CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
99.3%
Check the version of openssl
# SPDX-FileCopyrightText: 2015 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.882147");
script_version("2023-07-11T05:06:07+0000");
script_tag(name:"last_modification", value:"2023-07-11 05:06:07 +0000 (Tue, 11 Jul 2023)");
script_tag(name:"creation_date", value:"2015-04-01 07:24:49 +0200 (Wed, 01 Apr 2015)");
script_cve_id("CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0292", "CVE-2015-0293");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_tag(name:"qod_type", value:"package");
script_name("CentOS Update for openssl CESA-2015:0716 centos7");
script_tag(name:"summary", value:"Check the version of openssl");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.
An invalid pointer use flaw was found in OpenSSL's ASN1_TYPE_cmp()
function. A remote attacker could crash a TLS/SSL client or server using
OpenSSL via a specially crafted X.509 certificate when the
attacker-supplied certificate was verified by the application.
(CVE-2015-0286)
An integer underflow flaw, leading to a buffer overflow, was found in the
way OpenSSL decoded malformed Base64-encoded inputs. An attacker able to
make an application using OpenSSL decode a specially crafted Base64-encoded
input (such as a PEM file) could use this flaw to cause the application to
crash. Note: this flaw is not exploitable via the TLS/SSL protocol because
the data being transferred is not Base64-encoded. (CVE-2015-0292)
A denial of service flaw was found in the way OpenSSL handled SSLv2
handshake messages. A remote attacker could use this flaw to cause a
TLS/SSL server using OpenSSL to exit on a failed assertion if it had both
the SSLv2 protocol and EXPORT-grade cipher suites enabled. (CVE-2015-0293)
A use-after-free flaw was found in the way OpenSSL imported malformed
Elliptic Curve private keys. A specially crafted key file could cause an
application using OpenSSL to crash when imported. (CVE-2015-0209)
An out-of-bounds write flaw was found in the way OpenSSL reused certain
ASN.1 structures. A remote attacker could possibly use a specially crafted
ASN.1 structure that, when parsed by an application, would cause that
application to crash. (CVE-2015-0287)
A NULL pointer dereference flaw was found in OpenSSL's X.509 certificate
handling implementation. A specially crafted X.509 certificate could cause
an application using OpenSSL to crash if the application attempted to
convert the certificate to a certificate request. (CVE-2015-0288)
A NULL pointer dereference was found in the way OpenSSL handled certain
PKCS#7 inputs. An attacker able to make an application using OpenSSL
verify, decrypt, or parse a specially crafted PKCS#7 input could cause that
application to crash. TLS/SSL clients and servers using OpenSSL were not
affected by this flaw. (CVE-2015-0289)
Red Hat would like to thank the OpenSSL project for reporting
CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292,
and CVE-2015-0293. Upstream acknowledges Stephen Henson of the OpenSSL
development team as the original reporter of CVE-2015-0286, Emilia Kasper
of the OpenSSL development team as the original reporter of CVE-2015-0287,
Brian Ca ...
Description truncated, please see the referenced URL(s) for more information.");
script_tag(name:"affected", value:"openssl on CentOS 7");
script_tag(name:"solution", value:"Please install the updated packages.");
script_xref(name:"CESA", value:"2015:0716");
script_xref(name:"URL", value:"http://lists.centos.org/pipermail/centos-announce/2015-April/021030.html");
script_tag(name:"solution_type", value:"VendorFix");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2015 Greenbone AG");
script_family("CentOS Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/centos", "ssh/login/rpms", re:"ssh/login/release=CentOS7");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
if(release == "CentOS7")
{
if ((res = isrpmvuln(pkg:"openssl", rpm:"openssl~1.0.1e~42.el7.4", rls:"CentOS7")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"openssl-devel", rpm:"openssl-devel~1.0.1e~42.el7.4", rls:"CentOS7")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"openssl-libs", rpm:"openssl-libs~1.0.1e~42.el7.4", rls:"CentOS7")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"openssl-perl", rpm:"openssl-perl~1.0.1e~42.el7.4", rls:"CentOS7")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"openssl-static", rpm:"openssl-static~1.0.1e~42.el7.4", rls:"CentOS7")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}