Lucene search

K

Ubuntu: Security Advisory (USN-1029-1)

๐Ÿ—“๏ธย 23 Dec 2010ย 00:00:00Reported byย Copyright (C) 2010 Greenbone AGTypeย 
openvas
ย openvas
๐Ÿ”—ย plugins.openvas.org๐Ÿ‘ย 34ย Views

The remote host is missing an update for the 'openssl' package(s) announced via the USN-1029-1 advisory. It was discovered that an old bug workaround in the SSL/TLS server code allowed an attacker to modify the stored session cache ciphersuite, possibly allowing an attacker to downgrade the ciphersuite to a weaker one on subsequent connections. This vulnerability affects the versions of OpenSSL in Ubuntu 6.06 LTS, Ubuntu 8.04 LTS, and Ubuntu 9.10

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
F5 Networks
SOL12853 - OpenSSL vulnerability CVE-2008-7270
24 May 201100:00
โ€“f5
F5 Networks
K12853 : OpenSSL vulnerability CVE-2008-7270
4 Sep 201300:00
โ€“f5
F5 Networks
SOL12543 - OpenSSL vulnerability CVE-2010-4180
26 Jan 201100:00
โ€“f5
F5 Networks
K12543 : OpenSSL vulnerability CVE-2010-4180
5 Jul 201300:00
โ€“f5
Ubuntu
OpenSSL vulnerabilities
8 Dec 201000:00
โ€“ubuntu
OpenVAS
RedHat Update for openssl RHSA-2010:0978-01
28 Dec 201000:00
โ€“openvas
OpenVAS
Ubuntu Update for openssl vulnerabilities USN-1029-1
23 Dec 201000:00
โ€“openvas
OpenVAS
CentOS Update for openssl CESA-2010:0978 centos5 i386
9 Aug 201100:00
โ€“openvas
OpenVAS
RedHat Update for openssl RHSA-2010:0978-01
28 Dec 201000:00
โ€“openvas
OpenVAS
Oracle: Security Advisory (ELSA-2010-0978)
6 Oct 201500:00
โ€“openvas
Rows per page
# SPDX-FileCopyrightText: 2010 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.840550");
  script_cve_id("CVE-2008-7270", "CVE-2010-4180");
  script_tag(name:"creation_date", value:"2010-12-23 06:38:58 +0000 (Thu, 23 Dec 2010)");
  script_version("2024-02-02T05:06:04+0000");
  script_tag(name:"last_modification", value:"2024-02-02 05:06:04 +0000 (Fri, 02 Feb 2024)");
  script_tag(name:"cvss_base", value:"4.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");

  script_name("Ubuntu: Security Advisory (USN-1029-1)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2010 Greenbone AG");
  script_family("Ubuntu Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages", re:"ssh/login/release=UBUNTU(10\.04\ LTS|10\.10|6\.06\ LTS|8\.04\ LTS|9\.10)");

  script_xref(name:"Advisory-ID", value:"USN-1029-1");
  script_xref(name:"URL", value:"https://ubuntu.com/security/notices/USN-1029-1");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'openssl' package(s) announced via the USN-1029-1 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"It was discovered that an old bug workaround in the SSL/TLS
server code allowed an attacker to modify the stored session cache
ciphersuite. This could possibly allow an attacker to downgrade the
ciphersuite to a weaker one on subsequent connections. (CVE-2010-4180)

It was discovered that an old bug workaround in the SSL/TLS
server code allowed an attacker to modify the stored session cache
ciphersuite. An attacker could possibly take advantage of this to
force the use of a disabled cipher. This vulnerability only affects
the versions of OpenSSL in Ubuntu 6.06 LTS, Ubuntu 8.04 LTS, and
Ubuntu 9.10. (CVE-2008-7270)");

  script_tag(name:"affected", value:"'openssl' package(s) on Ubuntu 6.06, Ubuntu 8.04, Ubuntu 9.10, Ubuntu 10.04, Ubuntu 10.10.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-deb.inc");

release = dpkg_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "UBUNTU10.04 LTS") {

  if(!isnull(res = isdpkgvuln(pkg:"libssl0.9.8", ver:"0.9.8k-7ubuntu8.5", rls:"UBUNTU10.04 LTS"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "UBUNTU10.10") {

  if(!isnull(res = isdpkgvuln(pkg:"libssl0.9.8", ver:"0.9.8o-1ubuntu4.3", rls:"UBUNTU10.10"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "UBUNTU6.06 LTS") {

  if(!isnull(res = isdpkgvuln(pkg:"libssl0.9.8", ver:"0.9.8a-7ubuntu0.14", rls:"UBUNTU6.06 LTS"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "UBUNTU8.04 LTS") {

  if(!isnull(res = isdpkgvuln(pkg:"libssl0.9.8", ver:"0.9.8g-4ubuntu3.13", rls:"UBUNTU8.04 LTS"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "UBUNTU9.10") {

  if(!isnull(res = isdpkgvuln(pkg:"libssl0.9.8", ver:"0.9.8g-16ubuntu3.5", rls:"UBUNTU9.10"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
23 Dec 2010 00:00Current
7.9High risk
Vulners AI Score7.9
CVSS24.3
EPSS0.13
34
.json
Report