MNDK_2009.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libopenssl0.9.8-devel", rpm:"libopenssl0.9.8-devel~0.9.8k~1.4mdv2009.1", rls:"MNDK_2009.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libopenssl0.9.8-static-devel", rpm:"libopenssl0.9.8-static-devel~0.9.8k~1.4mdv2009.1", rls:"MNDK_2009.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"openssl", rpm:"openssl~0.9.8k~1.4mdv2009.1", rls:"MNDK_2009.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64openssl0.9.8", rpm:"lib64openssl0.9.8~0.9.8k~1.4mdv2009.1", rls:"MNDK_2009.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64openssl0.9.8-devel", rpm:"lib64openssl0.9.8-devel~0.9.8k~1.4mdv2009.1", rls:"MNDK_2009.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64openssl0.9.8-static-devel", rpm:"lib64openssl0.9.8-static-devel~0.9.8k~1.4mdv2009.1", rls:"MNDK_2009.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "MNDK_2009.0")
{
if ((res = isrpmvuln(pkg:"libopenssl0.9.8", rpm:"libopenssl0.9.8~0.9.8h~3.6mdv2009.0", rls:"MNDK_2009.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libopenssl0.9.8-devel", rpm:"libopenssl0.9.8-devel~0.9.8h~3.6mdv2009.0", rls:"MNDK_2009.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libopenssl0.9.8-static-devel", rpm:"libopenssl0.9.8-static-devel~0.9.8h~3.6mdv2009.0", rls:"MNDK_2009.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"openssl", rpm:"openssl~0.9.8h~3.6mdv2009.0", rls:"MNDK_2009.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64openssl0.9.8", rpm:"lib64openssl0.9.8~0.9.8h~3.6mdv2009.0", rls:"MNDK_2009.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64openssl0.9.8-devel", rpm:"lib64openssl0.9.8-devel~0.9.8h~3.6mdv2009.0", rls:"MNDK_2009.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64openssl0.9.8-static-devel", rpm:"lib64openssl0.9.8-static-devel~0.9.8h~3.6mdv2009.0", rls:"MNDK_2009.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
Related
f5
f5
K15405 : OpenSSL 0.9.8l vulnerability CVE-2009-4355
2014-07-10 00:00:00
SOL15405 - OpenSSL 0.9.8l vulnerability CVE-2009-4355
2014-07-10 00:00:00
cvelist
cvelist
CVE-2009-4355
2010-01-14 19:00:00
CVE-2008-1678
2008-07-10 17:00:00
openvas
openvas
Mandriva Update for openssl MDVSA-2010:022 (openssl)
2010-01-22 00:00:00
Ubuntu Update for openssl vulnerability USN-884-1
2010-01-19 00:00:00
Ubuntu: Security Advisory (USN-884-1)
2010-01-19 00:00:00
ubuntucve
ubuntucve
CVE-2009-4355
2010-01-13 00:00:00
CVE-2008-1678
2008-07-10 00:00:00
nvd
nvd
CVE-2009-4355
2010-01-14 19:30:00
CVE-2008-1678
2008-07-10 17:41:00
nessus
nessus
Mandriva Linux Security Advisory : openssl (MDVSA-2010:022)
2010-01-21 00:00:00
openSUSE Security Update : openssl-CVE-2009-4355.patch (openssl-CVE-2009-4355.patch-1834)
2010-01-25 00:00:00
SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 6783)
2010-10-11 00:00:00
debiancve
debiancve
CVE-2009-4355
2010-01-14 19:30:00
CVE-2008-1678
2008-07-10 17:41:00
prion
prion
Design/Logic Flaw
2010-01-14 19:30:00
Memory corruption
2008-07-10 17:41:00
cve
cve
CVE-2009-4355
2010-01-14 19:30:00
CVE-2008-1678
2008-07-10 17:41:00
securityvulns
securityvulns
[USN-884-1] OpenSSL vulnerability
2010-01-17 00:00:00
OpenSSL memory leak
2010-01-17 00:00:00
Apache multiple DoS conditions
2008-07-12 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2009-4355
2010-01-13 00:00:00
debian
debian
[SECURITY] [DSA-1970-1] New openssl packages fix denial of service
2010-01-13 18:47:58
[SECURITY] [DSA-1970-1] New openssl packages fix denial of service
2010-01-13 18:47:58
osv
osv
openssl - denial of service
2010-01-13 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:47:06
Denial Of Service (DoS)
2020-04-10 00:33:34
ubuntu
ubuntu
OpenSSL vulnerability
2010-01-14 00:00:00
Apache vulnerabilities
2009-03-10 00:00:00
seebug
seebug
OpenSSL 'zlib'ๅ็ผฉๅ
ๅญๆณๆผ่ฟ็จๆ็ปๆๅกๆผๆด
2008-10-16 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 6 package openssl10 version 0.9.8m-alt1
2010-02-26 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 0.9.8m-alt1
2010-02-26 00:00:00
Security fix for the ALT Linux 8 package openssl10 version 0.9.8m-alt1
2010-02-26 00:00:00
oraclelinux
oraclelinux
openssl security update
2010-01-20 00:00:00
httpd security update
2009-05-27 00:00:00
openssl-fips security update
2015-04-02 00:00:00
centos
centos
openssl security update
2010-01-20 23:10:16
httpd, mod_ssl security update
2009-05-28 17:08:08
redhat
redhat
(RHSA-2010:0054) Moderate: openssl security update
2010-01-19 00:00:00
(RHSA-2009:1075) Moderate: httpd security update
2009-05-27 00:00:00
(RHSA-2010:0095) Important: rhev-hypervisor security and bug fix update
2010-02-09 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: httpd-2.2.9-1.fc9
2008-08-07 23:48:09
[SECURITY] Fedora 12 Update: openssl-1.0.0a-1.fc12
2010-06-16 17:44:27
[SECURITY] Fedora 13 Update: openssl-1.0.0-1.fc13
2010-04-09 03:42:47
gentoo
gentoo
Apache: Denial of service
2008-07-09 00:00:00
OpenSSL: Multiple vulnerabilities
2011-10-09 00:00:00
suse
suse
remote code execution in acroread
2010-01-26 16:40:23
vmware
vmware
ESXi utilities and ESX Service Console third party updates
2010-05-27 00:00:00
ESXi utilities and ESX Service Console third party updates
2010-05-27 00:00:00
lenovo
lenovo
Intelยฎ PROSet/Wireless WiFi Software Vulnerabilities - US
2018-11-13 17:10:51
Intelยฎ PROSet/Wireless WiFi Software Vulnerabilities - Lenovo Support US
2018-11-13 17:10:51