7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
7.2 High
AI Score
Confidence
High
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.004 Low
EPSS
Percentile
71.6%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.10.2021.0176");
script_cve_id("CVE-2021-3449", "CVE-2021-3450");
script_tag(name:"creation_date", value:"2022-01-28 10:58:44 +0000 (Fri, 28 Jan 2022)");
script_version("2024-02-02T05:06:09+0000");
script_tag(name:"last_modification", value:"2024-02-02 05:06:09 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"5.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:N");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2021-03-31 19:51:49 +0000 (Wed, 31 Mar 2021)");
script_name("Mageia: Security Advisory (MGASA-2021-0176)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2022 Greenbone AG");
script_family("Mageia Linux Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/mageia_linux", "ssh/login/release", re:"ssh/login/release=MAGEIA8");
script_xref(name:"Advisory-ID", value:"MGASA-2021-0176");
script_xref(name:"URL", value:"https://advisories.mageia.org/MGASA-2021-0176.html");
script_xref(name:"URL", value:"https://bugs.mageia.org/show_bug.cgi?id=28640");
script_xref(name:"URL", value:"https://www.openssl.org/news/secadv/20210325.txt");
script_tag(name:"summary", value:"The remote host is missing an update for the 'openssl' package(s) announced via the MGASA-2021-0176 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation
ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits
the signature_algorithms extension (where it was present in the initial
ClientHello), but includes a signature_algorithms_cert extension then a NULL
pointer dereference will result, leading to a crash and a denial of service
attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled
(which is the default configuration). OpenSSL TLS clients are not impacted by
this issue. (CVE-2021-3449).
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the
certificates present in a certificate chain. It is not set by default.
Starting from OpenSSL version 1.1.1h a check to disallow certificates in the
chain that have explicitly encoded elliptic curve parameters was added as an
additional strict check. An error in the implementation of this check meant
that the result of a previous check to confirm that certificates in the chain
are valid CA certificates was overwritten. This effectively bypasses the check
that non-CA certificates must not be able to issue other certificates. If a
'purpose' has been configured then there is a subsequent opportunity for checks
that the certificate is a valid CA. All of the named 'purpose' values
implemented in libcrypto perform this check. Therefore, where a purpose is set
the certificate chain will still be rejected even when the strict flag has been
used. A purpose is set by default in libssl client and server certificate
verification routines, but it can be overridden or removed by an application.
In order to be affected, an application must explicitly set the
X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the
certificate verification or, in the case of TLS client or server applications,
override the default purpose. (CVE-2021-3450).");
script_tag(name:"affected", value:"'openssl' package(s) on Mageia 8.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "MAGEIA8") {
if(!isnull(res = isrpmvuln(pkg:"lib64openssl-devel", rpm:"lib64openssl-devel~1.1.1k~1.mga8", rls:"MAGEIA8"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64openssl-static-devel", rpm:"lib64openssl-static-devel~1.1.1k~1.mga8", rls:"MAGEIA8"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64openssl1.1", rpm:"lib64openssl1.1~1.1.1k~1.mga8", rls:"MAGEIA8"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libopenssl-devel", rpm:"libopenssl-devel~1.1.1k~1.mga8", rls:"MAGEIA8"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libopenssl-static-devel", rpm:"libopenssl-static-devel~1.1.1k~1.mga8", rls:"MAGEIA8"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libopenssl1.1", rpm:"libopenssl1.1~1.1.1k~1.mga8", rls:"MAGEIA8"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"openssl", rpm:"openssl~1.1.1k~1.mga8", rls:"MAGEIA8"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"openssl-perl", rpm:"openssl-perl~1.1.1k~1.mga8", rls:"MAGEIA8"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
7.2 High
AI Score
Confidence
High
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.004 Low
EPSS
Percentile
71.6%