{"nessus": [{"lastseen": "2021-08-19T12:22:57", "description": "According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A race condition was found in the session handling code of OpenSSL. This issue could possibly cause a multi-threaded TLS/SSL client using OpenSSL to double free session ticket data and crash.(CVE-2015-1791)\n\n - An out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL, which is used to test the expiry dates of SSL/TLS certificates. An attacker could possibly use a specially crafted SSL/TLS certificate or CRL (Certificate Revocation List), which when parsed by an application would cause that application to crash.(CVE-2015-1789)\n\n - The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.(CVE-2009-0590)\n\n - An invalid-free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could send a specially crafted message to the peer, which could cause the application to crash or potentially result in arbitrary code execution.(CVE-2014-8176)\n\n - The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.(CVE-2011-4108)\n\n - Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.(CVE-2007-5135)\n\n - A NULL pointer dereference flaw was found in the DTLS implementation of OpenSSL. A remote attacker could send a specially crafted DTLS message, which would cause an OpenSSL server to crash.(CVE-2014-3571)\n\n - The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.(CVE-2012-2110)\n\n - It was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites.\n An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle.(CVE-2016-0703)\n\n - ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.(CVE-2009-1386)\n\n - Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.(CVE-2009-4355)\n\n - A flaw was discovered in the way OpenSSL handled DTLS packets. A remote attacker could use this flaw to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory.(CVE-2014-3507)\n\n - The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of 'future epoch' DTLS records that are buffered in a queue, aka 'DTLS record buffer limitation bug.'(CVE-2009-1377)\n\n - A use-after-free flaw was found in the way OpenSSL imported malformed Elliptic Curve private keys. A specially crafted key file could cause an application using OpenSSL to crash when imported.(CVE-2015-0209)\n\n - A denial of service flaw was found in the way OpenSSL verified certain signed messages using CMS (Cryptographic Message Syntax). A remote attacker could cause an application using OpenSSL to use excessive amounts of memory by sending a specially crafted message for verification.(CVE-2015-1792)\n\n - A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled.(CVE-2015-0293)\n\n - An invalid pointer use flaw was found in OpenSSL's ASN1_TYPE_cmp() function. A remote attacker could crash a TLS/SSL client or server using OpenSSL via a specially crafted X.509 certificate when the attacker-supplied certificate was verified by the application.(CVE-2015-0286)\n\n - Multiple flaws were found in the way OpenSSL parsed X.509 certificates. An attacker could use these flaws to modify an X.509 certificate to produce a certificate with a different fingerprint without invalidating its signature, and possibly bypass fingerprint-based blacklisting in applications.(CVE-2014-8275)\n\n - If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC.\n If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable 'non-stitched' ciphersuites must be in use.\n Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).(CVE-2019-1559)\n\n - A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange (for both export and non-export grade cipher suites). An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lead to a passive man-in-the-middle attack in which the attacker is able to decrypt all traffic.(CVE-2015-4000)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-05-14T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.1.0 : openssl (EulerOS-SA-2019-1548)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-5135", "CVE-2009-0590", "CVE-2009-1377", "CVE-2009-1386", "CVE-2009-4355", "CVE-2011-4108", "CVE-2012-2110", "CVE-2014-3507", "CVE-2014-3571", "CVE-2014-8176", "CVE-2014-8275", "CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0293", "CVE-2015-1789", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-4000", "CVE-2016-0703", "CVE-2019-1559"], "modified": "2021-02-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openssl", "p-cpe:/a:huawei:euleros:openssl-devel", "p-cpe:/a:huawei:euleros:openssl-libs", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1548.NASL", "href": "https://www.tenable.com/plugins/nessus/125001", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125001);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/08\");\n\n script_cve_id(\n \"CVE-2007-5135\",\n \"CVE-2009-0590\",\n \"CVE-2009-1377\",\n \"CVE-2009-1386\",\n \"CVE-2009-4355\",\n \"CVE-2011-4108\",\n \"CVE-2012-2110\",\n \"CVE-2014-3507\",\n \"CVE-2014-3571\",\n \"CVE-2014-8176\",\n \"CVE-2014-8275\",\n \"CVE-2015-0209\",\n \"CVE-2015-0286\",\n \"CVE-2015-0293\",\n \"CVE-2015-1789\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-4000\",\n \"CVE-2016-0703\",\n \"CVE-2019-1559\"\n );\n script_bugtraq_id(\n 25831,\n 31692,\n 34256,\n 35001,\n 35174,\n 51281,\n 53158,\n 69078,\n 71935,\n 71937,\n 73196,\n 73225,\n 73232,\n 73239,\n 74107,\n 74733,\n 75154,\n 75156,\n 75159,\n 75161,\n 75769\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : openssl (EulerOS-SA-2019-1548)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openssl packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A race condition was found in the session handling code\n of OpenSSL. This issue could possibly cause a\n multi-threaded TLS/SSL client using OpenSSL to double\n free session ticket data and crash.(CVE-2015-1791)\n\n - An out-of-bounds read flaw was found in the\n X509_cmp_time() function of OpenSSL, which is used to\n test the expiry dates of SSL/TLS certificates. An\n attacker could possibly use a specially crafted SSL/TLS\n certificate or CRL (Certificate Revocation List), which\n when parsed by an application would cause that\n application to crash.(CVE-2015-1789)\n\n - The ASN1_STRING_print_ex function in OpenSSL before\n 0.9.8k allows remote attackers to cause a denial of\n service (invalid memory access and application crash)\n via vectors that trigger printing of a (1) BMPString or\n (2) UniversalString with an invalid encoded\n length.(CVE-2009-0590)\n\n - An invalid-free flaw was found in the way OpenSSL\n handled certain DTLS handshake messages. A malicious\n DTLS client or server could send a specially crafted\n message to the peer, which could cause the application\n to crash or potentially result in arbitrary code\n execution.(CVE-2014-8176)\n\n - The DTLS implementation in OpenSSL before 0.9.8s and\n 1.x before 1.0.0f performs a MAC check only if certain\n padding is valid, which makes it easier for remote\n attackers to recover plaintext via a padding oracle\n attack.(CVE-2011-4108)\n\n - Off-by-one error in the SSL_get_shared_ciphers function\n in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f,\n might allow remote attackers to execute arbitrary code\n via a crafted packet that triggers a one-byte buffer\n underflow. NOTE: this issue was introduced as a result\n of a fix for CVE-2006-3738. As of 20071012, it is\n unknown whether code execution is\n possible.(CVE-2007-5135)\n\n - A NULL pointer dereference flaw was found in the DTLS\n implementation of OpenSSL. A remote attacker could send\n a specially crafted DTLS message, which would cause an\n OpenSSL server to crash.(CVE-2014-3571)\n\n - The asn1_d2i_read_bio function in\n crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0\n before 1.0.0i, and 1.0.1 before 1.0.1a does not\n properly interpret integer data, which allows remote\n attackers to conduct buffer overflow attacks, and cause\n a denial of service (memory corruption) or possibly\n have unspecified other impact, via crafted DER data, as\n demonstrated by an X.509 certificate or an RSA public\n key.(CVE-2012-2110)\n\n - It was discovered that the SSLv2 servers using OpenSSL\n accepted SSLv2 connection handshakes that indicated\n non-zero clear key length for non-export cipher suites.\n An attacker could use this flaw to decrypt recorded\n SSLv2 sessions with the server by using it as a\n decryption oracle.(CVE-2016-0703)\n\n - ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote\n attackers to cause a denial of service (NULL pointer\n dereference and daemon crash) via a DTLS\n ChangeCipherSpec packet that occurs before\n ClientHello.(CVE-2009-1386)\n\n - Memory leak in the zlib_stateful_finish function in\n crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and\n 1.0.0 Beta through Beta 4 allows remote attackers to\n cause a denial of service (memory consumption) via\n vectors that trigger incorrect calls to the\n CRYPTO_cleanup_all_ex_data function, as demonstrated by\n use of SSLv3 and PHP with the Apache HTTP Server, a\n related issue to CVE-2008-1678.(CVE-2009-4355)\n\n - A flaw was discovered in the way OpenSSL handled DTLS\n packets. A remote attacker could use this flaw to cause\n a DTLS server or client using OpenSSL to crash or use\n excessive amounts of memory.(CVE-2014-3507)\n\n - The dtls1_buffer_record function in ssl/d1_pkt.c in\n OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote\n attackers to cause a denial of service (memory\n consumption) via a large series of 'future epoch' DTLS\n records that are buffered in a queue, aka 'DTLS record\n buffer limitation bug.'(CVE-2009-1377)\n\n - A use-after-free flaw was found in the way OpenSSL\n imported malformed Elliptic Curve private keys. A\n specially crafted key file could cause an application\n using OpenSSL to crash when imported.(CVE-2015-0209)\n\n - A denial of service flaw was found in the way OpenSSL\n verified certain signed messages using CMS\n (Cryptographic Message Syntax). A remote attacker could\n cause an application using OpenSSL to use excessive\n amounts of memory by sending a specially crafted\n message for verification.(CVE-2015-1792)\n\n - A denial of service flaw was found in the way OpenSSL\n handled SSLv2 handshake messages. A remote attacker\n could use this flaw to cause a TLS/SSL server using\n OpenSSL to exit on a failed assertion if it had both\n the SSLv2 protocol and EXPORT-grade cipher suites\n enabled.(CVE-2015-0293)\n\n - An invalid pointer use flaw was found in OpenSSL's\n ASN1_TYPE_cmp() function. A remote attacker could crash\n a TLS/SSL client or server using OpenSSL via a\n specially crafted X.509 certificate when the\n attacker-supplied certificate was verified by the\n application.(CVE-2015-0286)\n\n - Multiple flaws were found in the way OpenSSL parsed\n X.509 certificates. An attacker could use these flaws\n to modify an X.509 certificate to produce a certificate\n with a different fingerprint without invalidating its\n signature, and possibly bypass fingerprint-based\n blacklisting in applications.(CVE-2014-8275)\n\n - If an application encounters a fatal protocol error and\n then calls SSL_shutdown() twice (once to send a\n close_notify, and once to receive one) then OpenSSL can\n respond differently to the calling application if a 0\n byte record is received with invalid padding compared\n to if a 0 byte record is received with an invalid MAC.\n If the application then behaves differently based on\n that in a way that is detectable to the remote peer,\n then this amounts to a padding oracle that could be\n used to decrypt data. In order for this to be\n exploitable 'non-stitched' ciphersuites must be in use.\n Stitched ciphersuites are optimised implementations of\n certain commonly used ciphersuites. Also the\n application must call SSL_shutdown() twice even if a\n protocol error has occurred (applications should not do\n this but some do anyway). Fixed in OpenSSL 1.0.2r\n (Affected 1.0.2-1.0.2q).(CVE-2019-1559)\n\n - A flaw was found in the way the TLS protocol composes\n the Diffie-Hellman exchange (for both export and\n non-export grade cipher suites). An attacker could use\n this flaw to downgrade a DHE connection to use\n export-grade key sizes, which could then be broken by\n sufficient pre-computation. This can lead to a passive\n man-in-the-middle attack in which the attacker is able\n to decrypt all traffic.(CVE-2015-4000)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1548\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?08b55f2d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-8176\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"openssl-1.0.2k-16.h5\",\n \"openssl-devel-1.0.2k-16.h5\",\n \"openssl-libs-1.0.2k-16.h5\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-28T14:37:13", "description": "Multiple vulnerabilities were discovered in OpenSSL, a Secure Sockets Layer toolkit.\n\nCVE-2014-8176\n\nPraveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that an invalid memory free could be triggered when buffering DTLS data.\nThis could allow remote attackers to cause a denial of service (crash) or potentially execute arbitrary code. This issue only affected the oldstable distribution (wheezy).\n\nCVE-2015-1789\n\nRobert Swiecki and Hanno B??ck discovered that the X509_cmp_time function could read a few bytes out of bounds. This could allow remote attackers to cause a denial of service (crash) via crafted certificates and CRLs.\n\nCVE-2015-1790\n\nMichal Zalewski discovered that the PKCS#7 parsing code did not properly handle missing content which could lead to a NULL pointer dereference. This could allow remote attackers to cause a denial of service (crash) via crafted ASN.1-encoded PKCS#7 blobs.\n\nCVE-2015-1791\n\nEmilia K??sper discovered that a race condition could occur due to incorrect handling of NewSessionTicket in a multi-threaded client, leading to a double free. This could allow remote attackers to cause a denial of service (crash).\n\nCVE-2015-1792\n\nJohannes Bauer discovered that the CMS code could enter an infinite loop when verifying a signedData message, if presented with an unknown hash function OID. This could allow remote attackers to cause a denial of service.\n\nAdditionally OpenSSL will now reject handshakes using DH parameters shorter than 768 bits as a countermeasure against the Logjam attack (CVE-2015-4000).\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-18T00:00:00", "type": "nessus", "title": "Debian DLA-247-1 : openssl security update (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libcrypto0.9.8-udeb", "p-cpe:/a:debian:debian_linux:libssl-dev", "p-cpe:/a:debian:debian_linux:libssl0.9.8", "p-cpe:/a:debian:debian_linux:libssl0.9.8-dbg", "p-cpe:/a:debian:debian_linux:openssl", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DLA-247.NASL", "href": "https://www.tenable.com/plugins/nessus/84253", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-247-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84253);\n script_version(\"2.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2014-8176\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-4000\"\n );\n script_bugtraq_id(\n 74733,\n 75154,\n 75156,\n 75157,\n 75159,\n 75161\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"Debian DLA-247-1 : openssl security update (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Multiple vulnerabilities were discovered in OpenSSL, a Secure Sockets\nLayer toolkit.\n\nCVE-2014-8176\n\nPraveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that\nan invalid memory free could be triggered when buffering DTLS data.\nThis could allow remote attackers to cause a denial of service (crash)\nor potentially execute arbitrary code. This issue only affected the\noldstable distribution (wheezy).\n\nCVE-2015-1789\n\nRobert Swiecki and Hanno B??ck discovered that the X509_cmp_time\nfunction could read a few bytes out of bounds. This could allow remote\nattackers to cause a denial of service (crash) via crafted\ncertificates and CRLs.\n\nCVE-2015-1790\n\nMichal Zalewski discovered that the PKCS#7 parsing code did not\nproperly handle missing content which could lead to a NULL pointer\ndereference. This could allow remote attackers to cause a denial of\nservice (crash) via crafted ASN.1-encoded PKCS#7 blobs.\n\nCVE-2015-1791\n\nEmilia K??sper discovered that a race condition could occur due to\nincorrect handling of NewSessionTicket in a multi-threaded client,\nleading to a double free. This could allow remote attackers to cause a\ndenial of service (crash).\n\nCVE-2015-1792\n\nJohannes Bauer discovered that the CMS code could enter an infinite\nloop when verifying a signedData message, if presented with an unknown\nhash function OID. This could allow remote attackers to cause a denial\nof service.\n\nAdditionally OpenSSL will now reject handshakes using DH parameters\nshorter than 768 bits as a countermeasure against the Logjam attack\n(CVE-2015-4000).\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.debian.org/debian-lts-announce/2015/06/msg00013.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/squeeze-lts/openssl\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcrypto0.9.8-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl0.9.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl0.9.8-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libcrypto0.9.8-udeb\", reference:\"0.9.8o-4squeeze21\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libssl-dev\", reference:\"0.9.8o-4squeeze21\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libssl0.9.8\", reference:\"0.9.8o-4squeeze21\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libssl0.9.8-dbg\", reference:\"0.9.8o-4squeeze21\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openssl\", reference:\"0.9.8o-4squeeze21\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-03T15:11:54", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - improved fix for (CVE-2015-1791)\n\n - add missing parts of CVE-2015-0209 fix for corectness although unexploitable\n\n - fix CVE-2014-8176 - invalid free in DTLS buffering code\n\n - fix CVE-2015-1789 - out-of-bounds read in X509_cmp_time\n\n - fix CVE-2015-1790 - PKCS7 crash with missing EncryptedContent\n\n - fix CVE-2015-1791 - race condition handling NewSessionTicket\n\n - fix CVE-2015-1792 - CMS verify infinite loop with unknown hash function\n\n - fix CVE-2015-3216 - regression in RAND locking that can cause segfaults on read in multithreaded applications", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-16T00:00:00", "type": "nessus", "title": "OracleVM 3.3 : openssl (OVMSA-2015-0070)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-0209", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3216"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:openssl", "cpe:/o:oracle:vm_server:3.3"], "id": "ORACLEVM_OVMSA-2015-0070.NASL", "href": "https://www.tenable.com/plugins/nessus/84203", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2015-0070.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84203);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-8176\", \"CVE-2015-0209\", \"CVE-2015-1789\", \"CVE-2015-1790\", \"CVE-2015-1791\", \"CVE-2015-1792\", \"CVE-2015-3216\");\n script_bugtraq_id(73196, 73239, 75154, 75156, 75157, 75159, 75161, 75219);\n\n script_name(english:\"OracleVM 3.3 : openssl (OVMSA-2015-0070)\");\n script_summary(english:\"Checks the RPM output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - improved fix for (CVE-2015-1791)\n\n - add missing parts of CVE-2015-0209 fix for corectness\n although unexploitable\n\n - fix CVE-2014-8176 - invalid free in DTLS buffering code\n\n - fix CVE-2015-1789 - out-of-bounds read in X509_cmp_time\n\n - fix CVE-2015-1790 - PKCS7 crash with missing\n EncryptedContent\n\n - fix CVE-2015-1791 - race condition handling\n NewSessionTicket\n\n - fix CVE-2015-1792 - CMS verify infinite loop with\n unknown hash function\n\n - fix CVE-2015-3216 - regression in RAND locking that can\n cause segfaults on read in multithreaded applications\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2015-June/000318.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"openssl-1.0.1e-30.el6_6.11\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-28T14:37:32", "description": "LOGJAM: A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange (for both export and non-export grade cipher suites). An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lead to a passive man-in-the-middle attack in which the attacker is able to decrypt all traffic. (CVE-2015-4000)\n\nAn out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL, which is used to test the expiry dates of SSL/TLS certificates. An attacker could possibly use a specially crafted SSL/TLS certificate or CRL (Certificate Revocation List), which when parsed by an application would cause that application to crash.\n(CVE-2015-1789)\n\nA NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. An attacker able to make an application using OpenSSL verify, decrypt, or parse a specially crafted PKCS#7 input could cause that application to crash. TLS/SSL clients and servers using OpenSSL were not affected by this flaw. (CVE-2015-1790)\n\nA race condition was found in the session handling code of OpenSSL. An attacker could cause a multi-threaded SSL/TLS server to crash.\n(CVE-2015-1791)\n\nA denial of service flaw was found in OpenSSL in the way it verified certain signed messages using CMS (Cryptographic Message Syntax). A remote attacker could cause an application using OpenSSL to use excessive amounts of memory by sending a specially crafted message for verification. (CVE-2015-1792)\n\nAn invalid-free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could send a specially crafted message to the peer, which could cause the application to crash or potentially cause arbitrary code execution.\n(CVE-2014-8176)\n\nA regression was found in the ssleay_rand_bytes() function. This could lead a multi-threaded application to crash. (CVE-2015-3216)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-18T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : openssl (ALAS-2015-550) (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3216", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:openssl", "p-cpe:/a:amazon:linux:openssl-debuginfo", "p-cpe:/a:amazon:linux:openssl-devel", "p-cpe:/a:amazon:linux:openssl-perl", "p-cpe:/a:amazon:linux:openssl-static", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2015-550.NASL", "href": "https://www.tenable.com/plugins/nessus/84251", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-550.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84251);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2014-8176\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-3216\",\n \"CVE-2015-4000\"\n );\n script_xref(name:\"ALAS\", value:\"2015-550\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"Amazon Linux AMI : openssl (ALAS-2015-550) (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"LOGJAM: A flaw was found in the way the TLS protocol composes the\nDiffie-Hellman exchange (for both export and non-export grade cipher\nsuites). An attacker could use this flaw to downgrade a DHE connection\nto use export-grade key sizes, which could then be broken by\nsufficient pre-computation. This can lead to a passive\nman-in-the-middle attack in which the attacker is able to decrypt all\ntraffic. (CVE-2015-4000)\n\nAn out-of-bounds read flaw was found in the X509_cmp_time() function\nof OpenSSL, which is used to test the expiry dates of SSL/TLS\ncertificates. An attacker could possibly use a specially crafted\nSSL/TLS certificate or CRL (Certificate Revocation List), which when\nparsed by an application would cause that application to crash.\n(CVE-2015-1789)\n\nA NULL pointer dereference was found in the way OpenSSL handled\ncertain PKCS#7 inputs. An attacker able to make an application using\nOpenSSL verify, decrypt, or parse a specially crafted PKCS#7 input\ncould cause that application to crash. TLS/SSL clients and servers\nusing OpenSSL were not affected by this flaw. (CVE-2015-1790)\n\nA race condition was found in the session handling code of OpenSSL. An\nattacker could cause a multi-threaded SSL/TLS server to crash.\n(CVE-2015-1791)\n\nA denial of service flaw was found in OpenSSL in the way it verified\ncertain signed messages using CMS (Cryptographic Message Syntax). A\nremote attacker could cause an application using OpenSSL to use\nexcessive amounts of memory by sending a specially crafted message for\nverification. (CVE-2015-1792)\n\nAn invalid-free flaw was found in the way OpenSSL handled certain DTLS\nhandshake messages. A malicious DTLS client or server could send a\nspecially crafted message to the peer, which could cause the\napplication to crash or potentially cause arbitrary code execution.\n(CVE-2014-8176)\n\nA regression was found in the ssleay_rand_bytes() function. This could\nlead a multi-threaded application to crash. (CVE-2015-3216)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2015-550.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update openssl' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"openssl-1.0.1k-10.86.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-debuginfo-1.0.1k-10.86.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-devel-1.0.1k-10.86.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-perl-1.0.1k-10.86.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-static-1.0.1k-10.86.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-28T14:37:31", "description": "The OpenSSL team reports :\n\n- Missing DHE man-in-the-middle protection (Logjam) (CVE-2015-4000)\n\n- Malformed ECParameters causes infinite loop (CVE-2015-1788)\n\n- Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)\n\n- PKCS#7 crash with missing EnvelopedContent (CVE-2015-1790)\n\n- CMS verify infinite loop with unknown hash function (CVE-2015-1792)\n\n- Race condition handling NewSessionTicket (CVE-2015-1791)\n\n- Invalid free in DTLS (CVE-2014-8176)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-12T00:00:00", "type": "nessus", "title": "FreeBSD : openssl -- multiple vulnerabilities (8305e215-1080-11e5-8ba2-000c2980a9f3) (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:libressl", "p-cpe:/a:freebsd:freebsd:linux-c6-openssl", "p-cpe:/a:freebsd:freebsd:mingw32-openssl", "p-cpe:/a:freebsd:freebsd:openssl", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_8305E215108011E58BA2000C2980A9F3.NASL", "href": "https://www.tenable.com/plugins/nessus/84133", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84133);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2014-8176\",\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-4000\"\n );\n script_xref(name:\"FreeBSD\", value:\"SA-15:10.openssl\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"FreeBSD : openssl -- multiple vulnerabilities (8305e215-1080-11e5-8ba2-000c2980a9f3) (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The OpenSSL team reports :\n\n- Missing DHE man-in-the-middle protection (Logjam) (CVE-2015-4000)\n\n- Malformed ECParameters causes infinite loop (CVE-2015-1788)\n\n- Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)\n\n- PKCS#7 crash with missing EnvelopedContent (CVE-2015-1790)\n\n- CMS verify infinite loop with unknown hash function (CVE-2015-1792)\n\n- Race condition handling NewSessionTicket (CVE-2015-1791)\n\n- Invalid free in DTLS (CVE-2014-8176)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20150611.txt\");\n # https://vuxml.freebsd.org/freebsd/8305e215-1080-11e5-8ba2-000c2980a9f3.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8779dead\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libressl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-c6-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mingw32-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"openssl<1.0.2_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mingw32-openssl>=1.0.1<1.0.2b\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-c6-openssl<1.0.1e_6\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"libressl<2.1.7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-28T14:37:23", "description": "The remote host is affected by the vulnerability described in GLSA-201506-02 (OpenSSL: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been found in OpenSSL. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker can cause Denial of Service and information disclosure.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-23T00:00:00", "type": "nessus", "title": "GLSA-201506-02 : OpenSSL: Multiple vulnerabilities (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:openssl", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201506-02.NASL", "href": "https://www.tenable.com/plugins/nessus/84330", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201506-02.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84330);\n script_version(\"2.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2014-8176\",\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-4000\"\n );\n script_bugtraq_id(\n 74733,\n 75154,\n 75156,\n 75157,\n 75158,\n 75159,\n 75161\n );\n script_xref(name:\"GLSA\", value:\"201506-02\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"GLSA-201506-02 : OpenSSL: Multiple vulnerabilities (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is affected by the vulnerability described in GLSA-201506-02\n(OpenSSL: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been found in OpenSSL. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker can cause Denial of Service and information\n disclosure.\n \nWorkaround :\n\n There is no known workaround at this time.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gentoo.org/glsa/201506-02\");\n script_set_attribute(attribute:\"solution\", value:\n\"All OpenSSL 1.0.1 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/openssl-1.0.1o'\n All OpenSSL 0.9.8 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/openssl-0.9.8z_p7'\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-libs/openssl\", unaffected:make_list(\"ge 1.0.1o\", \"rge 0.9.8z_p7\", \"rge 0.9.8z_p8\", \"rge 0.9.8z_p9\", \"rge 0.9.8z_p10\", \"rge 0.9.8z_p11\", \"rge 0.9.8z_p12\", \"rge 0.9.8z_p13\", \"rge 0.9.8z_p14\", \"rge 0.9.8z_p15\"), vulnerable:make_list(\"lt 1.0.1o\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenSSL\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-28T14:37:40", "description": "Multiple vulnerabilities were discovered in OpenSSL, a Secure Sockets Layer toolkit.\n\n - CVE-2014-8176 Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that an invalid memory free could be triggered when buffering DTLS data. This could allow remote attackers to cause a denial of service (crash) or potentially execute arbitrary code. This issue only affected the oldstable distribution (wheezy).\n\n - CVE-2015-1788 Joseph Barr-Pixton discovered that an infinite loop could be triggered due to incorrect handling of malformed ECParameters structures. This could allow remote attackers to cause a denial of service.\n\n - CVE-2015-1789 Robert Swiecki and Hanno Bock discovered that the X509_cmp_time function could read a few bytes out of bounds. This could allow remote attackers to cause a denial of service (crash) via crafted certificates and CRLs.\n\n - CVE-2015-1790 Michal Zalewski discovered that the PKCS#7 parsing code did not properly handle missing content which could lead to a NULL pointer dereference. This could allow remote attackers to cause a denial of service (crash) via crafted ASN.1-encoded PKCS#7 blobs.\n\n - CVE-2015-1791 Emilia Kasper discovered that a race condition could occur due to incorrect handling of NewSessionTicket in a multi-threaded client, leading to a double free. This could allow remote attackers to cause a denial of service (crash).\n\n - CVE-2015-1792 Johannes Bauer discovered that the CMS code could enter an infinite loop when verifying a signedData message, if presented with an unknown hash function OID. This could allow remote attackers to cause a denial of service.\n\nAdditionally OpenSSL will now reject handshakes using DH parameters shorter than 768 bits as a countermeasure against the Logjam attack (CVE-2015-4000 ).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-15T00:00:00", "type": "nessus", "title": "Debian DSA-3287-1 : openssl - security update (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openssl", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3287.NASL", "href": "https://www.tenable.com/plugins/nessus/84170", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3287. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84170);\n script_version(\"2.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2014-8176\",\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-4000\"\n );\n script_xref(name:\"DSA\", value:\"3287\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"Debian DSA-3287-1 : openssl - security update (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Multiple vulnerabilities were discovered in OpenSSL, a Secure Sockets\nLayer toolkit.\n\n - CVE-2014-8176\n Praveen Kariyanahalli, Ivan Fratric and Felix Groebert\n discovered that an invalid memory free could be\n triggered when buffering DTLS data. This could allow\n remote attackers to cause a denial of service (crash) or\n potentially execute arbitrary code. This issue only\n affected the oldstable distribution (wheezy).\n\n - CVE-2015-1788\n Joseph Barr-Pixton discovered that an infinite loop\n could be triggered due to incorrect handling of\n malformed ECParameters structures. This could allow\n remote attackers to cause a denial of service.\n\n - CVE-2015-1789\n Robert Swiecki and Hanno Bock discovered that the\n X509_cmp_time function could read a few bytes out of\n bounds. This could allow remote attackers to cause a\n denial of service (crash) via crafted certificates and\n CRLs.\n\n - CVE-2015-1790\n Michal Zalewski discovered that the PKCS#7 parsing code\n did not properly handle missing content which could lead\n to a NULL pointer dereference. This could allow remote\n attackers to cause a denial of service (crash) via\n crafted ASN.1-encoded PKCS#7 blobs.\n\n - CVE-2015-1791\n Emilia Kasper discovered that a race condition could\n occur due to incorrect handling of NewSessionTicket in a\n multi-threaded client, leading to a double free. This\n could allow remote attackers to cause a denial of\n service (crash).\n\n - CVE-2015-1792\n Johannes Bauer discovered that the CMS code could enter\n an infinite loop when verifying a signedData message, if\n presented with an unknown hash function OID. This could\n allow remote attackers to cause a denial of service.\n\nAdditionally OpenSSL will now reject handshakes using DH parameters\nshorter than 768 bits as a countermeasure against the Logjam attack\n(CVE-2015-4000 ).\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2014-8176\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2015-1788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2015-1789\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2015-1790\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2015-1791\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2015-1792\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2015-4000\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/wheezy/openssl\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/jessie/openssl\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2015/dsa-3287\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the openssl packages.\n\nFor the oldstable distribution (wheezy), these problems have been\nfixed in version 1.0.1e-2+deb7u17.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 1.0.1k-3+deb8u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libssl-dev\", reference:\"1.0.1e-2+deb7u17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libssl-doc\", reference:\"1.0.1e-2+deb7u17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libssl1.0.0\", reference:\"1.0.1e-2+deb7u17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libssl1.0.0-dbg\", reference:\"1.0.1e-2+deb7u17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openssl\", reference:\"1.0.1e-2+deb7u17\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcrypto1.0.0-udeb\", reference:\"1.0.1k-3+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libssl-dev\", reference:\"1.0.1k-3+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libssl-doc\", reference:\"1.0.1k-3+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libssl1.0.0\", reference:\"1.0.1k-3+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libssl1.0.0-dbg\", reference:\"1.0.1k-3+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"openssl\", reference:\"1.0.1k-3+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-28T14:37:55", "description": "The version of OpenSSL installed on the remote AIX host is affected by multiple vulnerabilities :\n\n - An invalid free memory error exists due to improper validation of user-supplied input when a DTLS peer receives application data between ChangeCipherSpec and Finished messages. A remote attacker can exploit this to corrupt memory, resulting in a denial of service or the execution of arbitrary code. (CVE-2014-8176)\n\n - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks.\n (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner 'EncryptedContent'. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code due to an infinite loop that occurs when verifying a signedData message. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1792)\n\n - A man-in-the-middle vulnerability, known as Logjam, exists due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-07-20T00:00:00", "type": "nessus", "title": "AIX OpenSSL Advisory : openssl_advisory14.asc (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:ibm:aix", "cpe:/a:openssl:openssl"], "id": "AIX_OPENSSL_ADVISORY14.NASL", "href": "https://www.tenable.com/plugins/nessus/84880", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84880);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2014-8176\",\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-4000\"\n );\n script_bugtraq_id(\n 74733,\n 75154,\n 75156,\n 75157,\n 75158,\n 75159,\n 75161\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"AIX OpenSSL Advisory : openssl_advisory14.asc (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AIX host has a version of OpenSSL installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of OpenSSL installed on the remote AIX host is affected by\nmultiple vulnerabilities :\n\n - An invalid free memory error exists due to improper\n validation of user-supplied input when a DTLS peer\n receives application data between ChangeCipherSpec and\n Finished messages. A remote attacker can exploit this to\n corrupt memory, resulting in a denial of service or\n the execution of arbitrary code. (CVE-2014-8176)\n\n - A denial of service vulnerability exists when processing\n an ECParameters structure due to an infinite loop that\n occurs when a specified curve is over a malformed binary\n polynomial field. A remote attacker can exploit this to\n perform a denial of service against any system that\n processes public keys, certificate requests, or\n certificates. This includes TLS clients and TLS servers\n with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper\n validation of the content and length of the ASN1_TIME\n string by the X509_cmp_time() function. A remote\n attacker can exploit this, via a malformed certificate\n and CRLs of various sizes, to cause a segmentation\n fault, resulting in a denial of service condition. TLS\n clients that verify CRLs are affected. TLS clients and\n servers with client authentication enabled may be\n affected if they use custom verification callbacks.\n (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7\n parsing code due to incorrect handling of missing inner\n 'EncryptedContent'. This allows a remote attacker, via\n specially crafted ASN.1-encoded PKCS#7 blobs with\n missing content, to cause a denial of service condition\n or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that\n occurs when a NewSessionTicket is received by a\n multi-threaded client when attempting to reuse a\n previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code\n due to an infinite loop that occurs when verifying a\n signedData message. A remote attacker can exploit this\n to cause a denial of service condition. (CVE-2015-1792)\n\n - A man-in-the-middle vulnerability, known as Logjam,\n exists due to a flaw in the SSL/TLS protocol. A remote\n attacker can exploit this flaw to downgrade connections\n using ephemeral Diffie-Hellman key exchange to 512-bit\n export-grade cryptography. (CVE-2015-4000)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://aix.software.ibm.com/aix/efixes/security/openssl_advisory14.asc\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-01.ibm.com/marketing/iwm/iwm/web/preLogin.do?source=aixbp\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20150611.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"A fix is available and can be downloaded from the AIX website.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"AIX Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\ninclude(\"aix.inc\");\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\noslevel = get_kb_item(\"Host/AIX/version\");\nif (isnull(oslevel)) audit(AUDIT_UNKNOWN_APP_VER, \"AIX\");\nif ( oslevel != \"AIX-5.3\" && oslevel != \"AIX-6.1\" && oslevel != \"AIX-7.1\" )\n{\n oslevel = ereg_replace(string:oslevel, pattern:\"-\", replace:\" \");\n audit(AUDIT_OS_NOT, \"AIX 5.3 / 6.1 / 7.1\", oslevel);\n}\n\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This AIX package check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\n#0.9.8.2505\nif (aix_check_ifix(release:\"5.3\", patch:\"IV74809s9b\", package:\"openssl.base\", minfilesetver:\"0.0.0.0\", maxfilesetver:\"0.9.8.2505\") < 0) flag++;\nif (aix_check_ifix(release:\"6.1\", patch:\"IV74809s9b\", package:\"openssl.base\", minfilesetver:\"0.0.0.0\", maxfilesetver:\"0.9.8.2505\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", patch:\"IV74809s9b\", package:\"openssl.base\", minfilesetver:\"0.0.0.0\", maxfilesetver:\"0.9.8.2505\") < 0) flag++;\n\n#12.9.8.2505\nif (aix_check_ifix(release:\"5.3\", patch:\"IV74809s9c\", package:\"openssl.base\", minfilesetver:\"12.0.0.0\", maxfilesetver:\"12.9.8.2505\") < 0) flag++;\nif (aix_check_ifix(release:\"6.1\", patch:\"IV74809s9c\", package:\"openssl.base\", minfilesetver:\"12.0.0.0\", maxfilesetver:\"12.9.8.2505\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", patch:\"IV74809s9c\", package:\"openssl.base\", minfilesetver:\"12.0.0.0\", maxfilesetver:\"12.9.8.2505\") < 0) flag++;\n\n# Check 1.0.1 versions only after other two pass, this one has the\n# potential to audit out early.\nif (flag == 0)\n{\n #1.0.1.514\n # ifix on POWER8 machines is IV75570m9a. ifix on all others is IV74809s9a\n aix_processor = get_kb_item(\"Host/AIX/processor\");\n if (empty_or_null(aix_processor)) audit(AUDIT_KB_MISSING, \"Host/AIX/processor\");\n ifix = \"(IV74809s9a|IV75570m9a)\";\n if (\"POWER8\" >< aix_processor) ifix = \"IV75570m9a\";\n if (aix_check_ifix(release:\"5.3\", patch:ifix, package:\"openssl.base\", minfilesetver:\"1.0.1.500\", maxfilesetver:\"1.0.1.514\") < 0) flag++;\n if (aix_check_ifix(release:\"6.1\", patch:ifix, package:\"openssl.base\", minfilesetver:\"1.0.1.500\", maxfilesetver:\"1.0.1.514\") < 0) flag++;\n if (aix_check_ifix(release:\"7.1\", patch:ifix, package:\"openssl.base\", minfilesetver:\"1.0.1.500\", maxfilesetver:\"1.0.1.514\") < 0) flag++;\n}\n\nif (flag)\n{\n aix_report_extra = ereg_replace(string:aix_report_get(), pattern:\"[()]\", replace:\"\");\n aix_report_extra = ereg_replace(string:aix_report_extra, pattern:\"[|]\", replace:\" or \");\n if (report_verbosity > 0) security_hole(port:0, extra:aix_report_extra);\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = aix_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl.base\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-28T14:37:23", "description": "An invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could cause a DTLS server or client using OpenSSL to crash or, potentially, execute arbitrary code. (CVE-2014-8176)\n\nA flaw was found in the way the OpenSSL packages shipped with Scientific Linux 6 and 7 performed locking in the ssleay_rand_bytes() function. This issue could possibly cause a multi-threaded application using OpenSSL to perform an out-of-bounds read and crash.\n(CVE-2015-3216)\n\nAn out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL. A specially crafted X.509 certificate or a Certificate Revocation List (CRL) could possibly cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2015-1789)\n\nA race condition was found in the session handling code of OpenSSL.\nThis issue could possibly cause a multi-threaded TLS/SSL client using OpenSSL to double free session ticket data and crash. (CVE-2015-1791)\n\nA flaw was found in the way OpenSSL handled Cryptographic Message Syntax (CMS) messages. A CMS message with an unknown hash function identifier could cause an application using OpenSSL to enter an infinite loop. (CVE-2015-1792)\n\nA NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. A specially crafted PKCS#7 input with missing EncryptedContent data could cause an application using OpenSSL to crash. (CVE-2015-1790)\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-17T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : openssl on SL6.x, SL7.x i386/x86_64 (20150615)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3216"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:openssl", "p-cpe:/a:fermilab:scientific_linux:openssl-debuginfo", "p-cpe:/a:fermilab:scientific_linux:openssl-devel", "p-cpe:/a:fermilab:scientific_linux:openssl-libs", "p-cpe:/a:fermilab:scientific_linux:openssl-perl", "p-cpe:/a:fermilab:scientific_linux:openssl-static", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20150615_OPENSSL_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/84226", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84226);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-8176\", \"CVE-2015-1789\", \"CVE-2015-1790\", \"CVE-2015-1791\", \"CVE-2015-1792\", \"CVE-2015-3216\");\n\n script_name(english:\"Scientific Linux Security Update : openssl on SL6.x, SL7.x i386/x86_64 (20150615)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An invalid free flaw was found in the way OpenSSL handled certain DTLS\nhandshake messages. A malicious DTLS client or server could cause a\nDTLS server or client using OpenSSL to crash or, potentially, execute\narbitrary code. (CVE-2014-8176)\n\nA flaw was found in the way the OpenSSL packages shipped with\nScientific Linux 6 and 7 performed locking in the ssleay_rand_bytes()\nfunction. This issue could possibly cause a multi-threaded application\nusing OpenSSL to perform an out-of-bounds read and crash.\n(CVE-2015-3216)\n\nAn out-of-bounds read flaw was found in the X509_cmp_time() function\nof OpenSSL. A specially crafted X.509 certificate or a Certificate\nRevocation List (CRL) could possibly cause a TLS/SSL server or client\nusing OpenSSL to crash. (CVE-2015-1789)\n\nA race condition was found in the session handling code of OpenSSL.\nThis issue could possibly cause a multi-threaded TLS/SSL client using\nOpenSSL to double free session ticket data and crash. (CVE-2015-1791)\n\nA flaw was found in the way OpenSSL handled Cryptographic Message\nSyntax (CMS) messages. A CMS message with an unknown hash function\nidentifier could cause an application using OpenSSL to enter an\ninfinite loop. (CVE-2015-1792)\n\nA NULL pointer dereference was found in the way OpenSSL handled\ncertain PKCS#7 inputs. A specially crafted PKCS#7 input with missing\nEncryptedContent data could cause an application using OpenSSL to\ncrash. (CVE-2015-1790)\n\nFor the update to take effect, all services linked to the OpenSSL\nlibrary must be restarted, or the system rebooted.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1506&L=scientific-linux-errata&F=&S=&P=6990\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1ed986b1\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"openssl-1.0.1e-30.el6_6.11\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-debuginfo-1.0.1e-30.el6_6.11\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-devel-1.0.1e-30.el6_6.11\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-perl-1.0.1e-30.el6_6.11\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-static-1.0.1e-30.el6_6.11\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openssl-1.0.1e-42.el7_1.8\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openssl-debuginfo-1.0.1e-42.el7_1.8\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openssl-devel-1.0.1e-42.el7_1.8\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openssl-libs-1.0.1e-42.el7_1.8\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-42.el7_1.8\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openssl-static-1.0.1e-42.el7_1.8\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-libs / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-28T14:37:40", "description": "Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nAn invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could cause a DTLS server or client using OpenSSL to crash or, potentially, execute arbitrary code. (CVE-2014-8176)\n\nA flaw was found in the way the OpenSSL packages shipped with Red Hat Enterprise Linux 6 and 7 performed locking in the ssleay_rand_bytes() function. This issue could possibly cause a multi-threaded application using OpenSSL to perform an out-of-bounds read and crash.\n(CVE-2015-3216)\n\nAn out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL. A specially crafted X.509 certificate or a Certificate Revocation List (CRL) could possibly cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2015-1789)\n\nA race condition was found in the session handling code of OpenSSL.\nThis issue could possibly cause a multi-threaded TLS/SSL client using OpenSSL to double free session ticket data and crash. (CVE-2015-1791)\n\nA flaw was found in the way OpenSSL handled Cryptographic Message Syntax (CMS) messages. A CMS message with an unknown hash function identifier could cause an application using OpenSSL to enter an infinite loop. (CVE-2015-1792)\n\nA NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. A specially crafted PKCS#7 input with missing EncryptedContent data could cause an application using OpenSSL to crash. (CVE-2015-1790)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791 and CVE-2015-1792 flaws. Upstream acknowledges Praveen Kariyanahalli and Ivan Fratric as the original reporters of CVE-2014-8176, Robert Swiecki and Hanno Bock as the original reporters of CVE-2015-1789, Michal Zalewski as the original reporter of CVE-2015-1790, Emilia Kasper as the original report of CVE-2015-1791 and Johannes Bauer as the original reporter of CVE-2015-1792.\n\nAll openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-16T00:00:00", "type": "nessus", "title": "CentOS 6 / 7 : openssl (CESA-2015:1115)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3216"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:openssl", "p-cpe:/a:centos:centos:openssl-devel", "p-cpe:/a:centos:centos:openssl-libs", "p-cpe:/a:centos:centos:openssl-perl", "p-cpe:/a:centos:centos:openssl-static", "cpe:/o:centos:centos:6", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2015-1115.NASL", "href": "https://www.tenable.com/plugins/nessus/84199", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1115 and \n# CentOS Errata and Security Advisory 2015:1115 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84199);\n script_version(\"2.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-8176\", \"CVE-2015-1789\", \"CVE-2015-1790\", \"CVE-2015-1791\", \"CVE-2015-1792\", \"CVE-2015-3216\");\n script_bugtraq_id(75154, 75156, 75157, 75159, 75161);\n script_xref(name:\"RHSA\", value:\"2015:1115\");\n\n script_name(english:\"CentOS 6 / 7 : openssl (CESA-2015:1115)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nAn invalid free flaw was found in the way OpenSSL handled certain DTLS\nhandshake messages. A malicious DTLS client or server could cause a\nDTLS server or client using OpenSSL to crash or, potentially, execute\narbitrary code. (CVE-2014-8176)\n\nA flaw was found in the way the OpenSSL packages shipped with Red Hat\nEnterprise Linux 6 and 7 performed locking in the ssleay_rand_bytes()\nfunction. This issue could possibly cause a multi-threaded application\nusing OpenSSL to perform an out-of-bounds read and crash.\n(CVE-2015-3216)\n\nAn out-of-bounds read flaw was found in the X509_cmp_time() function\nof OpenSSL. A specially crafted X.509 certificate or a Certificate\nRevocation List (CRL) could possibly cause a TLS/SSL server or client\nusing OpenSSL to crash. (CVE-2015-1789)\n\nA race condition was found in the session handling code of OpenSSL.\nThis issue could possibly cause a multi-threaded TLS/SSL client using\nOpenSSL to double free session ticket data and crash. (CVE-2015-1791)\n\nA flaw was found in the way OpenSSL handled Cryptographic Message\nSyntax (CMS) messages. A CMS message with an unknown hash function\nidentifier could cause an application using OpenSSL to enter an\ninfinite loop. (CVE-2015-1792)\n\nA NULL pointer dereference was found in the way OpenSSL handled\ncertain PKCS#7 inputs. A specially crafted PKCS#7 input with missing\nEncryptedContent data could cause an application using OpenSSL to\ncrash. (CVE-2015-1790)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791 and\nCVE-2015-1792 flaws. Upstream acknowledges Praveen Kariyanahalli and\nIvan Fratric as the original reporters of CVE-2014-8176, Robert\nSwiecki and Hanno Bock as the original reporters of CVE-2015-1789,\nMichal Zalewski as the original reporter of CVE-2015-1790, Emilia\nKasper as the original report of CVE-2015-1791 and Johannes Bauer as\nthe original reporter of CVE-2015-1792.\n\nAll openssl users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. For the\nupdate to take effect, all services linked to the OpenSSL library must\nbe restarted, or the system rebooted.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-June/021172.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?045df2f1\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-June/021173.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?30c569d9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-8176\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x / 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"openssl-1.0.1e-30.el6.11\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"openssl-devel-1.0.1e-30.el6.11\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"openssl-perl-1.0.1e-30.el6.11\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"openssl-static-1.0.1e-30.el6.11\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssl-1.0.1e-42.el7.8\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssl-devel-1.0.1e-42.el7.8\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssl-libs-1.0.1e-42.el7.8\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-42.el7.8\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssl-static-1.0.1e-42.el7.8\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-libs / openssl-perl / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-28T14:37:22", "description": "From Red Hat Security Advisory 2015:1115 :\n\nUpdated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nAn invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could cause a DTLS server or client using OpenSSL to crash or, potentially, execute arbitrary code. (CVE-2014-8176)\n\nA flaw was found in the way the OpenSSL packages shipped with Red Hat Enterprise Linux 6 and 7 performed locking in the ssleay_rand_bytes() function. This issue could possibly cause a multi-threaded application using OpenSSL to perform an out-of-bounds read and crash.\n(CVE-2015-3216)\n\nAn out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL. A specially crafted X.509 certificate or a Certificate Revocation List (CRL) could possibly cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2015-1789)\n\nA race condition was found in the session handling code of OpenSSL.\nThis issue could possibly cause a multi-threaded TLS/SSL client using OpenSSL to double free session ticket data and crash. (CVE-2015-1791)\n\nA flaw was found in the way OpenSSL handled Cryptographic Message Syntax (CMS) messages. A CMS message with an unknown hash function identifier could cause an application using OpenSSL to enter an infinite loop. (CVE-2015-1792)\n\nA NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. A specially crafted PKCS#7 input with missing EncryptedContent data could cause an application using OpenSSL to crash. (CVE-2015-1790)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791 and CVE-2015-1792 flaws. Upstream acknowledges Praveen Kariyanahalli and Ivan Fratric as the original reporters of CVE-2014-8176, Robert Swiecki and Hanno Bock as the original reporters of CVE-2015-1789, Michal Zalewski as the original reporter of CVE-2015-1790, Emilia Kasper as the original report of CVE-2015-1791 and Johannes Bauer as the original reporter of CVE-2015-1792.\n\nAll openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-16T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : openssl (ELSA-2015-1115)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3216"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:openssl", "p-cpe:/a:oracle:linux:openssl-devel", "p-cpe:/a:oracle:linux:openssl-libs", "p-cpe:/a:oracle:linux:openssl-perl", "p-cpe:/a:oracle:linux:openssl-static", "cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2015-1115.NASL", "href": "https://www.tenable.com/plugins/nessus/84202", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:1115 and \n# Oracle Linux Security Advisory ELSA-2015-1115 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84202);\n script_version(\"2.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-8176\", \"CVE-2015-1789\", \"CVE-2015-1790\", \"CVE-2015-1791\", \"CVE-2015-1792\", \"CVE-2015-3216\");\n script_bugtraq_id(73239, 75154, 75156, 75157, 75159, 75161);\n script_xref(name:\"RHSA\", value:\"2015:1115\");\n\n script_name(english:\"Oracle Linux 6 / 7 : openssl (ELSA-2015-1115)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:1115 :\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nAn invalid free flaw was found in the way OpenSSL handled certain DTLS\nhandshake messages. A malicious DTLS client or server could cause a\nDTLS server or client using OpenSSL to crash or, potentially, execute\narbitrary code. (CVE-2014-8176)\n\nA flaw was found in the way the OpenSSL packages shipped with Red Hat\nEnterprise Linux 6 and 7 performed locking in the ssleay_rand_bytes()\nfunction. This issue could possibly cause a multi-threaded application\nusing OpenSSL to perform an out-of-bounds read and crash.\n(CVE-2015-3216)\n\nAn out-of-bounds read flaw was found in the X509_cmp_time() function\nof OpenSSL. A specially crafted X.509 certificate or a Certificate\nRevocation List (CRL) could possibly cause a TLS/SSL server or client\nusing OpenSSL to crash. (CVE-2015-1789)\n\nA race condition was found in the session handling code of OpenSSL.\nThis issue could possibly cause a multi-threaded TLS/SSL client using\nOpenSSL to double free session ticket data and crash. (CVE-2015-1791)\n\nA flaw was found in the way OpenSSL handled Cryptographic Message\nSyntax (CMS) messages. A CMS message with an unknown hash function\nidentifier could cause an application using OpenSSL to enter an\ninfinite loop. (CVE-2015-1792)\n\nA NULL pointer dereference was found in the way OpenSSL handled\ncertain PKCS#7 inputs. A specially crafted PKCS#7 input with missing\nEncryptedContent data could cause an application using OpenSSL to\ncrash. (CVE-2015-1790)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791 and\nCVE-2015-1792 flaws. Upstream acknowledges Praveen Kariyanahalli and\nIvan Fratric as the original reporters of CVE-2014-8176, Robert\nSwiecki and Hanno Bock as the original reporters of CVE-2015-1789,\nMichal Zalewski as the original reporter of CVE-2015-1790, Emilia\nKasper as the original report of CVE-2015-1791 and Johannes Bauer as\nthe original reporter of CVE-2015-1792.\n\nAll openssl users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. For the\nupdate to take effect, all services linked to the OpenSSL library must\nbe restarted, or the system rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-June/005125.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-June/005126.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"openssl-1.0.1e-30.el6_6.11\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openssl-devel-1.0.1e-30.el6_6.11\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openssl-perl-1.0.1e-30.el6_6.11\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openssl-static-1.0.1e-30.el6_6.11\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssl-1.0.1e-42.el7_1.8\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssl-devel-1.0.1e-42.el7_1.8\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssl-libs-1.0.1e-42.el7_1.8\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-42.el7_1.8\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssl-static-1.0.1e-42.el7_1.8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-libs / openssl-perl / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-28T14:37:23", "description": "Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that OpenSSL incorrectly handled memory when buffering DTLS data. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2014-8176)\n\nJoseph Barr-Pixton discovered that OpenSSL incorrectly handled malformed ECParameters structures. A remote attacker could use this issue to cause OpenSSL to hang, resulting in a denial of service.\n(CVE-2015-1788)\n\nRobert Swiecki and Hanno Bock discovered that OpenSSL incorrectly handled certain ASN1_TIME strings. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service.\n(CVE-2015-1789)\n\nMichal Zalewski discovered that OpenSSL incorrectly handled missing content when parsing ASN.1-encoded PKCS#7 blobs. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2015-1790)\n\nEmilia Kasper discovered that OpenSSL incorrectly handled NewSessionTicket when being used by a multi-threaded client. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2015-1791)\n\nJohannes Bauer discovered that OpenSSL incorrectly handled verifying signedData messages using the CMS code. A remote attacker could use this issue to cause OpenSSL to hang, resulting in a denial of service.\n(CVE-2015-1792)\n\nAs a security improvement, this update also modifies OpenSSL behaviour to reject DH key sizes below 768 bits, preventing a possible downgrade attack.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-12T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : openssl vulnerabilities (USN-2639-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:14.10", "cpe:/o:canonical:ubuntu_linux:15.04"], "id": "UBUNTU_USN-2639-1.NASL", "href": "https://www.tenable.com/plugins/nessus/84148", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2639-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84148);\n script_version(\"2.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-8176\", \"CVE-2015-1788\", \"CVE-2015-1789\", \"CVE-2015-1790\", \"CVE-2015-1791\", \"CVE-2015-1792\");\n script_bugtraq_id(75159);\n script_xref(name:\"USN\", value:\"2639-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : openssl vulnerabilities (USN-2639-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that\nOpenSSL incorrectly handled memory when buffering DTLS data. A remote\nattacker could use this issue to cause OpenSSL to crash, resulting in\na denial of service, or possibly execute arbitrary code.\n(CVE-2014-8176)\n\nJoseph Barr-Pixton discovered that OpenSSL incorrectly handled\nmalformed ECParameters structures. A remote attacker could use this\nissue to cause OpenSSL to hang, resulting in a denial of service.\n(CVE-2015-1788)\n\nRobert Swiecki and Hanno Bock discovered that OpenSSL incorrectly\nhandled certain ASN1_TIME strings. A remote attacker could use this\nissue to cause OpenSSL to crash, resulting in a denial of service.\n(CVE-2015-1789)\n\nMichal Zalewski discovered that OpenSSL incorrectly handled missing\ncontent when parsing ASN.1-encoded PKCS#7 blobs. A remote attacker\ncould use this issue to cause OpenSSL to crash, resulting in a denial\nof service. (CVE-2015-1790)\n\nEmilia Kasper discovered that OpenSSL incorrectly handled\nNewSessionTicket when being used by a multi-threaded client. A remote\nattacker could use this issue to cause OpenSSL to crash, resulting in\na denial of service. (CVE-2015-1791)\n\nJohannes Bauer discovered that OpenSSL incorrectly handled verifying\nsignedData messages using the CMS code. A remote attacker could use\nthis issue to cause OpenSSL to hang, resulting in a denial of service.\n(CVE-2015-1792)\n\nAs a security improvement, this update also modifies OpenSSL behaviour\nto reject DH key sizes below 768 bits, preventing a possible downgrade\nattack.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2639-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libssl1.0.0 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|14\\.10|15\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 14.10 / 15.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.1-4ubuntu5.31\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.1f-1ubuntu2.15\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.1f-1ubuntu9.8\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.1f-1ubuntu11.4\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libssl1.0.0\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-29T14:40:56", "description": "Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nAn invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could cause a DTLS server or client using OpenSSL to crash or, potentially, execute arbitrary code. (CVE-2014-8176)\n\nA flaw was found in the way the OpenSSL packages shipped with Red Hat Enterprise Linux 6 and 7 performed locking in the ssleay_rand_bytes() function. This issue could possibly cause a multi-threaded application using OpenSSL to perform an out-of-bounds read and crash.\n(CVE-2015-3216)\n\nAn out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL. A specially crafted X.509 certificate or a Certificate Revocation List (CRL) could possibly cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2015-1789)\n\nA race condition was found in the session handling code of OpenSSL.\nThis issue could possibly cause a multi-threaded TLS/SSL client using OpenSSL to double free session ticket data and crash. (CVE-2015-1791)\n\nA flaw was found in the way OpenSSL handled Cryptographic Message Syntax (CMS) messages. A CMS message with an unknown hash function identifier could cause an application using OpenSSL to enter an infinite loop. (CVE-2015-1792)\n\nA NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. A specially crafted PKCS#7 input with missing EncryptedContent data could cause an application using OpenSSL to crash. (CVE-2015-1790)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791 and CVE-2015-1792 flaws. Upstream acknowledges Praveen Kariyanahalli and Ivan Fratric as the original reporters of CVE-2014-8176, Robert Swiecki and Hanno Bock as the original reporters of CVE-2015-1789, Michal Zalewski as the original reporter of CVE-2015-1790, Emilia Kasper as the original report of CVE-2015-1791 and Johannes Bauer as the original reporter of CVE-2015-1792.\n\nAll openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-16T00:00:00", "type": "nessus", "title": "RHEL 6 / 7 : openssl (RHSA-2015:1115)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3216"], "modified": "2021-02-05T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:openssl", "p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo", "p-cpe:/a:redhat:enterprise_linux:openssl-devel", "p-cpe:/a:redhat:enterprise_linux:openssl-libs", "p-cpe:/a:redhat:enterprise_linux:openssl-perl", "p-cpe:/a:redhat:enterprise_linux:openssl-static", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.6", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.1", "cpe:/o:redhat:enterprise_linux:7.2", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2015-1115.NASL", "href": "https://www.tenable.com/plugins/nessus/84204", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1115. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84204);\n script_version(\"2.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/05\");\n\n script_cve_id(\"CVE-2014-8176\", \"CVE-2015-1789\", \"CVE-2015-1790\", \"CVE-2015-1791\", \"CVE-2015-1792\", \"CVE-2015-3216\");\n script_bugtraq_id(75154, 75156, 75157, 75159, 75161);\n script_xref(name:\"RHSA\", value:\"2015:1115\");\n\n script_name(english:\"RHEL 6 / 7 : openssl (RHSA-2015:1115)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Updated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nAn invalid free flaw was found in the way OpenSSL handled certain DTLS\nhandshake messages. A malicious DTLS client or server could cause a\nDTLS server or client using OpenSSL to crash or, potentially, execute\narbitrary code. (CVE-2014-8176)\n\nA flaw was found in the way the OpenSSL packages shipped with Red Hat\nEnterprise Linux 6 and 7 performed locking in the ssleay_rand_bytes()\nfunction. This issue could possibly cause a multi-threaded application\nusing OpenSSL to perform an out-of-bounds read and crash.\n(CVE-2015-3216)\n\nAn out-of-bounds read flaw was found in the X509_cmp_time() function\nof OpenSSL. A specially crafted X.509 certificate or a Certificate\nRevocation List (CRL) could possibly cause a TLS/SSL server or client\nusing OpenSSL to crash. (CVE-2015-1789)\n\nA race condition was found in the session handling code of OpenSSL.\nThis issue could possibly cause a multi-threaded TLS/SSL client using\nOpenSSL to double free session ticket data and crash. (CVE-2015-1791)\n\nA flaw was found in the way OpenSSL handled Cryptographic Message\nSyntax (CMS) messages. A CMS message with an unknown hash function\nidentifier could cause an application using OpenSSL to enter an\ninfinite loop. (CVE-2015-1792)\n\nA NULL pointer dereference was found in the way OpenSSL handled\ncertain PKCS#7 inputs. A specially crafted PKCS#7 input with missing\nEncryptedContent data could cause an application using OpenSSL to\ncrash. (CVE-2015-1790)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791 and\nCVE-2015-1792 flaws. Upstream acknowledges Praveen Kariyanahalli and\nIvan Fratric as the original reporters of CVE-2014-8176, Robert\nSwiecki and Hanno Bock as the original reporters of CVE-2015-1789,\nMichal Zalewski as the original reporter of CVE-2015-1790, Emilia\nKasper as the original report of CVE-2015-1791 and Johannes Bauer as\nthe original reporter of CVE-2015-1792.\n\nAll openssl users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. For the\nupdate to take effect, all services linked to the OpenSSL library must\nbe restarted, or the system rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20150611.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:1115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1789\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1790\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1791\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1792\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-8176\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3216\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1115\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"openssl-1.0.1e-30.el6_6.11\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"openssl-debuginfo-1.0.1e-30.el6_6.11\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"openssl-devel-1.0.1e-30.el6_6.11\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"openssl-perl-1.0.1e-30.el6_6.11\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"openssl-perl-1.0.1e-30.el6_6.11\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-30.el6_6.11\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"openssl-static-1.0.1e-30.el6_6.11\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"openssl-static-1.0.1e-30.el6_6.11\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openssl-static-1.0.1e-30.el6_6.11\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"openssl-1.0.1e-42.el7_1.8\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openssl-1.0.1e-42.el7_1.8\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"openssl-debuginfo-1.0.1e-42.el7_1.8\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"openssl-devel-1.0.1e-42.el7_1.8\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"openssl-libs-1.0.1e-42.el7_1.8\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"openssl-perl-1.0.1e-42.el7_1.8\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-42.el7_1.8\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"openssl-static-1.0.1e-42.el7_1.8\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-libs / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-17T14:41:48", "description": "Versions of OpenSSL prior to 1.0.1n, or 1.0.2b are unpatched for the following vulnerabilities :\n\n - A man-in-the-middle vulnerability, known as Logjam, exists due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000)\n\n - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner 'EncryptedContent'. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code due to an infinite loop that occurs when verifying a signedData message. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1792)\n\n - An off-by-one overflow condition affects the BN_rand() function in 'crypto/bn/random.c'. The issue is triggered as user-supplied input is not properly validated. This may allow an attacker to cause a buffer overflow, resulting in a denial of service.\n\n - An off-by-one overflow condition affects the BN_bn2hex() function in 'crypto/bn/bn_print.c'. The issue is triggered as user-supplied input is not properly validated. This may allow an attacker to cause a buffer overflow, potentially resulting in a denial of service or another, more severe impact.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-22T00:00:00", "type": "nessus", "title": "OpenSSL 1.0.1 < 1.0.1n / 1.0.2 < 1.0.2b Multiple Vulnerabilities (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-4000"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "8790.PRM", "href": "https://www.tenable.com/plugins/nnm/8790", "sourceData": "Binary data 8790.prm", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:57:42", "description": "According to its banner, the remote web server uses a version of OpenSSL 1.0.1 prior to 1.0.1n. The OpenSSL library is, therefore, affected by the following vulnerabilities :\n\n - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected.\n TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner 'EncryptedContent'. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code due to an infinite loop that occurs when verifying a signedData message. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1792)\n\n - A man-in-the-middle vulnerability exists, known as Logjam, due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-12T00:00:00", "type": "nessus", "title": "OpenSSL 1.0.1 < 1.0.1n Multiple Vulnerabilities (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_1_0_1N.NASL", "href": "https://www.tenable.com/plugins/nessus/84153", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84153);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-4000\"\n );\n script_bugtraq_id(\n 74733,\n 75154,\n 75156,\n 75157,\n 75158,\n 75161\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"OpenSSL 1.0.1 < 1.0.1n Multiple Vulnerabilities (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote service is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote web server uses a version of\nOpenSSL 1.0.1 prior to 1.0.1n. The OpenSSL library is, therefore,\naffected by the following vulnerabilities :\n\n - A denial of service vulnerability exists when processing\n an ECParameters structure due to an infinite loop that\n occurs when a specified curve is over a malformed binary\n polynomial field. A remote attacker can exploit this to\n perform a denial of service against any system that\n processes public keys, certificate requests, or\n certificates. This includes TLS clients and TLS servers\n with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper\n validation of the content and length of the\n ASN1_TIME string by the X509_cmp_time() function. A\n remote attacker can exploit this, via a malformed\n certificate and CRLs of various sizes, to cause a\n segmentation fault, resulting in a denial of service\n condition. TLS clients that verify CRLs are affected.\n TLS clients and servers with client authentication\n enabled may be affected if they use custom verification\n callbacks. (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7\n parsing code due to incorrect handling of missing inner\n 'EncryptedContent'. This allows a remote attacker, via\n specially crafted ASN.1-encoded PKCS#7 blobs with\n missing content, to cause a denial of service condition\n or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that\n occurs when a NewSessionTicket is received by a\n multi-threaded client when attempting to reuse a\n previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code\n due to an infinite loop that occurs when verifying a\n signedData message. A remote attacker can exploit this\n to cause a denial of service condition. (CVE-2015-1792)\n\n - A man-in-the-middle vulnerability exists, known as\n Logjam, due to a flaw in the SSL/TLS protocol. A remote\n attacker can exploit this flaw to downgrade connections\n using ephemeral Diffie-Hellman key exchange to 512-bit\n export-grade cryptography. (CVE-2015-4000)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20150611.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://weakdh.org/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to OpenSSL 1.0.1n or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:'1.0.1n', min:\"1.0.1\", severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:57:12", "description": "According to its banner, the remote web server uses a version of OpenSSL 1.0.2 prior to 1.0.2b. The OpenSSL library is, therefore, affected by the following vulnerabilities :\n\n - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected.\n TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner 'EncryptedContent'. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code due to an infinite loop that occurs when verifying a signedData message. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1792)\n\n - A man-in-the-middle vulnerability, known as Logjam, exists due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-12T00:00:00", "type": "nessus", "title": "OpenSSL 1.0.2 < 1.0.2b Multiple Vulnerabilities (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_1_0_2B.NASL", "href": "https://www.tenable.com/plugins/nessus/84154", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84154);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-4000\"\n );\n script_bugtraq_id(\n 74733,\n 75154,\n 75156,\n 75157,\n 75158,\n 75161\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"OpenSSL 1.0.2 < 1.0.2b Multiple Vulnerabilities (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote service is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote web server uses a version of\nOpenSSL 1.0.2 prior to 1.0.2b. The OpenSSL library is, therefore,\naffected by the following vulnerabilities :\n\n - A denial of service vulnerability exists when processing\n an ECParameters structure due to an infinite loop that\n occurs when a specified curve is over a malformed binary\n polynomial field. A remote attacker can exploit this to\n perform a denial of service against any system that\n processes public keys, certificate requests, or\n certificates. This includes TLS clients and TLS servers\n with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper\n validation of the content and length of the\n ASN1_TIME string by the X509_cmp_time() function. A\n remote attacker can exploit this, via a malformed\n certificate and CRLs of various sizes, to cause a\n segmentation fault, resulting in a denial of service\n condition. TLS clients that verify CRLs are affected.\n TLS clients and servers with client authentication\n enabled may be affected if they use custom verification\n callbacks. (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7\n parsing code due to incorrect handling of missing inner\n 'EncryptedContent'. This allows a remote attacker, via\n specially crafted ASN.1-encoded PKCS#7 blobs with\n missing content, to cause a denial of service condition\n or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that\n occurs when a NewSessionTicket is received by a\n multi-threaded client when attempting to reuse a\n previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code\n due to an infinite loop that occurs when verifying a\n signedData message. A remote attacker can exploit this\n to cause a denial of service condition. (CVE-2015-1792)\n\n - A man-in-the-middle vulnerability, known as Logjam,\n exists due to a flaw in the SSL/TLS protocol. A remote\n attacker can exploit this flaw to downgrade connections\n using ephemeral Diffie-Hellman key exchange to 512-bit\n export-grade cryptography. (CVE-2015-4000)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20150611.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://weakdh.org/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to OpenSSL 1.0.2b or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:'1.0.2b', min:\"1.0.2\", severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:57:27", "description": "Multiple moderate and low impact security issues fixed.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-25T00:00:00", "type": "nessus", "title": "Fedora 21 : openssl-1.0.1k-10.fc21 (2015-10108)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openssl", "cpe:/o:fedoraproject:fedora:21"], "id": "FEDORA_2015-10108.NASL", "href": "https://www.tenable.com/plugins/nessus/84375", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-10108.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84375);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-1789\", \"CVE-2015-1790\", \"CVE-2015-1791\", \"CVE-2015-1792\");\n script_xref(name:\"FEDORA\", value:\"2015-10108\");\n\n script_name(english:\"Fedora 21 : openssl-1.0.1k-10.fc21 (2015-10108)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple moderate and low impact security issues fixed.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1228603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1228604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1228607\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1228608\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2295ddd6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"openssl-1.0.1k-10.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:57:26", "description": "Multiple moderate and low impact security issues fixed.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-22T00:00:00", "type": "nessus", "title": "Fedora 22 : openssl-1.0.1k-10.fc22 (2015-10047)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openssl", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2015-10047.NASL", "href": "https://www.tenable.com/plugins/nessus/84301", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-10047.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84301);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-1789\", \"CVE-2015-1790\", \"CVE-2015-1791\", \"CVE-2015-1792\");\n script_xref(name:\"FEDORA\", value:\"2015-10047\");\n\n script_name(english:\"Fedora 22 : openssl-1.0.1k-10.fc22 (2015-10047)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple moderate and low impact security issues fixed.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1228603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1228604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1228607\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1228608\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0f4a99cd\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"openssl-1.0.1k-10.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:59:19", "description": "OpenSSL 0.9.8j was updated to fix several security issues.\n\nCVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by rejecting connections with DH parameters shorter than 1024 bits. We now also generate 2048-bit DH parameters by default.\n\nCVE-2015-1788: Malformed ECParameters could cause an infinite loop.\n\nCVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed.\n\nCVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was fixed.\n\nCVE-2015-1792: A CMS verification infinite loop when using an unknown hash function was fixed.\n\nCVE-2015-1791: Fixed a race condition in NewSessionTicket creation.\n\nCVE-2015-3216: Fixed a potential crash in ssleay_rand_bytes due to locking regression.\n\nfixed a timing side channel in RSA decryption (bnc#929678)\n\nAdditional changes :\n\nIn the default SSL cipher string EXPORT ciphers are now disabled. This will only get active if applications get rebuilt and actually use this string. (bnc#931698)\n\nAdded the ECC ciphersuites to the DEFAULT cipher class (bnc#879179)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-07-06T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : OpenSSL (SUSE-SU-2015:1184-1) (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3216", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libopenssl-devel", "p-cpe:/a:novell:suse_linux:libopenssl0_9_8", "p-cpe:/a:novell:suse_linux:libopenssl0_9_8-hmac", "p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:openssl-doc", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2015-1184-1.NASL", "href": "https://www.tenable.com/plugins/nessus/84548", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1184-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84548);\n script_version(\"2.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-3216\",\n \"CVE-2015-4000\"\n );\n script_bugtraq_id(\n 74733,\n 75154,\n 75156,\n 75157,\n 75158,\n 75161,\n 75219\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"SUSE SLES11 Security Update : OpenSSL (SUSE-SU-2015:1184-1) (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"OpenSSL 0.9.8j was updated to fix several security issues.\n\nCVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by\nrejecting connections with DH parameters shorter than 1024 bits. We\nnow also generate 2048-bit DH parameters by default.\n\nCVE-2015-1788: Malformed ECParameters could cause an infinite loop.\n\nCVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed.\n\nCVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was\nfixed.\n\nCVE-2015-1792: A CMS verification infinite loop when using an unknown\nhash function was fixed.\n\nCVE-2015-1791: Fixed a race condition in NewSessionTicket creation.\n\nCVE-2015-3216: Fixed a potential crash in ssleay_rand_bytes due to\nlocking regression.\n\nfixed a timing side channel in RSA decryption (bnc#929678)\n\nAdditional changes :\n\nIn the default SSL cipher string EXPORT ciphers are now disabled. This\nwill only get active if applications get rebuilt and actually use this\nstring. (bnc#931698)\n\nAdded the ECC ciphersuites to the DEFAULT cipher class (bnc#879179)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=929678\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=931698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=933911\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934491\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934493\");\n # https://download.suse.com/patch/finder/?keywords=ab1c52f77471cf8a61e7eae79f57f9bf\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0e541e2a\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1788/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1789/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1790/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1791/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1792/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-3216/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-4000/\");\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151184-1.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6d18e8f2\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11 SP1 LTSS :\n\nzypper in -t patch slessp1-libopenssl-devel=10794\n\nTo bring your system up-to-date, use 'zypper patch'.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl0_9_8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl0_9_8-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-hmac-32bit-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"s390x\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"s390x\", reference:\"libopenssl0_9_8-hmac-32bit-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"libopenssl-devel-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"libopenssl0_9_8-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"libopenssl0_9_8-hmac-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"openssl-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"openssl-doc-0.9.8j-0.72.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenSSL\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:57:26", "description": "openssl was updated to fix six security issues.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2015-4000: The Logjam Attack / weakdh.org. Rject connections with DH parameters shorter than 768 bits, generates 2048-bit DH parameters by default.\n (boo#931698)\n\n - CVE-2015-1788: Malformed ECParameters causes infinite loop (boo#934487)\n\n - CVE-2015-1789: Exploitable out-of-bounds read in X509_cmp_time (boo#934489)\n\n - CVE-2015-1790: PKCS7 crash with missing EnvelopedContent (boo#934491)\n\n - CVE-2015-1792: CMS verify infinite loop with unknown hash function (boo#934493)\n\n - CVE-2015-1791: race condition in NewSessionTicket (boo#933911)\n\n - CVE-2015-3216: Crash in ssleay_rand_bytes due to locking regression (boo#933898)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-26T00:00:00", "type": "nessus", "title": "openSUSE Security Update : openssl (openSUSE-2015-447) (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3216", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libopenssl-devel", "p-cpe:/a:novell:opensuse:libopenssl-devel-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac-32bit", "p-cpe:/a:novell:opensuse:openssl", "p-cpe:/a:novell:opensuse:openssl-debuginfo", "p-cpe:/a:novell:opensuse:openssl-debugsource", "cpe:/o:novell:opensuse:13.1", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2015-447.NASL", "href": "https://www.tenable.com/plugins/nessus/84414", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-447.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84414);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-3216\",\n \"CVE-2015-4000\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"openSUSE Security Update : openssl (openSUSE-2015-447) (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"openssl was updated to fix six security issues.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2015-4000: The Logjam Attack / weakdh.org. Rject\n connections with DH parameters shorter than 768 bits,\n generates 2048-bit DH parameters by default.\n (boo#931698)\n\n - CVE-2015-1788: Malformed ECParameters causes infinite\n loop (boo#934487)\n\n - CVE-2015-1789: Exploitable out-of-bounds read in\n X509_cmp_time (boo#934489)\n\n - CVE-2015-1790: PKCS7 crash with missing EnvelopedContent\n (boo#934491)\n\n - CVE-2015-1792: CMS verify infinite loop with unknown\n hash function (boo#934493)\n\n - CVE-2015-1791: race condition in NewSessionTicket\n (boo#933911)\n\n - CVE-2015-3216: Crash in ssleay_rand_bytes due to locking\n regression (boo#933898)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=931698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=933898\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=933911\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=934487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=934489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=934491\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=934493\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=934494\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libopenssl-devel-1.0.1k-11.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libopenssl1_0_0-1.0.1k-11.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libopenssl1_0_0-debuginfo-1.0.1k-11.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openssl-1.0.1k-11.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openssl-debuginfo-1.0.1k-11.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openssl-debugsource-1.0.1k-11.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libopenssl-devel-32bit-1.0.1k-11.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.1k-11.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1k-11.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libopenssl-devel-1.0.1k-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libopenssl1_0_0-1.0.1k-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libopenssl1_0_0-debuginfo-1.0.1k-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libopenssl1_0_0-hmac-1.0.1k-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"openssl-1.0.1k-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"openssl-debuginfo-1.0.1k-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"openssl-debugsource-1.0.1k-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libopenssl-devel-32bit-1.0.1k-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.1k-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1k-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.1k-2.24.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenssl-devel / libopenssl-devel-32bit / libopenssl1_0_0 / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:57:12", "description": "This update of openssl fixes the following security issues :\n\n - CVE-2015-4000 (bsc#931698)\n\n - The Logjam Attack / weakdh.org\n\n - reject connections with DH parameters shorter than 1024 bits\n\n - generates 2048-bit DH parameters by default\n\n - CVE-2015-1788 (bsc#934487)\n\n - Malformed ECParameters causes infinite loop\n\n - CVE-2015-1789 (bsc#934489)\n\n - Exploitable out-of-bounds read in X509_cmp_time\n\n - CVE-2015-1790 (bsc#934491)\n\n - PKCS7 crash with missing EnvelopedContent\n\n - CVE-2015-1792 (bsc#934493)\n\n - CMS verify infinite loop with unknown hash function\n\n - CVE-2015-1791 (bsc#933911)\n\n - race condition in NewSessionTicket\n\n - CVE-2015-3216 (bsc#933898)\n\n - Crash in ssleay_rand_bytes due to locking regression\n\n - fix a timing side channel in RSA decryption (bnc#929678)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-26T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2015:1143-1) (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3216", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libopenssl1_0_0", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac", "p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:openssl-debuginfo", "p-cpe:/a:novell:suse_linux:openssl-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2015-1143-1.NASL", "href": "https://www.tenable.com/plugins/nessus/84426", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1143-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84426);\n script_version(\"2.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-3216\",\n \"CVE-2015-4000\"\n );\n script_bugtraq_id(\n 74733,\n 75154,\n 75156,\n 75157,\n 75158,\n 75161,\n 75219\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2015:1143-1) (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update of openssl fixes the following security issues :\n\n - CVE-2015-4000 (bsc#931698)\n\n - The Logjam Attack / weakdh.org\n\n - reject connections with DH parameters shorter than 1024\n bits\n\n - generates 2048-bit DH parameters by default\n\n - CVE-2015-1788 (bsc#934487)\n\n - Malformed ECParameters causes infinite loop\n\n - CVE-2015-1789 (bsc#934489)\n\n - Exploitable out-of-bounds read in X509_cmp_time\n\n - CVE-2015-1790 (bsc#934491)\n\n - PKCS7 crash with missing EnvelopedContent\n\n - CVE-2015-1792 (bsc#934493)\n\n - CMS verify infinite loop with unknown hash function\n\n - CVE-2015-1791 (bsc#933911)\n\n - race condition in NewSessionTicket\n\n - CVE-2015-3216 (bsc#933898)\n\n - Crash in ssleay_rand_bytes due to locking regression\n\n - fix a timing side channel in RSA decryption (bnc#929678)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=926597\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=929678\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=931698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=933898\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=933911\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934491\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934493\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1788/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1789/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1790/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1791/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1792/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-3216/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-4000/\");\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151143-1.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1fad401c\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2015-282=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2015-282=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2015-282=1\n\nTo bring your system up-to-date, use 'zypper patch'.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-1.0.1i-25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-debuginfo-1.0.1i-25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-hmac-1.0.1i-25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssl-1.0.1i-25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssl-debuginfo-1.0.1i-25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssl-debugsource-1.0.1i-25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-32bit-1.0.1i-25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1i-25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.1i-25.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-1.0.1i-25.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.1i-25.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-1.0.1i-25.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1i-25.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"openssl-1.0.1i-25.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"openssl-debuginfo-1.0.1i-25.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"openssl-debugsource-1.0.1i-25.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:58:57", "description": "OpenSSL 0.9.8j was updated to fix several security issues.\n\nCVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by rejecting connections with DH parameters shorter than 1024 bits. We now also generate 2048-bit DH parameters by default.\n\nCVE-2015-1788: Malformed ECParameters could cause an infinite loop.\n\nCVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed.\n\nCVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was fixed.\n\nCVE-2015-1792: A CMS verification infinite loop when using an unknown hash function was fixed.\n\nCVE-2015-1791: Fixed a race condition in NewSessionTicket creation.\n\nCVE-2015-3216: Fixed a potential crash in ssleay_rand_bytes due to locking regression.\n\nfixed a timing side channel in RSA decryption (bnc#929678)\n\nAdditional changes :\n\nIn the default SSL cipher string EXPORT ciphers are now disabled. This will only get active if applications get rebuilt and actually use this string. (bnc#931698)\n\nAdded the ECC ciphersuites to the DEFAULT cipher class (bnc#879179)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-07-07T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : OpenSSL (SUSE-SU-2015:1184-2) (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3216", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libopenssl-devel", "p-cpe:/a:novell:suse_linux:libopenssl0_9_8", "p-cpe:/a:novell:suse_linux:libopenssl0_9_8-hmac", "p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:openssl-doc", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2015-1184-2.NASL", "href": "https://www.tenable.com/plugins/nessus/84561", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1184-2.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84561);\n script_version(\"2.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-3216\",\n \"CVE-2015-4000\"\n );\n script_bugtraq_id(\n 74733,\n 75154,\n 75156,\n 75157,\n 75158,\n 75161,\n 75219\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"SUSE SLES11 Security Update : OpenSSL (SUSE-SU-2015:1184-2) (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"OpenSSL 0.9.8j was updated to fix several security issues.\n\nCVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by\nrejecting connections with DH parameters shorter than 1024 bits. We\nnow also generate 2048-bit DH parameters by default.\n\nCVE-2015-1788: Malformed ECParameters could cause an infinite loop.\n\nCVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed.\n\nCVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was\nfixed.\n\nCVE-2015-1792: A CMS verification infinite loop when using an unknown\nhash function was fixed.\n\nCVE-2015-1791: Fixed a race condition in NewSessionTicket creation.\n\nCVE-2015-3216: Fixed a potential crash in ssleay_rand_bytes due to\nlocking regression.\n\nfixed a timing side channel in RSA decryption (bnc#929678)\n\nAdditional changes :\n\nIn the default SSL cipher string EXPORT ciphers are now disabled. This\nwill only get active if applications get rebuilt and actually use this\nstring. (bnc#931698)\n\nAdded the ECC ciphersuites to the DEFAULT cipher class (bnc#879179)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=929678\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=931698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=933911\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934491\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934493\");\n # https://download.suse.com/patch/finder/?keywords=75ca56dc2ed43571b870081da3f3b615\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bba27a17\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1788/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1789/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1790/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1791/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1792/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-3216/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-4000/\");\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151184-2.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1071f86d\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11 SP2 LTSS :\n\nzypper in -t patch slessp2-libopenssl-devel=10795\n\nTo bring your system up-to-date, use 'zypper patch'.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl0_9_8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl0_9_8-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-hmac-32bit-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"s390x\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"s390x\", reference:\"libopenssl0_9_8-hmac-32bit-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"libopenssl-devel-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"libopenssl0_9_8-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"libopenssl0_9_8-hmac-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"openssl-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"openssl-doc-0.9.8j-0.72.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenSSL\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:59:19", "description": "OpenSSL 0.9.8k was updated to fix several security issues :\n\nCVE-2015-4000: The Logjam Attack (weakdh.org) has been addressed by rejecting connections with DH parameters shorter than 1024 bits.\n2048-bit DH parameters are now generated by default.\n\nCVE-2015-1788: Malformed ECParameters could cause an infinite loop.\n\nCVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed.\n\nCVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was fixed.\n\nCVE-2015-1792: A CMS verification infinite loop when using an unknown hash function was fixed.\n\nCVE-2015-1791: Fixed a race condition in NewSessionTicket creation.\n\nCVE-2015-3216: Fixed a potential crash in ssleay_rand_bytes due to locking regression.\n\nFixed a timing side channel in RSA decryption. (bsc#929678)\n\nAdditional changes :\n\nIn the default SSL cipher string EXPORT ciphers are now disabled. This will only get active if applications get rebuilt and actually use this string. (bsc#931698)\n\nAdded the ECC ciphersuites to the DEFAULT cipher class. (bsc#879179)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-07-07T00:00:00", "type": "nessus", "title": "SUSE SLED11 / SLES11 Security Update : OpenSSL (SUSE-SU-2015:1182-2) (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3216", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libopenssl0_9_8", "p-cpe:/a:novell:suse_linux:libopenssl0_9_8-hmac", "p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:openssl-doc", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2015-1182-2.NASL", "href": "https://www.tenable.com/plugins/nessus/84559", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1182-2.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84559);\n script_version(\"2.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-3216\",\n \"CVE-2015-4000\"\n );\n script_bugtraq_id(\n 74733,\n 75154,\n 75156,\n 75157,\n 75158,\n 75161,\n 75219\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"SUSE SLED11 / SLES11 Security Update : OpenSSL (SUSE-SU-2015:1182-2) (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"OpenSSL 0.9.8k was updated to fix several security issues :\n\nCVE-2015-4000: The Logjam Attack (weakdh.org) has been addressed by\nrejecting connections with DH parameters shorter than 1024 bits.\n2048-bit DH parameters are now generated by default.\n\nCVE-2015-1788: Malformed ECParameters could cause an infinite loop.\n\nCVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed.\n\nCVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was\nfixed.\n\nCVE-2015-1792: A CMS verification infinite loop when using an unknown\nhash function was fixed.\n\nCVE-2015-1791: Fixed a race condition in NewSessionTicket creation.\n\nCVE-2015-3216: Fixed a potential crash in ssleay_rand_bytes due to\nlocking regression.\n\nFixed a timing side channel in RSA decryption. (bsc#929678)\n\nAdditional changes :\n\nIn the default SSL cipher string EXPORT ciphers are now disabled. This\nwill only get active if applications get rebuilt and actually use this\nstring. (bsc#931698)\n\nAdded the ECC ciphersuites to the DEFAULT cipher class. (bsc#879179)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=879179\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=929678\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=931698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=933898\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=933911\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934491\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934493\");\n # https://download.suse.com/patch/finder/?keywords=fcf228a4143edf49a5ca32558bfe9721\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1bcc8915\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1788/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1789/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1790/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1791/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1792/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-3216/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-4000/\");\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151182-2.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?46cf76fa\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11 SP3 :\n\nzypper in -t patch sdksp3-libopenssl-devel=10781\n\nSUSE Linux Enterprise Server 11 SP3 for VMware :\n\nzypper in -t patch slessp3-libopenssl-devel=10781\n\nSUSE Linux Enterprise Server 11 SP3 :\n\nzypper in -t patch slessp3-libopenssl-devel=10781\n\nSUSE Linux Enterprise Desktop 11 SP3 :\n\nzypper in -t patch sledsp3-libopenssl-devel=10781\n\nTo bring your system up-to-date, use 'zypper patch'.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl0_9_8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl0_9_8-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED11|SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED11 / SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED11\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED11 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-hmac-32bit-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"libopenssl0_9_8-hmac-32bit-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"libopenssl0_9_8-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"libopenssl0_9_8-hmac-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"openssl-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"openssl-doc-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"openssl-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"libopenssl0_9_8-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"openssl-0.9.8j-0.72.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenSSL\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:57:26", "description": "This update fixes the following security issues :\n\n - CVE-2015-4000 (boo#931698)\n\n - The Logjam Attack / weakdh.org\n\n - reject connections with DH parameters shorter than 1024 bits\n\n - generates 2048-bit DH parameters by default\n\n - CVE-2015-1788 (boo#934487)\n\n - Malformed ECParameters causes infinite loop\n\n - CVE-2015-1789 (boo#934489)\n\n - Exploitable out-of-bounds read in X509_cmp_time\n\n - CVE-2015-1790 (boo#934491)\n\n - PKCS7 crash with missing EnvelopedContent\n\n - CVE-2015-1792 (boo#934493)\n\n - CMS verify infinite loop with unknown hash function\n\n - CVE-2015-1791 (boo#933911)\n\n - race condition in NewSessionTicket\n\n - CVE-2015-3216 (boo#933898)\n\n - Crash in ssleay_rand_bytes due to locking regression\n\n - modified openssl-1.0.1i-fipslocking.patch\n\n - fix timing side channel in RSA decryption (bnc#929678)\n\n - add ECC ciphersuites to DEFAULT (bnc#879179)\n\n - Disable EXPORT ciphers by default (bnc#931698, comment #3)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-29T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : compat-openssl098 (SUSE-SU-2015:1150-1) (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3216", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:compat-openssl098-debugsource", "p-cpe:/a:novell:suse_linux:libopenssl0_9_8", "p-cpe:/a:novell:suse_linux:libopenssl0_9_8-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2015-1150-1.NASL", "href": "https://www.tenable.com/plugins/nessus/84442", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1150-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84442);\n script_version(\"2.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-3216\",\n \"CVE-2015-4000\"\n );\n script_bugtraq_id(\n 74733,\n 75154,\n 75156,\n 75157,\n 75158,\n 75161,\n 75219\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : compat-openssl098 (SUSE-SU-2015:1150-1) (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update fixes the following security issues :\n\n - CVE-2015-4000 (boo#931698)\n\n - The Logjam Attack / weakdh.org\n\n - reject connections with DH parameters shorter than 1024\n bits\n\n - generates 2048-bit DH parameters by default\n\n - CVE-2015-1788 (boo#934487)\n\n - Malformed ECParameters causes infinite loop\n\n - CVE-2015-1789 (boo#934489)\n\n - Exploitable out-of-bounds read in X509_cmp_time\n\n - CVE-2015-1790 (boo#934491)\n\n - PKCS7 crash with missing EnvelopedContent\n\n - CVE-2015-1792 (boo#934493)\n\n - CMS verify infinite loop with unknown hash function\n\n - CVE-2015-1791 (boo#933911)\n\n - race condition in NewSessionTicket\n\n - CVE-2015-3216 (boo#933898)\n\n - Crash in ssleay_rand_bytes due to locking regression\n\n - modified openssl-1.0.1i-fipslocking.patch\n\n - fix timing side channel in RSA decryption (bnc#929678)\n\n - add ECC ciphersuites to DEFAULT (bnc#879179)\n\n - Disable EXPORT ciphers by default (bnc#931698, comment\n #3)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=879179\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=929678\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=931698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=933898\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=933911\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934491\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934493\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1788/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1789/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1790/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1791/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1792/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-3216/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-4000/\");\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151150-1.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4eea51db\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Legacy Software 12 :\n\nzypper in -t patch SUSE-SLE-Module-Legacy-12-2015-285=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2015-285=1\n\nTo bring your system up-to-date, use 'zypper patch'.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:compat-openssl098-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl0_9_8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl0_9_8-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"compat-openssl098-debugsource-0.9.8j-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl0_9_8-0.9.8j-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl0_9_8-32bit-0.9.8j-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl0_9_8-debuginfo-0.9.8j-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl0_9_8-debuginfo-32bit-0.9.8j-78.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"compat-openssl098-debugsource-0.9.8j-78.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-0.9.8j-78.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8j-78.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-debuginfo-0.9.8j-78.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-debuginfo-32bit-0.9.8j-78.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"compat-openssl098\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-28T14:24:27", "description": "The Cisco Application Control Engine (ACE) software installed on the remote Cisco ACE 4710 device or ACE30 module is version A5 prior to A5(3.3). It is, therefore, affected by multiple vulnerabilities :\n\n - An invalid free memory error exists due to improper validation of user-supplied input when a DTLS peer receives application data between ChangeCipherSpec and Finished messages. A remote attacker can exploit this to corrupt memory, resulting in a denial of service or the execution of arbitrary code. (CVE-2014-8176)\n\n - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks.\n (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner 'EncryptedContent'. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. A remote attacker can exploit this to cause a denial of service condition or other potential unspecified impact. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code due to an infinite loop that occurs when verifying a signedData message. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1792)\n\n - The symmetric-key feature in the receive function requires a correct message authentication code (MAC) only if the MAC field has a nonzero length. This makes it easier for a man-in-the-middle attacker to spoof packets by omitting the MAC. (CVE-2015-1798)\n\n - A flaw exists in the symmetric-key feature in the receive function when handling a specially crafted packet sent to one of two hosts that are peering with each other. This allows an attacker to cause the next attempt by the servers to synchronize to fail.\n (CVE-2015-1799)\n\n - A man-in-the-middle vulnerability, known as Logjam, exists due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000)\n\n - A flaw exists in the TLS 1.x implementation in the Cavium SDK due to a failure to check the first byte of the padding bytes. A man-in-the-middle attacker can exploit this, by sending specially crafted requests to the server, to induce requests that allow determining the plaintext chunks of data. This vulnerability is a variant of the POODLE attack. (CVE-2015-4595)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-06-01T00:00:00", "type": "nessus", "title": "Cisco ACE 4710 Appliance / ACE30 Module Multiple Vulnerabilities (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-1798", "CVE-2015-1799", "CVE-2015-4000", "CVE-2015-4595"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:cisco:application_control_engine_software", "cpe:/a:openssl:openssl"], "id": "CISCO_ACE_A5_3_3.NASL", "href": "https://www.tenable.com/plugins/nessus/91427", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91427);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2014-8176\",\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-1798\",\n \"CVE-2015-1799\",\n \"CVE-2015-4000\",\n \"CVE-2015-4595\"\n );\n script_bugtraq_id(\n 73950,\n 73951,\n 74733,\n 75154,\n 75156,\n 75157,\n 75158,\n 75159,\n 75161\n );\n script_xref(name:\"CERT\", value:\"374268\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCut83796\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCuu82343\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCuv33150\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"Cisco ACE 4710 Appliance / ACE30 Module Multiple Vulnerabilities (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Cisco Application Control Engine (ACE) software installed on the\nremote Cisco ACE 4710 device or ACE30 module is version A5 prior to\nA5(3.3). It is, therefore, affected by multiple vulnerabilities :\n\n - An invalid free memory error exists due to improper\n validation of user-supplied input when a DTLS peer\n receives application data between ChangeCipherSpec and\n Finished messages. A remote attacker can exploit this to\n corrupt memory, resulting in a denial of service or\n the execution of arbitrary code. (CVE-2014-8176)\n\n - A denial of service vulnerability exists when processing\n an ECParameters structure due to an infinite loop that\n occurs when a specified curve is over a malformed binary\n polynomial field. A remote attacker can exploit this to\n perform a denial of service against any system that\n processes public keys, certificate requests, or\n certificates. This includes TLS clients and TLS servers\n with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper\n validation of the content and length of the ASN1_TIME\n string by the X509_cmp_time() function. A remote\n attacker can exploit this, via a malformed certificate\n and CRLs of various sizes, to cause a segmentation\n fault, resulting in a denial of service condition. TLS\n clients that verify CRLs are affected. TLS clients and\n servers with client authentication enabled may be\n affected if they use custom verification callbacks.\n (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7\n parsing code due to incorrect handling of missing inner\n 'EncryptedContent'. This allows a remote attacker, via\n specially crafted ASN.1-encoded PKCS#7 blobs with\n missing content, to cause a denial of service condition\n or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that\n occurs when a NewSessionTicket is received by a\n multi-threaded client when attempting to reuse a\n previous ticket. A remote attacker can exploit this to\n cause a denial of service condition or other potential\n unspecified impact. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code\n due to an infinite loop that occurs when verifying a\n signedData message. A remote attacker can exploit this\n to cause a denial of service condition. (CVE-2015-1792)\n\n - The symmetric-key feature in the receive function\n requires a correct message authentication code (MAC)\n only if the MAC field has a nonzero length. This makes\n it easier for a man-in-the-middle attacker to spoof\n packets by omitting the MAC. (CVE-2015-1798)\n\n - A flaw exists in the symmetric-key feature in the\n receive function when handling a specially crafted\n packet sent to one of two hosts that are peering with\n each other. This allows an attacker to cause the next\n attempt by the servers to synchronize to fail.\n (CVE-2015-1799)\n\n - A man-in-the-middle vulnerability, known as Logjam,\n exists due to a flaw in the SSL/TLS protocol. A remote\n attacker can exploit this flaw to downgrade connections\n using ephemeral Diffie-Hellman key exchange to 512-bit\n export-grade cryptography. (CVE-2015-4000)\n\n - A flaw exists in the TLS 1.x implementation in the\n Cavium SDK due to a failure to check the first byte of\n the padding bytes. A man-in-the-middle attacker can\n exploit this, by sending specially crafted requests to\n the server, to induce requests that allow determining\n the plaintext chunks of data. This vulnerability is a\n variant of the POODLE attack. (CVE-2015-4595)\");\n # https://www.cisco.com/c/en/us/td/docs/app_ntwk_services/data_center_app_services/ace_appliances/VA5_3_x/release/note/ACE_app_rn_A53x.html#pgfId-947807\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8bf8fa00\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.cisco.com/bugsearch/bug/CSCut83796\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.cisco.com/bugsearch/bug/CSCuu82343\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.cisco.com/bugsearch/bug/CSCuv33150\");\n # https://vivaldi.net/en-US/userblogs/entry/there-are-more-poodles-in-the-forest\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0f38496c\");\n script_set_attribute(attribute:\"see_also\", value:\"https://weakdh.org/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Cisco ACE version A5(3.3) or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/04/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cisco:application_control_engine_software\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"cisco_ace_version.nasl\");\n script_require_keys(\"Host/Cisco/ACE/Version\", \"Host/Cisco/ACE/Model\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"Host/Cisco/ACE/Version\");\nmodel = get_kb_item_or_exit(\"Host/Cisco/ACE/Model\");\n\nif (model != \"4710\" && model != \"ACE30\") audit(AUDIT_DEVICE_NOT_VULN, \"Cisco ACE \" + model);\n\nif (\n version =~ \"^A[34][^0-9]\" ||\n version =~ \"^A5\\([0-2][^0-9]\" ||\n version =~ \"^A5\\(3(\\.[0-2][a-z]*)?\\)\"\n)\n{\n report = '\\n Installed version : ' + version +\n '\\n Fixed version : A5(3.3)' +\n '\\n';\n security_report_v4(port:0, extra:report, severity:SECURITY_HOLE);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"Cisco ACE\", version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-03T15:14:32", "description": "libressl was updated to version 2.2.1 to fix 16 security issues.\n\nLibreSSL is a fork of OpenSSL. Because of that CVEs affecting OpenSSL often also affect LibreSSL.\n\nThese security issues were fixed :\n\n - CVE-2014-3570: The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k did not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c (bsc#912296).\n\n - CVE-2014-3572: The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allowed remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message (bsc#912015).\n\n - CVE-2015-1792: The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allowed remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function (bsc#934493).\n\n - CVE-2014-8275: OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k did not enforce certain constraints on certificate data, which allowed remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c (bsc#912018).\n\n - CVE-2015-0209: Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import (bsc#919648).\n\n - CVE-2015-1789: The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allowed remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback (bsc#934489).\n\n - CVE-2015-1788: The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b did not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allowed remote attackers to cause a denial of service (infinite loop) via a session that used an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication (bsc#934487).\n\n - CVE-2015-1790: The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that used ASN.1 encoding and lacks inner EncryptedContent data (bsc#934491).\n\n - CVE-2015-0287: The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a did not reinitialize CHOICE and ADB data structures, which might allowed attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse (bsc#922499).\n\n - CVE-2015-0286: The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a did not properly perform boolean-type comparisons, which allowed remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that used the certificate-verification feature (bsc#922496).\n\n - CVE-2015-0289: The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a did not properly handle a lack of outer ContentInfo, which allowed attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (bsc#922500).\n\n - CVE-2015-0288: The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allowed attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key (bsc#920236).\n\n - CVE-2014-8176: The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allowed remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data (bsc#934494).\n\n - CVE-2015-4000: The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, did not properly convey a DHE_EXPORT choice, which allowed man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the 'Logjam' issue (bsc#931600).\n\n - CVE-2015-0205: The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allowed remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support (bsc#912293).\n\n - CVE-2015-0206: Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allowed remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection (bsc#912292).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-07-27T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libressl (openSUSE-2015-507) (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3570", "CVE-2014-3572", "CVE-2014-8176", "CVE-2014-8275", "CVE-2015-0205", "CVE-2015-0206", "CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1792", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libcrypto34", "p-cpe:/a:novell:opensuse:libcrypto34-32bit", "p-cpe:/a:novell:opensuse:libcrypto34-debuginfo", "p-cpe:/a:novell:opensuse:libcrypto34-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libressl", "p-cpe:/a:novell:opensuse:libressl-debuginfo", "p-cpe:/a:novell:opensuse:libressl-debugsource", "p-cpe:/a:novell:opensuse:libressl-devel", "p-cpe:/a:novell:opensuse:libressl-devel-32bit", "p-cpe:/a:novell:opensuse:libssl33", "p-cpe:/a:novell:opensuse:libssl33-32bit", "p-cpe:/a:novell:opensuse:libssl33-debuginfo", "p-cpe:/a:novell:opensuse:libssl33-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libtls4", "p-cpe:/a:novell:opensuse:libtls4-32bit", "p-cpe:/a:novell:opensuse:libtls4-debuginfo", "p-cpe:/a:novell:opensuse:libtls4-debuginfo-32bit", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2015-507.NASL", "href": "https://www.tenable.com/plugins/nessus/84998", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-507.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84998);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2014-3570\",\n \"CVE-2014-3572\",\n \"CVE-2014-8176\",\n \"CVE-2014-8275\",\n \"CVE-2015-0205\",\n \"CVE-2015-0206\",\n \"CVE-2015-0209\",\n \"CVE-2015-0286\",\n \"CVE-2015-0287\",\n \"CVE-2015-0288\",\n \"CVE-2015-0289\",\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1792\",\n \"CVE-2015-4000\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"openSUSE Security Update : libressl (openSUSE-2015-507) (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"libressl was updated to version 2.2.1 to fix 16 security issues.\n\nLibreSSL is a fork of OpenSSL. Because of that CVEs affecting OpenSSL\noften also affect LibreSSL.\n\nThese security issues were fixed :\n\n - CVE-2014-3570: The BN_sqr implementation in OpenSSL\n before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before\n 1.0.1k did not properly calculate the square of a BIGNUM\n value, which might make it easier for remote attackers\n to defeat cryptographic protection mechanisms via\n unspecified vectors, related to crypto/bn/asm/mips.pl,\n crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c\n (bsc#912296).\n\n - CVE-2014-3572: The ssl3_get_key_exchange function in\n s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before\n 1.0.0p, and 1.0.1 before 1.0.1k allowed remote SSL\n servers to conduct ECDHE-to-ECDH downgrade attacks and\n trigger a loss of forward secrecy by omitting the\n ServerKeyExchange message (bsc#912015).\n\n - CVE-2015-1792: The do_free_upto function in\n crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0\n before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before\n 1.0.2b allowed remote attackers to cause a denial of\n service (infinite loop) via vectors that trigger a NULL\n value of a BIO data structure, as demonstrated by an\n unrecognized X.660 OID for a hash function (bsc#934493).\n\n - CVE-2014-8275: OpenSSL before 0.9.8zd, 1.0.0 before\n 1.0.0p, and 1.0.1 before 1.0.1k did not enforce certain\n constraints on certificate data, which allowed remote\n attackers to defeat a fingerprint-based\n certificate-blacklist protection mechanism by including\n crafted data within a certificate's unsigned portion,\n related to crypto/asn1/a_verify.c,\n crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and\n crypto/x509/x_all.c (bsc#912018).\n\n - CVE-2015-0209: Use-after-free vulnerability in the\n d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in\n OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1\n before 1.0.1m, and 1.0.2 before 1.0.2a might allowed\n remote attackers to cause a denial of service (memory\n corruption and application crash) or possibly have\n unspecified other impact via a malformed Elliptic Curve\n (EC) private-key file that is improperly handled during\n import (bsc#919648).\n\n - CVE-2015-1789: The X509_cmp_time function in\n crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0\n before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before\n 1.0.2b allowed remote attackers to cause a denial of\n service (out-of-bounds read and application crash) via a\n crafted length field in ASN1_TIME data, as demonstrated\n by an attack against a server that supports client\n authentication with a custom verification callback\n (bsc#934489).\n\n - CVE-2015-1788: The BN_GF2m_mod_inv function in\n crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0\n before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before\n 1.0.2b did not properly handle ECParameters structures\n in which the curve is over a malformed binary polynomial\n field, which allowed remote attackers to cause a denial\n of service (infinite loop) via a session that used an\n Elliptic Curve algorithm, as demonstrated by an attack\n against a server that supports client authentication\n (bsc#934487).\n\n - CVE-2015-1790: The PKCS7_dataDecodefunction in\n crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0\n before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before\n 1.0.2b allowed remote attackers to cause a denial of\n service (NULL pointer dereference and application crash)\n via a PKCS#7 blob that used ASN.1 encoding and lacks\n inner EncryptedContent data (bsc#934491).\n\n - CVE-2015-0287: The ASN1_item_ex_d2i function in\n crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0\n before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before\n 1.0.2a did not reinitialize CHOICE and ADB data\n structures, which might allowed attackers to cause a\n denial of service (invalid write operation and memory\n corruption) by leveraging an application that relies on\n ASN.1 structure reuse (bsc#922499).\n\n - CVE-2015-0286: The ASN1_TYPE_cmp function in\n crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0\n before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before\n 1.0.2a did not properly perform boolean-type\n comparisons, which allowed remote attackers to cause a\n denial of service (invalid read operation and\n application crash) via a crafted X.509 certificate to an\n endpoint that used the certificate-verification feature\n (bsc#922496).\n\n - CVE-2015-0289: The PKCS#7 implementation in OpenSSL\n before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before\n 1.0.1m, and 1.0.2 before 1.0.2a did not properly handle\n a lack of outer ContentInfo, which allowed attackers to\n cause a denial of service (NULL pointer dereference and\n application crash) by leveraging an application that\n processes arbitrary PKCS#7 data and providing malformed\n data with ASN.1 encoding, related to\n crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c\n (bsc#922500).\n\n - CVE-2015-0288: The X509_to_X509_REQ function in\n crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0\n before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before\n 1.0.2a might allowed attackers to cause a denial of\n service (NULL pointer dereference and application crash)\n via an invalid certificate key (bsc#920236).\n\n - CVE-2014-8176: The dtls1_clear_queues function in\n ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before\n 1.0.0m, and 1.0.1 before 1.0.1h frees data structures\n without considering that application data can arrive\n between a ChangeCipherSpec message and a Finished\n message, which allowed remote DTLS peers to cause a\n denial of service (memory corruption and application\n crash) or possibly have unspecified other impact via\n unexpected application data (bsc#934494).\n\n - CVE-2015-4000: The TLS protocol 1.2 and earlier, when a\n DHE_EXPORT ciphersuite is enabled on a server but not on\n a client, did not properly convey a DHE_EXPORT choice,\n which allowed man-in-the-middle attackers to conduct\n cipher-downgrade attacks by rewriting a ClientHello with\n DHE replaced by DHE_EXPORT and then rewriting a\n ServerHello with DHE_EXPORT replaced by DHE, aka the\n 'Logjam' issue (bsc#931600).\n\n - CVE-2015-0205: The ssl3_get_cert_verify function in\n s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1\n before 1.0.1k accepts client authentication with a\n Diffie-Hellman (DH) certificate without requiring a\n CertificateVerify message, which allowed remote\n attackers to obtain access without knowledge of a\n private key via crafted TLS Handshake Protocol traffic\n to a server that recognizes a Certification Authority\n with DH support (bsc#912293).\n\n - CVE-2015-0206: Memory leak in the dtls1_buffer_record\n function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and\n 1.0.1 before 1.0.1k allowed remote attackers to cause a\n denial of service (memory consumption) by sending many\n duplicate records for the next epoch, leading to failure\n of replay detection (bsc#912292).\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=912015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=912018\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=912292\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=912293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=912296\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=919648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=920236\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=922496\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=922499\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=922500\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=931600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=934487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=934489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=934491\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=934493\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=934494\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=937891\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libressl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcrypto34\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcrypto34-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcrypto34-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcrypto34-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libressl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libressl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libressl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libressl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libressl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libssl33\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libssl33-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libssl33-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libssl33-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtls4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtls4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtls4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtls4-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libcrypto34-2.2.1-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libcrypto34-debuginfo-2.2.1-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libressl-2.2.1-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libressl-debuginfo-2.2.1-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libressl-debugsource-2.2.1-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libressl-devel-2.2.1-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libssl33-2.2.1-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libssl33-debuginfo-2.2.1-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libtls4-2.2.1-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libtls4-debuginfo-2.2.1-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libcrypto34-32bit-2.2.1-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libcrypto34-debuginfo-32bit-2.2.1-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libressl-devel-32bit-2.2.1-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libssl33-32bit-2.2.1-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libssl33-debuginfo-32bit-2.2.1-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libtls4-32bit-2.2.1-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libtls4-debuginfo-32bit-2.2.1-2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libcrypto34 / libcrypto34-32bit / libcrypto34-debuginfo / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-17T14:41:47", "description": "Versions of OpenSSL prior to 0.9.8zg, or 1.0.0 prior to 1.0.0s are unpatched for the following vulnerabilities :\n\n - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner 'EncryptedContent'. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code due to an infinite loop that occurs when verifying a signedData message. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1792)\n\n - An off-by-one overflow condition affects the BN_rand() function in 'crypto/bn/random.c'. The issue is triggered as user-supplied input is not properly validated. This may allow an attacker to cause a buffer overflow, resulting in a denial of service.\n\n - An off-by-one overflow condition affects the BN_bn2hex() function in 'crypto/bn/bn_print.c'. The issue is triggered as user-supplied input is not properly validated. This may allow an attacker to cause a buffer overflow, potentially resulting in a denial of service or another, more severe impact.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-22T00:00:00", "type": "nessus", "title": "OpenSSL 0.9.8 < 0.9.8zg / 1.0.0 < 1.0.0s Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "8791.PRM", "href": "https://www.tenable.com/plugins/nnm/8791", "sourceData": "Binary data 8791.prm", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:57:13", "description": "According to its banner, the remote web server uses a version of OpenSSL 1.0.0 prior to 1.0.0s. The OpenSSL library is, therefore, affected by the following vulnerabilities :\n\n - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected.\n TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner 'EncryptedContent'. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code due to an infinite loop that occurs when verifying a signedData message. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1792)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-12T00:00:00", "type": "nessus", "title": "OpenSSL 1.0.0 < 1.0.0s Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792"], "modified": "2019-01-02T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_1_0_0S.NASL", "href": "https://www.tenable.com/plugins/nessus/84152", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84152);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/01/02 16:37:56\");\n\n script_cve_id(\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\"\n );\n script_bugtraq_id(\n 75154,\n 75156,\n 75157,\n 75158,\n 75161\n );\n\n script_name(english:\"OpenSSL 1.0.0 < 1.0.0s Multiple Vulnerabilities\");\n script_summary(english:\"Performs a banner check.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote service is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote web server uses a version of\nOpenSSL 1.0.0 prior to 1.0.0s. The OpenSSL library is, therefore,\naffected by the following vulnerabilities :\n\n - A denial of service vulnerability exists when processing\n an ECParameters structure due to an infinite loop that\n occurs when a specified curve is over a malformed binary\n polynomial field. A remote attacker can exploit this to\n perform a denial of service against any system that\n processes public keys, certificate requests, or\n certificates. This includes TLS clients and TLS servers\n with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper\n validation of the content and length of the\n ASN1_TIME string by the X509_cmp_time() function. A\n remote attacker can exploit this, via a malformed\n certificate and CRLs of various sizes, to cause a\n segmentation fault, resulting in a denial of service\n condition. TLS clients that verify CRLs are affected.\n TLS clients and servers with client authentication\n enabled may be affected if they use custom verification\n callbacks. (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7\n parsing code due to incorrect handling of missing inner\n 'EncryptedContent'. This allows a remote attacker, via\n specially crafted ASN.1-encoded PKCS#7 blobs with\n missing content, to cause a denial of service condition\n or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that\n occurs when a NewSessionTicket is received by a\n multi-threaded client when attempting to reuse a\n previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code\n due to an infinite loop that occurs when verifying a\n signedData message. A remote attacker can exploit this\n to cause a denial of service condition. (CVE-2015-1792)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20150611.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to OpenSSL 1.0.0s or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:'1.0.0s', min:\"1.0.0\", severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:57:42", "description": "According to its banner, the remote web server uses a version of OpenSSL 0.9.8 prior to 0.9.8zg. The OpenSSL library is, therefore, affected by the following vulnerabilities :\n\n - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected.\n TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner 'EncryptedContent'. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code due to an infinite loop that occurs when verifying a signedData message. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1792)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-12T00:00:00", "type": "nessus", "title": "OpenSSL 0.9.8 < 0.9.8zg Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792"], "modified": "2019-01-02T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_0_9_8ZG.NASL", "href": "https://www.tenable.com/plugins/nessus/84151", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84151);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/01/02 16:37:56\");\n\n script_cve_id(\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\"\n );\n script_bugtraq_id(\n 75154,\n 75156,\n 75157,\n 75158,\n 75161\n );\n\n script_name(english:\"OpenSSL 0.9.8 < 0.9.8zg Multiple Vulnerabilities\");\n script_summary(english:\"Performs a banner check.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote service is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote web server uses a version of\nOpenSSL 0.9.8 prior to 0.9.8zg. The OpenSSL library is, therefore,\naffected by the following vulnerabilities :\n\n - A denial of service vulnerability exists when processing\n an ECParameters structure due to an infinite loop that\n occurs when a specified curve is over a malformed binary\n polynomial field. A remote attacker can exploit this to\n perform a denial of service against any system that\n processes public keys, certificate requests, or\n certificates. This includes TLS clients and TLS servers\n with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper\n validation of the content and length of the\n ASN1_TIME string by the X509_cmp_time() function. A\n remote attacker can exploit this, via a malformed\n certificate and CRLs of various sizes, to cause a\n segmentation fault, resulting in a denial of service\n condition. TLS clients that verify CRLs are affected.\n TLS clients and servers with client authentication\n enabled may be affected if they use custom verification\n callbacks. (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7\n parsing code due to incorrect handling of missing inner\n 'EncryptedContent'. This allows a remote attacker, via\n specially crafted ASN.1-encoded PKCS#7 blobs with\n missing content, to cause a denial of service condition\n or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that\n occurs when a NewSessionTicket is received by a\n multi-threaded client when attempting to reuse a\n previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code\n due to an infinite loop that occurs when verifying a\n signedData message. A remote attacker can exploit this\n to cause a denial of service condition. (CVE-2015-1792)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20150611.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to OpenSSL 0.9.8gz or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:'0.9.8zg', min:\"0.9.8\", severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:56:52", "description": "New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-12T00:00:00", "type": "nessus", "title": "Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : openssl (SSA:2015-162-01)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:openssl", "p-cpe:/a:slackware:slackware_linux:openssl-solibs", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:13.0", "cpe:/o:slackware:slackware_linux:13.1", "cpe:/o:slackware:slackware_linux:13.37", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1"], "id": "SLACKWARE_SSA_2015-162-01.NASL", "href": "https://www.tenable.com/plugins/nessus/84126", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2015-162-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84126);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-1788\", \"CVE-2015-1789\", \"CVE-2015-1790\", \"CVE-2015-1791\", \"CVE-2015-1792\");\n script_xref(name:\"SSA\", value:\"2015-162-01\");\n\n script_name(english:\"Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : openssl (SSA:2015-162-01)\");\n script_summary(english:\"Checks for updated packages in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New openssl packages are available for Slackware 13.0, 13.1, 13.37,\n14.0, 14.1, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.750596\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cf3fe0df\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl and / or openssl-solibs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:openssl-solibs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"13.0\", pkgname:\"openssl\", pkgver:\"0.9.8zg\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zg\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"0.9.8zg\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zg\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"openssl\", pkgver:\"0.9.8zg\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zg\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"0.9.8zg\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zg\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"openssl\", pkgver:\"0.9.8zg\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zg\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"0.9.8zg\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zg\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"14.0\", pkgname:\"openssl\", pkgver:\"1.0.1n\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1n\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"1.0.1n\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1n\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"openssl\", pkgver:\"1.0.1n\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1n\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"1.0.1n\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1n\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"openssl\", pkgver:\"1.0.1n\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1n\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"1.0.1n\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1n\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-02T14:18:17", "description": "According to its banner, the remote web server uses a version of OpenSSL 1.0.1 prior to 1.0.1m. The OpenSSL library is, therefore, affected by the following vulnerabilities :\n\n - A use-after-free condition exists in the d2i_ECPrivateKey() function due to improper processing of malformed EC private key files during import. A remote attacker can exploit this to dereference or free already freed memory, resulting in a denial of service or other unspecified impact. (CVE-2015-0209)\n\n - An invalid read flaw exists in the ASN1_TYPE_cmp() function due to improperly performed boolean-type comparisons. A remote attacker can exploit this, via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature, to cause an invalid read operation, resulting in a denial of service.\n (CVE-2015-0286)\n\n - A flaw exists in the ASN1_item_ex_d2i() function due to a failure to reinitialize 'CHOICE' and 'ADB' data structures when reusing a structure in ASN.1 parsing.\n This allows a remote attacker to cause an invalid write operation and memory corruption, resulting in a denial of service. (CVE-2015-0287)\n\n - A NULL pointer dereference flaw exists in the X509_to_X509_REQ() function due to improper processing of certificate keys. This allows a remote attacker, via a crafted X.509 certificate, to cause a denial of service. (CVE-2015-0288)\n\n - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing outer ContentInfo. This allows a remote attacker, using an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, to cause a denial of service. (CVE-2015-0289)\n\n - A flaw exists in servers that both support SSLv2 and enable export cipher suites due to improper implementation of SSLv2. A remote attacker can exploit this, via a crafted CLIENT-MASTER-KEY message, to cause a denial of service. (CVE-2015-0293)\n\n - A key disclosure vulnerability exists in the SSLv2 implementation in the get_client_master_key() function due to the acceptance of a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher. A man-in-the-middle attacker can exploit this to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle.\n (CVE-2016-0703) \n - An information disclosure vulnerability exists in the SSLv2 implementation in the get_client_master_key() function due to incorrectly overwriting MASTER-KEY bytes during use of export cipher suites. A remote attacker can exploit this to create a Bleichenbacher oracle.\n (CVE-2016-0704)", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-03-24T00:00:00", "type": "nessus", "title": "OpenSSL 1.0.1 < 1.0.1m Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0293", "CVE-2016-0703", "CVE-2016-0704"], "modified": "2018-07-16T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_1_0_1M.NASL", "href": "https://www.tenable.com/plugins/nessus/82032", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82032);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/07/16 14:09:14\");\n\n script_cve_id(\n \"CVE-2015-0209\",\n \"CVE-2015-0286\",\n \"CVE-2015-0287\",\n \"CVE-2015-0288\",\n \"CVE-2015-0289\",\n \"CVE-2015-0293\",\n \"CVE-2016-0703\",\n \"CVE-2016-0704\"\n );\n script_bugtraq_id(\n 73225,\n 73227,\n 73231,\n 73232,\n 73237,\n 73239\n );\n\n script_name(english:\"OpenSSL 1.0.1 < 1.0.1m Multiple Vulnerabilities\");\n script_summary(english:\"Performs a banner check.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote service is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote web server uses a version of\nOpenSSL 1.0.1 prior to 1.0.1m. The OpenSSL library is, therefore,\naffected by the following vulnerabilities :\n\n - A use-after-free condition exists in the\n d2i_ECPrivateKey() function due to improper processing\n of malformed EC private key files during import. A\n remote attacker can exploit this to dereference or free\n already freed memory, resulting in a denial of service\n or other unspecified impact. (CVE-2015-0209)\n\n - An invalid read flaw exists in the ASN1_TYPE_cmp()\n function due to improperly performed boolean-type\n comparisons. A remote attacker can exploit this, via a\n crafted X.509 certificate to an endpoint that uses the\n certificate-verification feature, to cause an invalid\n read operation, resulting in a denial of service.\n (CVE-2015-0286)\n\n - A flaw exists in the ASN1_item_ex_d2i() function due to\n a failure to reinitialize 'CHOICE' and 'ADB' data\n structures when reusing a structure in ASN.1 parsing.\n This allows a remote attacker to cause an invalid write\n operation and memory corruption, resulting in a denial\n of service. (CVE-2015-0287)\n\n - A NULL pointer dereference flaw exists in the\n X509_to_X509_REQ() function due to improper processing\n of certificate keys. This allows a remote attacker, via\n a crafted X.509 certificate, to cause a denial of\n service. (CVE-2015-0288)\n\n - A NULL pointer dereference flaw exists in the PKCS#7\n parsing code due to incorrect handling of missing outer\n ContentInfo. This allows a remote attacker, using an\n application that processes arbitrary PKCS#7 data and\n providing malformed data with ASN.1 encoding, to cause\n a denial of service. (CVE-2015-0289)\n\n - A flaw exists in servers that both support SSLv2 and\n enable export cipher suites due to improper\n implementation of SSLv2. A remote attacker can exploit\n this, via a crafted CLIENT-MASTER-KEY message, to cause\n a denial of service. (CVE-2015-0293)\n\n - A key disclosure vulnerability exists in the SSLv2\n implementation in the get_client_master_key() function\n due to the acceptance of a nonzero CLIENT-MASTER-KEY\n CLEAR-KEY-LENGTH value for an arbitrary cipher. A\n man-in-the-middle attacker can exploit this to determine\n the MASTER-KEY value and decrypt TLS ciphertext data by\n leveraging a Bleichenbacher RSA padding oracle.\n (CVE-2016-0703)\n \n - An information disclosure vulnerability exists in the\n SSLv2 implementation in the get_client_master_key()\n function due to incorrectly overwriting MASTER-KEY bytes\n during use of export cipher suites. A remote attacker\n can exploit this to create a Bleichenbacher oracle.\n (CVE-2016-0704)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20150319.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20160301.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to OpenSSL 1.0.1m or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:'1.0.1m', min:\"1.0.1\", severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-02T14:18:16", "description": "According to its banner, the remote web server uses a version of OpenSSL 1.0.0 prior to 1.0.0r. The OpenSSL library is, therefore, affected by the following vulnerabilities :\n\n - A use-after-free condition exists in the d2i_ECPrivateKey() function due to improper processing of malformed EC private key files during import. A remote attacker can exploit this to dereference or free already freed memory, resulting in a denial of service or other unspecified impact. (CVE-2015-0209)\n\n - An invalid read flaw exists in the ASN1_TYPE_cmp() function due to improperly performed boolean-type comparisons. A remote attacker can exploit this, via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature, to cause an invalid read operation, resulting in a denial of service.\n (CVE-2015-0286)\n\n - A flaw exists in the ASN1_item_ex_d2i() function due to a failure to reinitialize 'CHOICE' and 'ADB' data structures when reusing a structure in ASN.1 parsing.\n This allows a remote attacker to cause an invalid write operation and memory corruption, resulting in a denial of service. (CVE-2015-0287)\n\n - A NULL pointer dereference flaw exists in the X509_to_X509_REQ() function due to improper processing of certificate keys. This allows a remote attacker, via a crafted X.509 certificate, to cause a denial of service. (CVE-2015-0288)\n\n - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing outer ContentInfo. This allows a remote attacker, using an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, to cause a denial of service. (CVE-2015-0289)\n\n - A flaw exists in servers that both support SSLv2 and enable export cipher suites due to improper implementation of SSLv2. A remote attacker can exploit this, via a crafted CLIENT-MASTER-KEY message, to cause a denial of service. (CVE-2015-0293)\n\n - A key disclosure vulnerability exists in the SSLv2 implementation in the get_client_master_key() function due to the acceptance of a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher. A man-in-the-middle attacker can exploit this to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle.\n (CVE-2016-0703) \n - An information disclosure vulnerability exists in the SSLv2 implementation in the get_client_master_key() function due to incorrectly overwriting MASTER-KEY bytes during use of export cipher suites. A remote attacker can exploit this to create a Bleichenbacher oracle.\n (CVE-2016-0704)", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-03-24T00:00:00", "type": "nessus", "title": "OpenSSL 1.0.0 < 1.0.0r Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0293", "CVE-2016-0703", "CVE-2016-0704"], "modified": "2018-07-16T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_1_0_0R.NASL", "href": "https://www.tenable.com/plugins/nessus/82031", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82031);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/07/16 14:09:14\");\n\n script_cve_id(\n \"CVE-2015-0209\",\n \"CVE-2015-0286\",\n \"CVE-2015-0287\",\n \"CVE-2015-0288\",\n \"CVE-2015-0289\",\n \"CVE-2015-0293\",\n \"CVE-2016-0703\",\n \"CVE-2016-0704\"\n );\n script_bugtraq_id(\n 73225,\n 73227,\n 73231,\n 73232,\n 73237,\n 73239\n );\n\n script_name(english:\"OpenSSL 1.0.0 < 1.0.0r Multiple Vulnerabilities\");\n script_summary(english:\"Performs a banner check.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote service is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote web server uses a version of\nOpenSSL 1.0.0 prior to 1.0.0r. The OpenSSL library is, therefore,\naffected by the following vulnerabilities :\n\n - A use-after-free condition exists in the\n d2i_ECPrivateKey() function due to improper processing\n of malformed EC private key files during import. A\n remote attacker can exploit this to dereference or free\n already freed memory, resulting in a denial of service\n or other unspecified impact. (CVE-2015-0209)\n\n - An invalid read flaw exists in the ASN1_TYPE_cmp()\n function due to improperly performed boolean-type\n comparisons. A remote attacker can exploit this, via a\n crafted X.509 certificate to an endpoint that uses the\n certificate-verification feature, to cause an invalid\n read operation, resulting in a denial of service.\n (CVE-2015-0286)\n\n - A flaw exists in the ASN1_item_ex_d2i() function due to\n a failure to reinitialize 'CHOICE' and 'ADB' data\n structures when reusing a structure in ASN.1 parsing.\n This allows a remote attacker to cause an invalid write\n operation and memory corruption, resulting in a denial\n of service. (CVE-2015-0287)\n\n - A NULL pointer dereference flaw exists in the\n X509_to_X509_REQ() function due to improper processing\n of certificate keys. This allows a remote attacker, via\n a crafted X.509 certificate, to cause a denial of\n service. (CVE-2015-0288)\n\n - A NULL pointer dereference flaw exists in the PKCS#7\n parsing code due to incorrect handling of missing outer\n ContentInfo. This allows a remote attacker, using an\n application that processes arbitrary PKCS#7 data and\n providing malformed data with ASN.1 encoding, to cause\n a denial of service. (CVE-2015-0289)\n\n - A flaw exists in servers that both support SSLv2 and\n enable export cipher suites due to improper\n implementation of SSLv2. A remote attacker can exploit\n this, via a crafted CLIENT-MASTER-KEY message, to cause\n a denial of service. (CVE-2015-0293)\n\n - A key disclosure vulnerability exists in the SSLv2\n implementation in the get_client_master_key() function\n due to the acceptance of a nonzero CLIENT-MASTER-KEY\n CLEAR-KEY-LENGTH value for an arbitrary cipher. A\n man-in-the-middle attacker can exploit this to determine\n the MASTER-KEY value and decrypt TLS ciphertext data by\n leveraging a Bleichenbacher RSA padding oracle.\n (CVE-2016-0703)\n \n - An information disclosure vulnerability exists in the\n SSLv2 implementation in the get_client_master_key()\n function due to incorrectly overwriting MASTER-KEY bytes\n during use of export cipher suites. A remote attacker\n can exploit this to create a Bleichenbacher oracle.\n (CVE-2016-0704)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20150319.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20160301.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to OpenSSL 1.0.0r or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:'1.0.0r', min:\"1.0.0\", severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-02T14:18:33", "description": "According to its banner, the remote web server uses a version of OpenSSL 0.9.8 prior to 0.9.8zf. The OpenSSL library is, therefore, affected by the following vulnerabilities :\n\n - A use-after-free condition exists in the d2i_ECPrivateKey() function due to improper processing of malformed EC private key files during import. A remote attacker can exploit this to dereference or free already freed memory, resulting in a denial of service or other unspecified impact. (CVE-2015-0209)\n\n - An invalid read flaw exists in the ASN1_TYPE_cmp() function due to improperly performed boolean-type comparisons. A remote attacker can exploit this, via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature, to cause an invalid read operation, resulting in a denial of service.\n (CVE-2015-0286)\n\n - A flaw exists in the ASN1_item_ex_d2i() function due to a failure to reinitialize 'CHOICE' and 'ADB' data structures when reusing a structure in ASN.1 parsing.\n This allows a remote attacker to cause an invalid write operation and memory corruption, resulting in a denial of service. (CVE-2015-0287)\n\n - A NULL pointer dereference flaw exists in the X509_to_X509_REQ() function due to improper processing of certificate keys. This allows a remote attacker, via a crafted X.509 certificate, to cause a denial of service. (CVE-2015-0288)\n\n - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing outer ContentInfo. This allows a remote attacker, using an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, to cause a denial of service. (CVE-2015-0289)\n\n - A flaw exists in servers that both support SSLv2 and enable export cipher suites due to improper implementation of SSLv2. A remote attacker can exploit this, via a crafted CLIENT-MASTER-KEY message, to cause a denial of service. (CVE-2015-0293)\n\n - A key disclosure vulnerability exists in the SSLv2 implementation in the get_client_master_key() function due to the acceptance of a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher. A man-in-the-middle attacker can exploit this to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle.\n (CVE-2016-0703) \n - An information disclosure vulnerability exists in the SSLv2 implementation in the get_client_master_key() function due to incorrectly overwriting MASTER-KEY bytes during use of export cipher suites. A remote attacker can exploit this to create a Bleichenbacher oracle.\n (CVE-2016-0704)", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-03-24T00:00:00", "type": "nessus", "title": "OpenSSL 0.9.8 < 0.9.8zf Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0293", "CVE-2016-0703", "CVE-2016-0704"], "modified": "2018-07-16T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_0_9_8ZF.NASL", "href": "https://www.tenable.com/plugins/nessus/82030", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82030);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/07/16 14:09:14\");\n\n script_cve_id(\n \"CVE-2015-0209\",\n \"CVE-2015-0286\",\n \"CVE-2015-0287\",\n \"CVE-2015-0288\",\n \"CVE-2015-0289\",\n \"CVE-2015-0293\",\n \"CVE-2016-0703\",\n \"CVE-2016-0704\"\n );\n script_bugtraq_id(\n 73225,\n 73227,\n 73231,\n 73232,\n 73237,\n 73239\n );\n\n script_name(english:\"OpenSSL 0.9.8 < 0.9.8zf Multiple Vulnerabilities\");\n script_summary(english:\"Performs a banner check.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote service is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote web server uses a version of\nOpenSSL 0.9.8 prior to 0.9.8zf. The OpenSSL library is, therefore,\naffected by the following vulnerabilities :\n\n - A use-after-free condition exists in the\n d2i_ECPrivateKey() function due to improper processing\n of malformed EC private key files during import. A\n remote attacker can exploit this to dereference or free\n already freed memory, resulting in a denial of service\n or other unspecified impact. (CVE-2015-0209)\n\n - An invalid read flaw exists in the ASN1_TYPE_cmp()\n function due to improperly performed boolean-type\n comparisons. A remote attacker can exploit this, via a\n crafted X.509 certificate to an endpoint that uses the\n certificate-verification feature, to cause an invalid\n read operation, resulting in a denial of service.\n (CVE-2015-0286)\n\n - A flaw exists in the ASN1_item_ex_d2i() function due to\n a failure to reinitialize 'CHOICE' and 'ADB' data\n structures when reusing a structure in ASN.1 parsing.\n This allows a remote attacker to cause an invalid write\n operation and memory corruption, resulting in a denial\n of service. (CVE-2015-0287)\n\n - A NULL pointer dereference flaw exists in the\n X509_to_X509_REQ() function due to improper processing\n of certificate keys. This allows a remote attacker, via\n a crafted X.509 certificate, to cause a denial of\n service. (CVE-2015-0288)\n\n - A NULL pointer dereference flaw exists in the PKCS#7\n parsing code due to incorrect handling of missing outer\n ContentInfo. This allows a remote attacker, using an\n application that processes arbitrary PKCS#7 data and\n providing malformed data with ASN.1 encoding, to cause\n a denial of service. (CVE-2015-0289)\n\n - A flaw exists in servers that both support SSLv2 and\n enable export cipher suites due to improper\n implementation of SSLv2. A remote attacker can exploit\n this, via a crafted CLIENT-MASTER-KEY message, to cause\n a denial of service. (CVE-2015-0293)\n\n - A key disclosure vulnerability exists in the SSLv2\n implementation in the get_client_master_key() function\n due to the acceptance of a nonzero CLIENT-MASTER-KEY\n CLEAR-KEY-LENGTH value for an arbitrary cipher. A\n man-in-the-middle attacker can exploit this to determine\n the MASTER-KEY value and decrypt TLS ciphertext data by\n leveraging a Bleichenbacher RSA padding oracle.\n (CVE-2016-0703)\n \n - An information disclosure vulnerability exists in the\n SSLv2 implementation in the get_client_master_key()\n function due to incorrectly overwriting MASTER-KEY bytes\n during use of export cipher suites. A remote attacker\n can exploit this to create a Bleichenbacher oracle.\n (CVE-2016-0704)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20150319.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20160301.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to OpenSSL 0.9.8zf or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:'0.9.8zf', min:\"0.9.8\", severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:28:13", "description": "CVE-2009-0590 openssl: ASN1 printing crash\n\nCVE-2009-1377 OpenSSL: DTLS epoch record buffer memory DoS\n\nCVE-2009-1378 OpenSSL: DTLS fragment handling memory DoS\n\nCVE-2009-1379 OpenSSL: DTLS pointer use-after-free flaw (DoS)\n\nCVE-2009-1386 openssl: DTLS NULL deref crash on early ChangeCipherSpec request\n\nCVE-2009-1387 openssl: DTLS out-of-sequence message handling NULL deref DoS\n\nMultiple denial of service flaws were discovered in OpenSSL's DTLS implementation. A remote attacker could use these flaws to cause a DTLS server to use excessive amounts of memory, or crash on an invalid memory access or NULL pointer dereference. (CVE-2009-1377, CVE-2009-1378,\n\nCVE-2009-1379, CVE-2009-1386, CVE-2009-1387)\n\nNote: These flaws only affect applications that use DTLS. Scientific Linux does not ship any DTLS client or server applications.\n\nAn input validation flaw was found in the handling of the BMPString and UniversalString ASN1 string types in OpenSSL's ASN1_STRING_print_ex() function. An attacker could use this flaw to create a specially crafted X.509 certificate that could cause applications using the affected function to crash when printing certificate contents. (CVE-2009-0590)\n\nNote: The affected function is rarely used. No application shipped with Scientific Linux calls this function, for example.\n\nThese updated packages also fix the following bugs :\n\n - 'openssl smime -verify -in' verifies the signature of the input file and the '-verify' switch expects a signed or encrypted input file. Previously, running openssl on an S/MIME file that was not encrypted or signed caused openssl to segfault. With this update, the input file is now checked for a signature or encryption. Consequently, openssl now returns an error and quits when attempting to verify an unencrypted or unsigned S/MIME file.\n (BZ#472440)\n\n - when generating RSA keys, pairwise tests were called even in non-FIPS mode. This prevented small keys from being generated. With this update, generating keys in non-FIPS mode no longer calls the pairwise tests and keys as small as 32-bits can be generated in this mode.\n Note: In FIPS mode, pairwise tests are still called and keys generated in this mode must still be 1024-bits or larger. (BZ#479817)\n\nAs well, these updated packages add the following enhancements :\n\n - both the libcrypto and libssl shared libraries, which are part of the OpenSSL FIPS module, are now checked for integrity on initialization of FIPS mode. (BZ#475798)\n\n - an issuing Certificate Authority (CA) allows multiple certificate templates to inherit the CA's Common Name (CN). Because this CN is used as a unique identifier, each template had to have its own Certificate Revocation List (CRL). With this update, multiple CRLs with the same subject name can now be stored in a X509_STORE structure, with their signature field being used to distinguish between them. (BZ#457134)\n\n - the fipscheck library is no longer needed for rebuilding the openssl source RPM. (BZ#475798)", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : openssl on SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0590", "CVE-2009-1377", "CVE-2009-1378", "CVE-2009-1379", "CVE-2009-1386", "CVE-2009-1387"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20090902_OPENSSL_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60658", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60658);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0590\", \"CVE-2009-1377\", \"CVE-2009-1378\", \"CVE-2009-1379\", \"CVE-2009-1386\", \"CVE-2009-1387\");\n\n script_name(english:\"Scientific Linux Security Update : openssl on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2009-0590 openssl: ASN1 printing crash\n\nCVE-2009-1377 OpenSSL: DTLS epoch record buffer memory DoS\n\nCVE-2009-1378 OpenSSL: DTLS fragment handling memory DoS\n\nCVE-2009-1379 OpenSSL: DTLS pointer use-after-free flaw (DoS)\n\nCVE-2009-1386 openssl: DTLS NULL deref crash on early ChangeCipherSpec\nrequest\n\nCVE-2009-1387 openssl: DTLS out-of-sequence message handling NULL\nderef DoS\n\nMultiple denial of service flaws were discovered in OpenSSL's DTLS\nimplementation. A remote attacker could use these flaws to cause a\nDTLS server to use excessive amounts of memory, or crash on an invalid\nmemory access or NULL pointer dereference. (CVE-2009-1377,\nCVE-2009-1378,\n\nCVE-2009-1379, CVE-2009-1386, CVE-2009-1387)\n\nNote: These flaws only affect applications that use DTLS. Scientific\nLinux does not ship any DTLS client or server applications.\n\nAn input validation flaw was found in the handling of the BMPString\nand UniversalString ASN1 string types in OpenSSL's\nASN1_STRING_print_ex() function. An attacker could use this flaw to\ncreate a specially crafted X.509 certificate that could cause\napplications using the affected function to crash when printing\ncertificate contents. (CVE-2009-0590)\n\nNote: The affected function is rarely used. No application shipped\nwith Scientific Linux calls this function, for example.\n\nThese updated packages also fix the following bugs :\n\n - 'openssl smime -verify -in' verifies the signature of\n the input file and the '-verify' switch expects a signed\n or encrypted input file. Previously, running openssl on\n an S/MIME file that was not encrypted or signed caused\n openssl to segfault. With this update, the input file is\n now checked for a signature or encryption. Consequently,\n openssl now returns an error and quits when attempting\n to verify an unencrypted or unsigned S/MIME file.\n (BZ#472440)\n\n - when generating RSA keys, pairwise tests were called\n even in non-FIPS mode. This prevented small keys from\n being generated. With this update, generating keys in\n non-FIPS mode no longer calls the pairwise tests and\n keys as small as 32-bits can be generated in this mode.\n Note: In FIPS mode, pairwise tests are still called and\n keys generated in this mode must still be 1024-bits or\n larger. (BZ#479817)\n\nAs well, these updated packages add the following enhancements :\n\n - both the libcrypto and libssl shared libraries, which\n are part of the OpenSSL FIPS module, are now checked for\n integrity on initialization of FIPS mode. (BZ#475798)\n\n - an issuing Certificate Authority (CA) allows multiple\n certificate templates to inherit the CA's Common Name\n (CN). Because this CN is used as a unique identifier,\n each template had to have its own Certificate Revocation\n List (CRL). With this update, multiple CRLs with the\n same subject name can now be stored in a X509_STORE\n structure, with their signature field being used to\n distinguish between them. (BZ#457134)\n\n - the fipscheck library is no longer needed for rebuilding\n the openssl source RPM. (BZ#475798)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=457134\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=472440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=475798\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=479817\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0909&L=scientific-linux-errata&T=0&P=1445\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?df0d6dcf\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected openssl, openssl-devel and / or openssl-perl\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"openssl-0.9.8e-12.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openssl-devel-0.9.8e-12.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openssl-perl-0.9.8e-12.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-17T14:36:55", "description": "The remote host is affected by the vulnerability described in GLSA-200710-06 (OpenSSL: Multiple vulnerabilities)\n\n Moritz Jodeit reported an off-by-one error in the SSL_get_shared_ciphers() function, resulting from an incomplete fix of CVE-2006-3738. A flaw has also been reported in the BN_from_montgomery() function in crypto/bn/bn_mont.c when performing Montgomery multiplication.\n Impact :\n\n A remote attacker sending a specially crafted packet to an application relying on OpenSSL could possibly execute arbitrary code with the privileges of the user running the application. A local attacker could perform a side channel attack to retrieve the RSA private keys.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2007-10-09T00:00:00", "type": "nessus", "title": "GLSA-200710-06 : OpenSSL: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-3738", "CVE-2007-3108", "CVE-2007-5135"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:openssl", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200710-06.NASL", "href": "https://www.tenable.com/plugins/nessus/26946", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200710-06.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(26946);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-3738\", \"CVE-2007-3108\", \"CVE-2007-5135\");\n script_xref(name:\"GLSA\", value:\"200710-06\");\n\n script_name(english:\"GLSA-200710-06 : OpenSSL: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200710-06\n(OpenSSL: Multiple vulnerabilities)\n\n Moritz Jodeit reported an off-by-one error in the\n SSL_get_shared_ciphers() function, resulting from an incomplete fix of\n CVE-2006-3738. A flaw has also been reported in the\n BN_from_montgomery() function in crypto/bn/bn_mont.c when performing\n Montgomery multiplication.\n \nImpact :\n\n A remote attacker sending a specially crafted packet to an application\n relying on OpenSSL could possibly execute arbitrary code with the\n privileges of the user running the application. A local attacker could\n perform a side channel attack to retrieve the RSA private keys.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200710-06\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All OpenSSL users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/openssl-0.9.8e-r3'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/10/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/09\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-libs/openssl\", unaffected:make_list(\"ge 0.9.8e-r3\"), vulnerable:make_list(\"lt 0.9.8e-r3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenSSL\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-18T15:28:28", "description": "A flaw in how OpenSSL performed Montgomery multiplications was discovered %that could allow a local attacker to reconstruct RSA private keys by examining another user's OpenSSL processes (CVE-2007-3108).\n\nMoritz Jodeit found that OpenSSL's SSL_get_shared_ciphers() function did not correctly check the size of the buffer it was writing to. As a result, a remote attacker could exploit this to write one NULL byte past the end of the applications's cipher list buffer, which could possibly lead to a denial of service or the execution of arbitrary code (CVE-2007-5135).\n\nUpdated packages have been patched to prevent these issues.", "cvss3": {}, "published": "2007-10-09T00:00:00", "type": "nessus", "title": "Mandrake Linux Security Advisory : openssl (MDKSA-2007:193)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-3738", "CVE-2007-3108", "CVE-2007-5135"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64openssl0.9.8", "p-cpe:/a:mandriva:linux:lib64openssl0.9.8-devel", "p-cpe:/a:mandriva:linux:lib64openssl0.9.8-static-devel", "p-cpe:/a:mandriva:linux:libopenssl0.9.8", "p-cpe:/a:mandriva:linux:libopenssl0.9.8-devel", "p-cpe:/a:mandriva:linux:libopenssl0.9.8-static-devel", "p-cpe:/a:mandriva:linux:openssl", "cpe:/o:mandriva:linux:2007", "cpe:/o:mandriva:linux:2007.1"], "id": "MANDRAKE_MDKSA-2007-193.NASL", "href": "https://www.tenable.com/plugins/nessus/26950", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2007:193. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(26950);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-3738\", \"CVE-2007-3108\", \"CVE-2007-5135\");\n script_xref(name:\"MDKSA\", value:\"2007:193\");\n\n script_name(english:\"Mandrake Linux Security Advisory : openssl (MDKSA-2007:193)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw in how OpenSSL performed Montgomery multiplications was\ndiscovered %that could allow a local attacker to reconstruct RSA\nprivate keys by examining another user's OpenSSL processes\n(CVE-2007-3108).\n\nMoritz Jodeit found that OpenSSL's SSL_get_shared_ciphers() function\ndid not correctly check the size of the buffer it was writing to. As a\nresult, a remote attacker could exploit this to write one NULL byte\npast the end of the applications's cipher list buffer, which could\npossibly lead to a denial of service or the execution of arbitrary\ncode (CVE-2007-5135).\n\nUpdated packages have been patched to prevent these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl0.9.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl0.9.8-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl0.9.8-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl0.9.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl0.9.8-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl0.9.8-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64openssl0.9.8-0.9.8b-2.3mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64openssl0.9.8-devel-0.9.8b-2.3mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64openssl0.9.8-static-devel-0.9.8b-2.3mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libopenssl0.9.8-0.9.8b-2.3mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libopenssl0.9.8-devel-0.9.8b-2.3mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libopenssl0.9.8-static-devel-0.9.8b-2.3mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"openssl-0.9.8b-2.3mdv2007.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64openssl0.9.8-0.9.8e-2.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64openssl0.9.8-devel-0.9.8e-2.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64openssl0.9.8-static-devel-0.9.8e-2.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libopenssl0.9.8-0.9.8e-2.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libopenssl0.9.8-devel-0.9.8e-2.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libopenssl0.9.8-static-devel-0.9.8e-2.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"openssl-0.9.8e-2.2mdv2007.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-03T15:08:04", "description": "From Red Hat Security Advisory 2015:0716 :\n\nUpdated openssl packages that fix several security issues and one bug are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nAn invalid pointer use flaw was found in OpenSSL's ASN1_TYPE_cmp() function. A remote attacker could crash a TLS/SSL client or server using OpenSSL via a specially crafted X.509 certificate when the attacker-supplied certificate was verified by the application.\n(CVE-2015-0286)\n\nAn integer underflow flaw, leading to a buffer overflow, was found in the way OpenSSL decoded malformed Base64-encoded inputs. An attacker able to make an application using OpenSSL decode a specially crafted Base64-encoded input (such as a PEM file) could use this flaw to cause the application to crash. Note: this flaw is not exploitable via the TLS/SSL protocol because the data being transferred is not Base64-encoded. (CVE-2015-0292)\n\nA denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled.\n(CVE-2015-0293)\n\nA use-after-free flaw was found in the way OpenSSL imported malformed Elliptic Curve private keys. A specially crafted key file could cause an application using OpenSSL to crash when imported. (CVE-2015-0209)\n\nAn out-of-bounds write flaw was found in the way OpenSSL reused certain ASN.1 structures. A remote attacker could possibly use a specially crafted ASN.1 structure that, when parsed by an application, would cause that application to crash. (CVE-2015-0287)\n\nA NULL pointer dereference flaw was found in OpenSSL's X.509 certificate handling implementation. A specially crafted X.509 certificate could cause an application using OpenSSL to crash if the application attempted to convert the certificate to a certificate request. (CVE-2015-0288)\n\nA NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. An attacker able to make an application using OpenSSL verify, decrypt, or parse a specially crafted PKCS#7 input could cause that application to crash. TLS/SSL clients and servers using OpenSSL were not affected by this flaw. (CVE-2015-0289)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, and CVE-2015-0293. Upstream acknowledges Stephen Henson of the OpenSSL development team as the original reporter of CVE-2015-0286, Emilia Kasper of the OpenSSL development team as the original reporter of CVE-2015-0287, Brian Carpenter as the original reporter of CVE-2015-0288, Michal Zalewski of Google as the original reporter of CVE-2015-0289, Robert Dugal and David Ramos as the original reporters of CVE-2015-0292, and Sean Burford of Google and Emilia Kasper of the OpenSSL development team as the original reporters of CVE-2015-0293.\n\nThis update also fixes the following bug :\n\n* When a wrapped Advanced Encryption Standard (AES) key did not require any padding, it was incorrectly padded with 8 bytes, which could lead to data corruption and interoperability problems. With this update, the rounding algorithm in the RFC 5649 key wrapping implementation has been fixed. As a result, the wrapped key conforms to the specification, which prevents the described problems.\n(BZ#1197667)\n\nAll openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-03-24T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : openssl (ELSA-2015-0716)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0292", "CVE-2015-0293", "CVE-2016-0703", "CVE-2016-0704"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:openssl", "p-cpe:/a:oracle:linux:openssl-devel", "p-cpe:/a:oracle:linux:openssl-libs", "p-cpe:/a:oracle:linux:openssl-perl", "p-cpe:/a:oracle:linux:openssl-static", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2015-0716.NASL", "href": "https://www.tenable.com/plugins/nessus/82016", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:0716 and \n# Oracle Linux Security Advisory ELSA-2015-0716 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82016);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-0209\", \"CVE-2015-0286\", \"CVE-2015-0287\", \"CVE-2015-0288\", \"CVE-2015-0289\", \"CVE-2015-0292\", \"CVE-2015-0293\", \"CVE-2016-0703\", \"CVE-2016-0704\");\n script_xref(name:\"RHSA\", value:\"2015:0716\");\n\n script_name(english:\"Oracle Linux 7 : openssl (ELSA-2015-0716)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:0716 :\n\nUpdated openssl packages that fix several security issues and one bug\nare now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nAn invalid pointer use flaw was found in OpenSSL's ASN1_TYPE_cmp()\nfunction. A remote attacker could crash a TLS/SSL client or server\nusing OpenSSL via a specially crafted X.509 certificate when the\nattacker-supplied certificate was verified by the application.\n(CVE-2015-0286)\n\nAn integer underflow flaw, leading to a buffer overflow, was found in\nthe way OpenSSL decoded malformed Base64-encoded inputs. An attacker\nable to make an application using OpenSSL decode a specially crafted\nBase64-encoded input (such as a PEM file) could use this flaw to cause\nthe application to crash. Note: this flaw is not exploitable via the\nTLS/SSL protocol because the data being transferred is not\nBase64-encoded. (CVE-2015-0292)\n\nA denial of service flaw was found in the way OpenSSL handled SSLv2\nhandshake messages. A remote attacker could use this flaw to cause a\nTLS/SSL server using OpenSSL to exit on a failed assertion if it had\nboth the SSLv2 protocol and EXPORT-grade cipher suites enabled.\n(CVE-2015-0293)\n\nA use-after-free flaw was found in the way OpenSSL imported malformed\nElliptic Curve private keys. A specially crafted key file could cause\nan application using OpenSSL to crash when imported. (CVE-2015-0209)\n\nAn out-of-bounds write flaw was found in the way OpenSSL reused\ncertain ASN.1 structures. A remote attacker could possibly use a\nspecially crafted ASN.1 structure that, when parsed by an application,\nwould cause that application to crash. (CVE-2015-0287)\n\nA NULL pointer dereference flaw was found in OpenSSL's X.509\ncertificate handling implementation. A specially crafted X.509\ncertificate could cause an application using OpenSSL to crash if the\napplication attempted to convert the certificate to a certificate\nrequest. (CVE-2015-0288)\n\nA NULL pointer dereference was found in the way OpenSSL handled\ncertain PKCS#7 inputs. An attacker able to make an application using\nOpenSSL verify, decrypt, or parse a specially crafted PKCS#7 input\ncould cause that application to crash. TLS/SSL clients and servers\nusing OpenSSL were not affected by this flaw. (CVE-2015-0289)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289,\nCVE-2015-0292, and CVE-2015-0293. Upstream acknowledges Stephen Henson\nof the OpenSSL development team as the original reporter of\nCVE-2015-0286, Emilia Kasper of the OpenSSL development team as the\noriginal reporter of CVE-2015-0287, Brian Carpenter as the original\nreporter of CVE-2015-0288, Michal Zalewski of Google as the original\nreporter of CVE-2015-0289, Robert Dugal and David Ramos as the\noriginal reporters of CVE-2015-0292, and Sean Burford of Google and\nEmilia Kasper of the OpenSSL development team as the original\nreporters of CVE-2015-0293.\n\nThis update also fixes the following bug :\n\n* When a wrapped Advanced Encryption Standard (AES) key did not\nrequire any padding, it was incorrectly padded with 8 bytes, which\ncould lead to data corruption and interoperability problems. With this\nupdate, the rounding algorithm in the RFC 5649 key wrapping\nimplementation has been fixed. As a result, the wrapped key conforms\nto the specification, which prevents the described problems.\n(BZ#1197667)\n\nAll openssl users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. For the\nupdate to take effect, all services linked to the OpenSSL library must\nbe restarted, or the system rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-March/004921.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssl-1.0.1e-42.el7_1.4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssl-devel-1.0.1e-42.el7_1.4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssl-libs-1.0.1e-42.el7_1.4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-42.el7_1.4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssl-static-1.0.1e-42.el7_1.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-libs / openssl-perl / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-01T14:38:57", "description": "Updated openssl packages that fix several security issues and one bug are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nAn invalid pointer use flaw was found in OpenSSL's ASN1_TYPE_cmp() function. A remote attacker could crash a TLS/SSL client or server using OpenSSL via a specially crafted X.509 certificate when the attacker-supplied certificate was verified by the application.\n(CVE-2015-0286)\n\nAn integer underflow flaw, leading to a buffer overflow, was found in the way OpenSSL decoded malformed Base64-encoded inputs. An attacker able to make an application using OpenSSL decode a specially crafted Base64-encoded input (such as a PEM file) could use this flaw to cause the application to crash. Note: this flaw is not exploitable via the TLS/SSL protocol because the data being transferred is not Base64-encoded. (CVE-2015-0292)\n\nA denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled.\n(CVE-2015-0293)\n\nA use-after-free flaw was found in the way OpenSSL imported malformed Elliptic Curve private keys. A specially crafted key file could cause an application using OpenSSL to crash when imported. (CVE-2015-0209)\n\nAn out-of-bounds write flaw was found in the way OpenSSL reused certain ASN.1 structures. A remote attacker could possibly use a specially crafted ASN.1 structure that, when parsed by an application, would cause that application to crash. (CVE-2015-0287)\n\nA NULL pointer dereference flaw was found in OpenSSL's X.509 certificate handling implementation. A specially crafted X.509 certificate could cause an application using OpenSSL to crash if the application attempted to convert the certificate to a certificate request. (CVE-2015-0288)\n\nA NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. An attacker able to make an application using OpenSSL verify, decrypt, or parse a specially crafted PKCS#7 input could cause that application to crash. TLS/SSL clients and servers using OpenSSL were not affected by this flaw. (CVE-2015-0289)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, and CVE-2015-0293. Upstream acknowledges Stephen Henson of the OpenSSL development team as the original reporter of CVE-2015-0286, Emilia Kasper of the OpenSSL development team as the original reporter of CVE-2015-0287, Brian Carpenter as the original reporter of CVE-2015-0288, Michal Zalewski of Google as the original reporter of CVE-2015-0289, Robert Dugal and David Ramos as the original reporters of CVE-2015-0292, and Sean Burford of Google and Emilia Kasper of the OpenSSL development team as the original reporters of CVE-2015-0293.\n\nThis update also fixes the following bug :\n\n* When a wrapped Advanced Encryption Standard (AES) key did not require any padding, it was incorrectly padded with 8 bytes, which could lead to data corruption and interoperability problems. With this update, the rounding algorithm in the RFC 5649 key wrapping implementation has been fixed. As a result, the wrapped key conforms to the specification, which prevents the described problems.\n(BZ#1197667)\n\nAll openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-03-24T00:00:00", "type": "nessus", "title": "RHEL 7 : openssl (RHSA-2015:0716)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0292", "CVE-2015-0293", "CVE-2016-0703", "CVE-2016-0704"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:openssl", "p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo", "p-cpe:/a:redhat:enterprise_linux:openssl-devel", "p-cpe:/a:redhat:enterprise_linux:openssl-libs", "p-cpe:/a:redhat:enterprise_linux:openssl-perl", "p-cpe:/a:redhat:enterprise_linux:openssl-static", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.1", "cpe:/o:redhat:enterprise_linux:7.2", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2015-0716.NASL", "href": "https://www.tenable.com/plugins/nessus/82018", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0716. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82018);\n script_version(\"1.24\");\n script_cvs_date(\"Date: 2019/10/24 15:35:39\");\n\n script_cve_id(\"CVE-2015-0209\", \"CVE-2015-0286\", \"CVE-2015-0287\", \"CVE-2015-0288\", \"CVE-2015-0289\", \"CVE-2015-0292\", \"CVE-2015-0293\", \"CVE-2016-0703\", \"CVE-2016-0704\");\n script_xref(name:\"RHSA\", value:\"2015:0716\");\n\n script_name(english:\"RHEL 7 : openssl (RHSA-2015:0716)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssl packages that fix several security issues and one bug\nare now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nAn invalid pointer use flaw was found in OpenSSL's ASN1_TYPE_cmp()\nfunction. A remote attacker could crash a TLS/SSL client or server\nusing OpenSSL via a specially crafted X.509 certificate when the\nattacker-supplied certificate was verified by the application.\n(CVE-2015-0286)\n\nAn integer underflow flaw, leading to a buffer overflow, was found in\nthe way OpenSSL decoded malformed Base64-encoded inputs. An attacker\nable to make an application using OpenSSL decode a specially crafted\nBase64-encoded input (such as a PEM file) could use this flaw to cause\nthe application to crash. Note: this flaw is not exploitable via the\nTLS/SSL protocol because the data being transferred is not\nBase64-encoded. (CVE-2015-0292)\n\nA denial of service flaw was found in the way OpenSSL handled SSLv2\nhandshake messages. A remote attacker could use this flaw to cause a\nTLS/SSL server using OpenSSL to exit on a failed assertion if it had\nboth the SSLv2 protocol and EXPORT-grade cipher suites enabled.\n(CVE-2015-0293)\n\nA use-after-free flaw was found in the way OpenSSL imported malformed\nElliptic Curve private keys. A specially crafted key file could cause\nan application using OpenSSL to crash when imported. (CVE-2015-0209)\n\nAn out-of-bounds write flaw was found in the way OpenSSL reused\ncertain ASN.1 structures. A remote attacker could possibly use a\nspecially crafted ASN.1 structure that, when parsed by an application,\nwould cause that application to crash. (CVE-2015-0287)\n\nA NULL pointer dereference flaw was found in OpenSSL's X.509\ncertificate handling implementation. A specially crafted X.509\ncertificate could cause an application using OpenSSL to crash if the\napplication attempted to convert the certificate to a certificate\nrequest. (CVE-2015-0288)\n\nA NULL pointer dereference was found in the way OpenSSL handled\ncertain PKCS#7 inputs. An attacker able to make an application using\nOpenSSL verify, decrypt, or parse a specially crafted PKCS#7 input\ncould cause that application to crash. TLS/SSL clients and servers\nusing OpenSSL were not affected by this flaw. (CVE-2015-0289)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289,\nCVE-2015-0292, and CVE-2015-0293. Upstream acknowledges Stephen Henson\nof the OpenSSL development team as the original reporter of\nCVE-2015-0286, Emilia Kasper of the OpenSSL development team as the\noriginal reporter of CVE-2015-0287, Brian Carpenter as the original\nreporter of CVE-2015-0288, Michal Zalewski of Google as the original\nreporter of CVE-2015-0289, Robert Dugal and David Ramos as the\noriginal reporters of CVE-2015-0292, and Sean Burford of Google and\nEmilia Kasper of the OpenSSL development team as the original\nreporters of CVE-2015-0293.\n\nThis update also fixes the following bug :\n\n* When a wrapped Advanced Encryption Standard (AES) key did not\nrequire any padding, it was incorrectly padded with 8 bytes, which\ncould lead to data corruption and interoperability problems. With this\nupdate, the rounding algorithm in the RFC 5649 key wrapping\nimplementation has been fixed. As a result, the wrapped key conforms\nto the specification, which prevents the described problems.\n(BZ#1197667)\n\nAll openssl users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. For the\nupdate to take effect, all services linked to the OpenSSL library must\nbe restarted, or the system rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:0716\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0209\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0286\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0287\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0288\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0289\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0292\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0293\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0703\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0704\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:0716\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"openssl-1.0.1e-42.el7_1.4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openssl-1.0.1e-42.el7_1.4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"openssl-debuginfo-1.0.1e-42.el7_1.4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"openssl-devel-1.0.1e-42.el7_1.4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"openssl-libs-1.0.1e-42.el7_1.4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"openssl-perl-1.0.1e-42.el7_1.4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-42.el7_1.4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"openssl-static-1.0.1e-42.el7_1.4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-libs / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:01:00", "description": "According to its version number, the instance of Splunk hosted on the remote web server is Enterprise 5.0.x prior to 5.0.14, 6.0.x prior to 6.0.10, 6.1.x prior to 6.1.9, 6.2.x prior to 6.2.5, or Light 6.2.x prior to 6.2.5. It is, therefore, affected by the following vulnerabilities in the bundled OpenSSL library :\n\n - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks.\n (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner 'EncryptedContent'. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code due to an infinite loop that occurs when verifying a signedData message. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1792)\n\n - A certificate validation bypass vulnerability exists due to a flaw in the X509_verify_cert() function in file x509_vfy.c, which occurs when locating alternate certificate chains whenever the first attempt to build such a chain fails. A remote attacker can exploit this, by using a valid leaf certificate as a certificate authority (CA), to issue invalid certificates that will bypass authentication. (CVE-2015-1793)\n\nAdditionally, a cross-site scripting vulnerability exists in Splunk Enterprise due to improper validation of user-supplied input before returning it to users. An attacker can exploit this, via a crafted request, to execute arbitrary script code.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-08-21T00:00:00", "type": "nessus", "title": "Splunk Enterprise < 5.0.14 / 6.0.10 / 6.1.9 / 6.2.5 or Splunk Light < 6.2.5 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-1793"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/a:splunk:splunk", "cpe:/a:openssl:openssl"], "id": "SPLUNK_625.NASL", "href": "https://www.tenable.com/plugins/nessus/85581", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85581);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-1793\"\n );\n script_bugtraq_id(\n 75154,\n 75156,\n 75157,\n 75158,\n 75161,\n 75652\n );\n\n script_name(english:\"Splunk Enterprise < 5.0.14 / 6.0.10 / 6.1.9 / 6.2.5 or Splunk Light < 6.2.5 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Splunk Enterprise and Light.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is running an application that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version number, the instance of Splunk hosted on the\nremote web server is Enterprise 5.0.x prior to 5.0.14, 6.0.x prior to\n6.0.10, 6.1.x prior to 6.1.9, 6.2.x prior to 6.2.5, or Light 6.2.x\nprior to 6.2.5. It is, therefore, affected by the following\nvulnerabilities in the bundled OpenSSL library :\n\n - A denial of service vulnerability exists when processing\n an ECParameters structure due to an infinite loop that\n occurs when a specified curve is over a malformed binary\n polynomial field. A remote attacker can exploit this to\n perform a denial of service against any system that\n processes public keys, certificate requests, or\n certificates. This includes TLS clients and TLS servers\n with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper\n validation of the content and length of the ASN1_TIME\n string by the X509_cmp_time() function. A remote\n attacker can exploit this, via a malformed certificate\n and CRLs of various sizes, to cause a segmentation\n fault, resulting in a denial of service condition. TLS\n clients that verify CRLs are affected. TLS clients and\n servers with client authentication enabled may be\n affected if they use custom verification callbacks.\n (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7\n parsing code due to incorrect handling of missing inner\n 'EncryptedContent'. This allows a remote attacker, via\n specially crafted ASN.1-encoded PKCS#7 blobs with\n missing content, to cause a denial of service condition\n or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that\n occurs when a NewSessionTicket is received by a\n multi-threaded client when attempting to reuse a\n previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code\n due to an infinite loop that occurs when verifying a\n signedData message. A remote attacker can exploit this\n to cause a denial of service condition. (CVE-2015-1792)\n\n - A certificate validation bypass vulnerability exists due\n to a flaw in the X509_verify_cert() function in file\n x509_vfy.c, which occurs when locating alternate\n certificate chains whenever the first attempt to build\n such a chain fails. A remote attacker can exploit this,\n by using a valid leaf certificate as a certificate\n authority (CA), to issue invalid certificates that will\n bypass authentication. (CVE-2015-1793)\n\nAdditionally, a cross-site scripting vulnerability exists in Splunk\nEnterprise due to improper validation of user-supplied input before\nreturning it to users. An attacker can exploit this, via a crafted\nrequest, to execute arbitrary script code.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.splunk.com/view/SP-CAAAN84\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20150611.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20150709.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Splunk Enterprise 5.0.14 / 6.0.10 / 6.1.9 / 6.2.5 or later,\nor Splunk Light 6.2.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:splunk:splunk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"splunkd_detect.nasl\", \"splunk_web_detect.nasl\");\n script_require_keys(\"installed_sw/Splunk\");\n script_require_ports(\"Services/www\", 8089, 8000);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\napp = \"Splunk\";\n\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:8000, embedded:TRUE);\n\ninstall = get_single_install(\n app_name : app,\n port : port,\n exit_if_unknown_ver : TRUE\n);\n\ndir = install['path'];\nver = install['version'];\nfix = FALSE;\n\ninstall_url = build_url(qs:dir, port:port);\n\nxss = FALSE;\n\n# 5.0.x < 5.0.14\nif (ver =~ \"^5\\.0($|[^0-9])\")\n{\n fix = '5.0.14';\n xss = TRUE;\n}\n# 6.0.x < 6.0.10\nelse if (ver =~ \"^6\\.0($|[^0-9])\")\n{\n fix = '6.0.10';\n xss = TRUE;\n}\n# 6.1.x < 6.1.9\nelse if (ver =~ \"^6\\.1($|[^0-9])\")\n fix = '6.1.9';\n\n# 6.2.x < 6.2.5\nelse if (ver =~ \"^6\\.2($|[^0-9])\")\n fix = '6.2.5';\n\n\nif (fix && ver_compare(ver:ver,fix:fix,strict:FALSE) < 0)\n{\n if (xss) set_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n\n if (report_verbosity > 0)\n {\n report =\n '\\n URL : ' + install_url +\n '\\n Installed version : ' + ver +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, ver);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:50:11", "description": "The remote host is running a version of OpenSSL which is potentially affected by the following vulnerabilities : \n\n - A use-after-free condition exists in the d2i_ECPrivateKey() function due to improper processing of malformed EC private key files during import. A remote attacker can exploit this to dereference or free already freed memory, resulting in a denial of service or other unspecified impact. (CVE-2015-0209)\n\n - An invalid read flaw exists in the ASN1_TYPE_cmp() function due to improperly performed boolean-type comparisons. A remote attacker can exploit this, via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature, to cause an invalid read operation, resulting in a denial of service. (CVE-2015-0286)\n\n - A flaw exists in the ASN1_item_ex_d2i() function due to a failure to reinitialize 'CHOICE' and 'ADB' data structures when reusing a structure in ASN.1 parsing. This allows a remote attacker to cause an invalid write operation and memory corruption, resulting in a denial of service. (CVE-2015-0287)\n\n - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing outer ContentInfo. This allows a remote attacker, using an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, to cause a denial of service. (CVE-2015-0288)\n\n - The PKCS#7 implementation does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding. (CVE-2015-0289)\n\n - A flaw exists in servers that both support SSLv2 and enable export cipher suites due to improper implementation of SSLv2. A remote attacker can exploit this, via a crafted CLIENT-MASTER-KEY message, to cause a denial of service. (CVE-2015-0293)", "cvss3": {}, "published": "2015-03-19T00:00:00", "type": "nessus", "title": "OpenSSL < 0.9.8zf / 1.0.0r / 1.0.1m / 1.0.2a Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0293"], "modified": "2015-03-19T00:00:00", "cpe": [], "id": "801937.PRM", "href": "https://www.tenable.com/plugins/lce/801937", "sourceData": "Binary data 801937.prm", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-18T15:20:11", "description": "OpenSSL before 0.9.8zf, 1.0.0r, or 1.0.1m are unpatched for the following vulnerabilities :\n\n - An invalid read flaw exists in the 'ASN1_TYPE_cmp()' function due to improperly performed boolean-type comparisons. A remote attacker can exploit this, via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature, to cause an invalid read operation, resulting in a denial of service. (CVE-2015-0286)\n\n - A flaw exists in the 'ASN1_item_ex_d2i()' function due to a failure to reinitialize 'CHOICE' and 'ADB' data structures when reusing a structure in ASN.1 parsing. This allows a remote attacker to cause an invalid write operation and memory corruption, resulting in a denial of service. (CVE-2015-0287)\n\n - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing outer 'ContentInfo'. This allows a remote attacker, using an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, to cause a denial of service. (CVE-2015-0289)\n\n - A flaw exists in servers that both support SSLv2 and enable export cipher suites due to improper implementation of SSLv2. A remote attacker can exploit this, via a crafted CLIENT-MASTER-KEY message, to cause a denial of service. (CVE-2015-0293)\n\n - A NULL pointer dereference flaw exists in the 'X509_to_X509_REQ()' function due to improper processing of certificate keys. This allows a remote attacker, via a crafted X.509 certificate, to cause a denial of service. (CVE-2015-0288)\n\n - A use-after-free condition exists in the 'd2i_ECPrivateKey() function due to improper processing of malformed EC private key files during import. A remote attacker can exploit this to dereference or free already freed memory, resulting in a denial of service or other unspecified impact. (CVE-2015-0209)", "cvss3": {}, "published": "2015-03-27T00:00:00", "type": "nessus", "title": "OpenSSL 0.9.8 < 0.9.8zf / 1.0.0 < 1.0.0r / 1.0.1 < 1.0.1m Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0293"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "8662.PRM", "href": "https://www.tenable.com/plugins/nnm/8662", "sourceData": "Binary data 8662.prm", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-01T14:38:55", "description": "A use-after-free flaw was found in the way OpenSSL importrf certain Elliptic Curve private keys. An attacker could use this flaw to crash OpenSSL, if a specially crafted certificate was imported.\n(CVE-2015-0209)\n\nA denial of service flaw was found in the way OpenSSL handled certain SSLv2 messages. A malicious client could send a specially crafted SSLv2 CLIENT-MASTER-KEY message that would cause an OpenSSL server that both supports SSLv2 and enables EXPORT-grade cipher suites to crash. (CVE-2015-0293)\n\nAn out-of-bounds write flaw was found in the way OpenSSL reused certain ASN.1 structures. A remote attacker could use a specially crafted ASN.1 structure that, when parsed by an application, would cause that application to crash. (CVE-2015-0287)\n\nA flaw was found in the the ASN (Abstract Syntax Notation) parsing code of OpenSSL. An attacker could present a specially crafted certificate, which when verified by an OpenSSL client or server could cause it to crash. (CVE-2015-0286)\n\nA NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 blobs. An attacker could cause OpenSSL to crash, when applications verify, decrypt or parsed these ASN.1 encoded PKCS#7 blobs. OpenSSL clients and servers are not affected. (CVE-2015-0289)\n\nA NULL pointer dereference flaw was found in OpenSSL's x509 certificate handling implementation. A remote attacker could use this flaw to crash an OpenSSL server using an invalid certificate key.\n(CVE-2015-0288)", "cvss3": {}, "published": "2015-03-25T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : openssl (ALAS-2015-498)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0293"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:openssl", "p-cpe:/a:amazon:linux:openssl-debuginfo", "p-cpe:/a:amazon:linux:openssl-devel", "p-cpe:/a:amazon:linux:openssl-perl", "p-cpe:/a:amazon:linux:openssl-static", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2015-498.NASL", "href": "https://www.tenable.com/plugins/nessus/82047", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-498.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82047);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2015-0209\", \"CVE-2015-0286\", \"CVE-2015-0287\", \"CVE-2015-0288\", \"CVE-2015-0289\", \"CVE-2015-0293\");\n script_xref(name:\"ALAS\", value:\"2015-498\");\n\n script_name(english:\"Amazon Linux AMI : openssl (ALAS-2015-498)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A use-after-free flaw was found in the way OpenSSL importrf certain\nElliptic Curve private keys. An attacker could use this flaw to crash\nOpenSSL, if a specially crafted certificate was imported.\n(CVE-2015-0209)\n\nA denial of service flaw was found in the way OpenSSL handled certain\nSSLv2 messages. A malicious client could send a specially crafted\nSSLv2 CLIENT-MASTER-KEY message that would cause an OpenSSL server\nthat both supports SSLv2 and enables EXPORT-grade cipher suites to\ncrash. (CVE-2015-0293)\n\nAn out-of-bounds write flaw was found in the way OpenSSL reused\ncertain ASN.1 structures. A remote attacker could use a specially\ncrafted ASN.1 structure that, when parsed by an application, would\ncause that application to crash. (CVE-2015-0287)\n\nA flaw was found in the the ASN (Abstract Syntax Notation) parsing\ncode of OpenSSL. An attacker could present a specially crafted\ncertificate, which when verified by an OpenSSL client or server could\ncause it to crash. (CVE-2015-0286)\n\nA NULL pointer dereference was found in the way OpenSSL handled\ncertain PKCS#7 blobs. An attacker could cause OpenSSL to crash, when\napplications verify, decrypt or parsed these ASN.1 encoded PKCS#7\nblobs. OpenSSL clients and servers are not affected. (CVE-2015-0289)\n\nA NULL pointer dereference flaw was found in OpenSSL's x509\ncertificate handling implementation. A remote attacker could use this\nflaw to crash an OpenSSL server using an invalid certificate key.\n(CVE-2015-0288)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-498.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update openssl' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"openssl-1.0.1k-1.84.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-debuginfo-1.0.1k-1.84.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-devel-1.0.1k-1.84.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-perl-1.0.1k-1.84.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-static-1.0.1k-1.84.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-01T14:40:05", "description": "New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.", "cvss3": {}, "published": "2015-04-22T00:00:00", "type": "nessus", "title": "Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : openssl (SSA:2015-111-09)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0293"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:openssl", "p-cpe:/a:slackware:slackware_linux:openssl-solibs", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:13.0", "cpe:/o:slackware:slackware_linux:13.1", "cpe:/o:slackware:slackware_linux:13.37", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1"], "id": "SLACKWARE_SSA_2015-111-09.NASL", "href": "https://www.tenable.com/plugins/nessus/82922", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2015-111-09. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82922);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-0209\", \"CVE-2015-0286\", \"CVE-2015-0287\", \"CVE-2015-0288\", \"CVE-2015-0289\", \"CVE-2015-0293\");\n script_xref(name:\"SSA\", value:\"2015-111-09\");\n\n script_name(english:\"Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : openssl (SSA:2015-111-09)\");\n script_summary(english:\"Checks for updated packages in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New openssl packages are available for Slackware 13.0, 13.1, 13.37,\n14.0, 14.1, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.756101\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?93541373\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl and / or openssl-solibs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:openssl-solibs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"13.0\", pkgname:\"openssl\", pkgver:\"0.9.8zf\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zf\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"0.9.8zf\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zf\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"openssl\", pkgver:\"0.9.8zf\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zf\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"0.9.8zf\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zf\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"openssl\", pkgver:\"0.9.8zf\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zf\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"0.9.8zf\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zf\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"14.0\", pkgname:\"openssl\", pkgver:\"1.0.1m\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1m\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"1.0.1m\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1m\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"openssl\", pkgver:\"1.0.1m\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1m\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"1.0.1m\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1m\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"openssl\", pkgver:\"1.0.1m\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1m\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"1.0.1m\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1m\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-02T14:18:49", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - update fix for CVE-2015-0287 to what was released upstream\n\n - fix CVE-2015-0209 - potential use after free in d2i_ECPrivateKey\n\n - fix CVE-2015-0286 - improper handling of ASN.1 boolean comparison\n\n - fix CVE-2015-0287 - ASN.1 structure reuse decoding memory corruption\n\n - fix CVE-2015-0289 - NULL dereference decoding invalid PKCS#7 data\n\n - fix CVE-2015-0292 - integer underflow in base64 decoder\n\n - fix CVE-2015-0293 - triggerable assert in SSLv2 server", "cvss3": {}, "published": "2015-03-25T00:00:00", "type": "nessus", "title": "OracleVM 3.3 : openssl (OVMSA-2015-0039)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0289", "CVE-2015-0292", "CVE-2015-0293"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:openssl", "cpe:/o:oracle:vm_server:3.3"], "id": "ORACLEVM_OVMSA-2015-0039.NASL", "href": "https://www.tenable.com/plugins/nessus/82066", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2015-0039.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82066);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-0209\", \"CVE-2015-0286\", \"CVE-2015-0287\", \"CVE-2015-0289\", \"CVE-2015-0292\", \"CVE-2015-0293\");\n script_bugtraq_id(73196, 73225, 73227, 73228, 73231, 73232, 73239);\n\n script_name(english:\"OracleVM 3.3 : openssl (OVMSA-2015-0039)\");\n script_summary(english:\"Checks the RPM output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - update fix for CVE-2015-0287 to what was released\n upstream\n\n - fix CVE-2015-0209 - potential use after free in\n d2i_ECPrivateKey\n\n - fix CVE-2015-0286 - improper handling of ASN.1 boolean\n comparison\n\n - fix CVE-2015-0287 - ASN.1 structure reuse decoding\n memory corruption\n\n - fix CVE-2015-0289 - NULL dereference decoding invalid\n PKCS#7 data\n\n - fix CVE-2015-0292 - integer underflow in base64 decoder\n\n - fix CVE-2015-0293 - triggerable assert in SSLv2 server\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2015-March/000291.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?58e10343\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"openssl-1.0.1e-30.el6_6.7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-03T15:11:13", "description": "Update to OpenSSL 1.0.2a which fixes various CVE's\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-05-04T00:00:00", "type": "nessus", "title": "Fedora 22 : mingw-openssl-1.0.2a-1.fc22 (2015-6951)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0293"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mingw-openssl", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2015-6951.NASL", "href": "https://www.tenable.com/plugins/nessus/83216", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-6951.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83216);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-0209\", \"CVE-2015-0286\", \"CVE-2015-0287\", \"CVE-2015-0288\", \"CVE-2015-0289\", \"CVE-2015-0293\");\n script_xref(name:\"FEDORA\", value:\"2015-6951\");\n\n script_name(english:\"Fedora 22 : mingw-openssl-1.0.2a-1.fc22 (2015-6951)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to OpenSSL 1.0.2a which fixes various CVE's\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1203855\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-May/156823.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?49165297\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"mingw-openssl-1.0.2a-1.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-openssl\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-02T14:21:00", "description": "Update to OpenSSL 1.0.2a which fixes various CVE's\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-05-05T00:00:00", "type": "nessus", "title": "Fedora 21 : mingw-openssl-1.0.2a-1.fc21 (2015-6855)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0293"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mingw-openssl", "cpe:/o:fedoraproject:fedora:21"], "id": "FEDORA_2015-6855.NASL", "href": "https://www.tenable.com/plugins/nessus/83238", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-6855.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83238);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-0209\", \"CVE-2015-0286\", \"CVE-2015-0287\", \"CVE-2015-0288\", \"CVE-2015-0289\", \"CVE-2015-0293\");\n script_xref(name:\"FEDORA\", value:\"2015-6855\");\n\n script_name(english:\"Fedora 21 : mingw-openssl-1.0.2a-1.fc21 (2015-6855)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to OpenSSL 1.0.2a which fixes various CVE's\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1203855\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-May/157177.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?520fec37\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"mingw-openssl-1.0.2a-1.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-openssl\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-02T14:20:26", "description": "OpenSSL was updated to fix various security issues.\n\nFollowing security issues were fixed :\n\n - CVE-2015-0209: A Use After Free following d2i_ECPrivatekey error was fixed which could lead to crashes for attacker supplied Elliptic Curve keys. This could be exploited over SSL connections with client supplied keys.\n\n - CVE-2015-0286: A segmentation fault in ASN1_TYPE_cmp was fixed that could be exploited by attackers when e.g.\n client authentication is used. This could be exploited over SSL connections.\n\n - CVE-2015-0287: A ASN.1 structure reuse memory corruption was fixed. This problem can not be exploited over regular SSL connections, only if specific client programs use specific ASN.1 routines.\n\n - CVE-2015-0288: A X509_to_X509_REQ NULL pointer dereference was fixed, which could lead to crashes. This function is not commonly used, and not reachable over SSL methods.\n\n - CVE-2015-0289: Several PKCS7 NULL pointer dereferences were fixed, which could lead to crashes of programs using the PKCS7 APIs. The SSL apis do not use those by default.\n\n - CVE-2015-0293: Denial of service via reachable assert in SSLv2 servers, could be used by remote attackers to terminate the server process. Note that this requires SSLv2 being allowed, which is not the default.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-05-20T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2015:0541-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0293"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libopenssl1_0_0", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac", "p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:openssl-debuginfo", "p-cpe:/a:novell:suse_linux:openssl-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2015-0541-1.NASL", "href": "https://www.tenable.com/plugins/nessus/83703", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:0541-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83703);\n script_version(\"2.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-0209\", \"CVE-2015-0286\", \"CVE-2015-0287\", \"CVE-2015-0288\", \"CVE-2015-0289\", \"CVE-2015-0293\");\n script_bugtraq_id(73196, 73225, 73227, 73231, 73232, 73237, 73239);\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2015:0541-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"OpenSSL was updated to fix various security issues.\n\nFollowing security issues were fixed :\n\n - CVE-2015-0209: A Use After Free following\n d2i_ECPrivatekey error was fixed which could lead to\n crashes for attacker supplied Elliptic Curve keys. This\n could be exploited over SSL connections with client\n supplied keys.\n\n - CVE-2015-0286: A segmentation fault in ASN1_TYPE_cmp was\n fixed that could be exploited by attackers when e.g.\n client authentication is used. This could be exploited\n over SSL connections.\n\n - CVE-2015-0287: A ASN.1 structure reuse memory corruption\n was fixed. This problem can not be exploited over\n regular SSL connections, only if specific client\n programs use specific ASN.1 routines.\n\n - CVE-2015-0288: A X509_to_X509_REQ NULL pointer\n dereference was fixed, which could lead to crashes. This\n function is not commonly used, and not reachable over\n SSL methods.\n\n - CVE-2015-0289: Several PKCS7 NULL pointer dereferences\n were fixed, which could lead to crashes of programs\n using the PKCS7 APIs. The SSL apis do not use those by\n default.\n\n - CVE-2015-0293: Denial of service via reachable assert in\n SSLv2 servers, could be used by remote attackers to\n terminate the server process. Note that this requires\n SSLv2 being allowed, which is not the default.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=919648\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=920236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=922488\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=922496\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=922499\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=922500\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-0209/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-0286/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-0287/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-0288/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-0289/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-0293/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20150541-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ce7c4e1f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2015-133=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2015-133=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2015-133=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-1.0.1i-20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-debuginfo-1.0.1i-20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-hmac-1.0.1i-20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssl-1.0.1i-20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssl-debuginfo-1.0.1i-20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssl-debugsource-1.0.1i-20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-32bit-1.0.1i-20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1i-20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.1i-20.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-1.0.1i-20.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.1i-20.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-1.0.1i-20.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1i-20.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"openssl-1.0.1i-20.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"openssl-debuginfo-1.0.1i-20.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"openssl-debugsource-1.0.1i-20.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-03T15:08:38", "description": "OpenSSL was updated to fix various security issues.\n\nFollowing security issues were fixed :\n\n - CVE-2015-0209: A Use After Free following d2i_ECPrivatekey error was fixed which could lead to crashes for attacker supplied Elliptic Curve keys. This could be exploited over SSL connections with client supplied keys.\n\n - CVE-2015-0286: A segmentation fault in ASN1_TYPE_cmp was fixed that could be exploited by attackers when e.g.\n client authentication is used. This could be exploited over SSL connections.\n\n - CVE-2015-0287: A ASN.1 structure reuse memory corruption was fixed. This problem can not be exploited over regular SSL connections, only if specific client programs use specific ASN.1 routines.\n\n - CVE-2015-0288: A X509_to_X509_REQ NULL pointer dereference was fixed, which could lead to crashes. This function is not commonly used, and not reachable over SSL methods.\n\n - CVE-2015-0289: Several PKCS7 NULL pointer dereferences were fixed, which could lead to crashes of programs using the PKCS7 APIs. The SSL apis do not use those by default.\n\n - CVE-2015-0293: Denial of service via reachable assert in SSLv2 servers, could be used by remote attackers to terminate the server process. Note that this requires SSLv2 being allowed, which is not the default.", "cvss3": {}, "published": "2015-03-23T00:00:00", "type": "nessus", "title": "openSUSE Security Update : openssl (openSUSE-2015-247)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0293"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libopenssl-devel", "p-cpe:/a:novell:opensuse:libopenssl-devel-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac-32bit", "p-cpe:/a:novell:opensuse:openssl", "p-cpe:/a:novell:opensuse:openssl-debuginfo", "p-cpe:/a:novell:opensuse:openssl-debugsource", "cpe:/o:novell:opensuse:13.1", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2015-247.NASL", "href": "https://www.tenable.com/plugins/nessus/81995", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-247.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81995);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-0209\", \"CVE-2015-0286\", \"CVE-2015-0287\", \"CVE-2015-0288\", \"CVE-2015-0289\", \"CVE-2015-0293\");\n\n script_name(english:\"openSUSE Security Update : openssl (openSUSE-2015-247)\");\n script_summary(english:\"Check for the openSUSE-2015-247 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"OpenSSL was updated to fix various security issues.\n\nFollowing security issues were fixed :\n\n - CVE-2015-0209: A Use After Free following\n d2i_ECPrivatekey error was fixed which could lead to\n crashes for attacker supplied Elliptic Curve keys. This\n could be exploited over SSL connections with client\n supplied keys.\n\n - CVE-2015-0286: A segmentation fault in ASN1_TYPE_cmp was\n fixed that could be exploited by attackers when e.g.\n client authentication is used. This could be exploited\n over SSL connections.\n\n - CVE-2015-0287: A ASN.1 structure reuse memory corruption\n was fixed. This problem can not be exploited over\n regular SSL connections, only if specific client\n programs use specific ASN.1 routines.\n\n - CVE-2015-0288: A X509_to_X509_REQ NULL pointer\n dereference was fixed, which could lead to crashes. This\n function is not commonly used, and not reachable over\n SSL methods.\n\n - CVE-2015-0289: Several PKCS7 NULL pointer dereferences\n were fixed, which could lead to crashes of programs\n using the PKCS7 APIs. The SSL apis do not use those by\n default.\n\n - CVE-2015-0293: Denial of service via reachable assert in\n SSLv2 servers, could be used by remote attackers to\n terminate the server process. Note that this requires\n SSLv2 being allowed, which is not the default.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=919648\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=920236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=922488\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=922496\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=922499\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=922500\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libopenssl-devel-1.0.1k-11.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libopenssl1_0_0-1.0.1k-11.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libopenssl1_0_0-debuginfo-1.0.1k-11.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openssl-1.0.1k-11.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openssl-debuginfo-1.0.1k-11.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openssl-debugsource-1.0.1k-11.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libopenssl-devel-32bit-1.0.1k-11.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.1k-11.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1k-11.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libopenssl-devel-1.0.1k-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libopenssl1_0_0-1.0.1k-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libopenssl1_0_0-debuginfo-1.0.1k-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libopenssl1_0_0-hmac-1.0.1k-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"openssl-1.0.1k-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"openssl-debuginfo-1.0.1k-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"openssl-debugsource-1.0.1k-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libopenssl-devel-32bit-1.0.1k-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.1k-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1k-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.1k-2.20.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenssl-devel / libopenssl-devel-32bit / libopenssl1_0_0 / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:58:03", "description": "Updated openssl packages that fix several security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength general purpose cryptography library. Datagram TLS (DTLS) is a protocol based on TLS that is capable of securing datagram transport (for example, UDP).\n\nMultiple denial of service flaws were discovered in OpenSSL's DTLS implementation. A remote attacker could use these flaws to cause a DTLS server to use excessive amounts of memory, or crash on an invalid memory access or NULL pointer dereference. (CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, CVE-2009-1386, CVE-2009-1387)\n\nNote: These flaws only affect applications that use DTLS. Red Hat does not ship any DTLS client or server applications in Red Hat Enterprise Linux.\n\nAn input validation flaw was found in the handling of the BMPString and UniversalString ASN1 string types in OpenSSL's ASN1_STRING_print_ex() function. An attacker could use this flaw to create a specially crafted X.509 certificate that could cause applications using the affected function to crash when printing certificate contents. (CVE-2009-0590)\n\nNote: The affected function is rarely used. No application shipped with Red Hat Enterprise Linux calls this function, for example.\n\nThese updated packages also fix the following bugs :\n\n* 'openssl smime -verify -in' verifies the signature of the input file and the '-verify' switch expects a signed or encrypted input file.\nPreviously, running openssl on an S/MIME file that was not encrypted or signed caused openssl to segfault. With this update, the input file is now checked for a signature or encryption. Consequently, openssl now returns an error and quits when attempting to verify an unencrypted or unsigned S/MIME file. (BZ#472440)\n\n* when generating RSA keys, pairwise tests were called even in non-FIPS mode. This prevented small keys from being generated. With this update, generating keys in non-FIPS mode no longer calls the pairwise tests and keys as small as 32-bits can be generated in this mode. Note: In FIPS mode, pairwise tests are still called and keys generated in this mode must still be 1024-bits or larger. (BZ#479817)\n\nAs well, these updated packages add the following enhancements :\n\n* both the libcrypto and libssl shared libraries, which are part of the OpenSSL FIPS module, are now checked for integrity on initialization of FIPS mode. (BZ#475798)\n\n* an issuing Certificate Authority (CA) allows multiple certificate templates to inherit the CA's Common Name (CN). Because this CN is used as a unique identifier, each template had to have its own Certificate Revocation List (CRL). With this update, multiple CRLs with the same subject name can now be stored in a X509_STORE structure, with their signature field being used to distinguish between them. (BZ#457134)\n\n* the fipscheck library is no longer needed for rebuilding the openssl source RPM. (BZ#475798)\n\nOpenSSL users should upgrade to these updated packages, which resolve these issues and add these enhancements.", "cvss3": {}, "published": "2010-01-06T00:00:00", "type": "nessus", "title": "CentOS 5 : openssl (CESA-2009:1335)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-7250", "CVE-2009-0590", "CVE-2009-1377", "CVE-2009-1378", "CVE-2009-1379", "CVE-2009-1386", "CVE-2009-1387"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:openssl", "p-cpe:/a:centos:centos:openssl-devel", "p-cpe:/a:centos:centos:openssl-perl", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2009-1335.NASL", "href": "https://www.tenable.com/plugins/nessus/43785", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1335 and \n# CentOS Errata and Security Advisory 2009:1335 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43785);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2006-7250\", \"CVE-2009-0590\", \"CVE-2009-1377\", \"CVE-2009-1378\", \"CVE-2009-1379\", \"CVE-2009-1386\", \"CVE-2009-1387\");\n script_bugtraq_id(34256, 35001, 35138, 35174, 35417);\n script_xref(name:\"RHSA\", value:\"2009:1335\");\n\n script_name(english:\"CentOS 5 : openssl (CESA-2009:1335)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssl packages that fix several security issues, various\nbugs, and add enhancements are now available for Red Hat Enterprise\nLinux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength general purpose cryptography library. Datagram TLS\n(DTLS) is a protocol based on TLS that is capable of securing datagram\ntransport (for example, UDP).\n\nMultiple denial of service flaws were discovered in OpenSSL's DTLS\nimplementation. A remote attacker could use these flaws to cause a\nDTLS server to use excessive amounts of memory, or crash on an invalid\nmemory access or NULL pointer dereference. (CVE-2009-1377,\nCVE-2009-1378, CVE-2009-1379, CVE-2009-1386, CVE-2009-1387)\n\nNote: These flaws only affect applications that use DTLS. Red Hat does\nnot ship any DTLS client or server applications in Red Hat Enterprise\nLinux.\n\nAn input validation flaw was found in the handling of the BMPString\nand UniversalString ASN1 string types in OpenSSL's\nASN1_STRING_print_ex() function. An attacker could use this flaw to\ncreate a specially crafted X.509 certificate that could cause\napplications using the affected function to crash when printing\ncertificate contents. (CVE-2009-0590)\n\nNote: The affected function is rarely used. No application shipped\nwith Red Hat Enterprise Linux calls this function, for example.\n\nThese updated packages also fix the following bugs :\n\n* 'openssl smime -verify -in' verifies the signature of the input file\nand the '-verify' switch expects a signed or encrypted input file.\nPreviously, running openssl on an S/MIME file that was not encrypted\nor signed caused openssl to segfault. With this update, the input file\nis now checked for a signature or encryption. Consequently, openssl\nnow returns an error and quits when attempting to verify an\nunencrypted or unsigned S/MIME file. (BZ#472440)\n\n* when generating RSA keys, pairwise tests were called even in\nnon-FIPS mode. This prevented small keys from being generated. With\nthis update, generating keys in non-FIPS mode no longer calls the\npairwise tests and keys as small as 32-bits can be generated in this\nmode. Note: In FIPS mode, pairwise tests are still called and keys\ngenerated in this mode must still be 1024-bits or larger. (BZ#479817)\n\nAs well, these updated packages add the following enhancements :\n\n* both the libcrypto and libssl shared libraries, which are part of\nthe OpenSSL FIPS module, are now checked for integrity on\ninitialization of FIPS mode. (BZ#475798)\n\n* an issuing Certificate Authority (CA) allows multiple certificate\ntemplates to inherit the CA's Common Name (CN). Because this CN is\nused as a unique identifier, each template had to have its own\nCertificate Revocation List (CRL). With this update, multiple CRLs\nwith the same subject name can now be stored in a X509_STORE\nstructure, with their signature field being used to distinguish\nbetween them. (BZ#457134)\n\n* the fipscheck library is no longer needed for rebuilding the openssl\nsource RPM. (BZ#475798)\n\nOpenSSL users should upgrade to these updated packages, which resolve\nthese issues and add these enhancements.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-September/016149.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a71cf3e7\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-September/016150.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f6d90fe2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"openssl-0.9.8e-12.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openssl-devel-0.9.8e-12.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openssl-perl-0.9.8e-12.el5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-perl\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:38:08", "description": "Updated openssl packages that fix several security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength general purpose cryptography library. Datagram TLS (DTLS) is a protocol based on TLS that is capable of securing datagram transport (for example, UDP).\n\nMultiple denial of service flaws were discovered in OpenSSL's DTLS implementation. A remote attacker could use these flaws to cause a DTLS server to use excessive amounts of memory, or crash on an invalid memory access or NULL pointer dereference. (CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, CVE-2009-1386, CVE-2009-1387)\n\nNote: These flaws only affect applications that use DTLS. Red Hat does not ship any DTLS client or server applications in Red Hat Enterprise Linux.\n\nAn input validation flaw was found in the handling of the BMPString and UniversalString ASN1 string types in OpenSSL's ASN1_STRING_print_ex() function. An attacker could use this flaw to create a specially crafted X.509 certificate that could cause applications using the affected function to crash when printing certificate contents. (CVE-2009-0590)\n\nNote: The affected function is rarely used. No application shipped with Red Hat Enterprise Linux calls this function, for example.\n\nThese updated packages also fix the following bugs :\n\n* 'openssl smime -verify -in' verifies the signature of the input file and the '-verify' switch expects a signed or encrypted input file.\nPreviously, running openssl on an S/MIME file that was not encrypted or signed caused openssl to segfault. With this update, the input file is now checked for a signature or encryption. Consequently, openssl now returns an error and quits when attempting to verify an unencrypted or unsigned S/MIME file. (BZ#472440)\n\n* when generating RSA keys, pairwise tests were called even in non-FIPS mode. This prevented small keys from being generated. With this update, generating keys in non-FIPS mode no longer calls the pairwise tests and keys as small as 32-bits can be generated in this mode. Note: In FIPS mode, pairwise tests are still called and keys generated in this mode must still be 1024-bits or larger. (BZ#479817)\n\nAs well, these updated packages add the following enhancements :\n\n* both the libcrypto and libssl shared libraries, which are part of the OpenSSL FIPS module, are now checked for integrity on initialization of FIPS mode. (BZ#475798)\n\n* an issuing Certificate Authority (CA) allows multiple certificate templates to inherit the CA's Common Name (CN). Because this CN is used as a unique identifier, each template had to have its own Certificate Revocation List (CRL). With this update, multiple CRLs with the same subject name can now be stored in a X509_STORE structure, with their signature field being used to distinguish between them. (BZ#457134)\n\n* the fipscheck library is no longer needed for rebuilding the openssl source RPM. (BZ#475798)\n\nOpenSSL users should upgrade to these updated packages, which resolve these issues and add these enhancements.", "cvss3": {}, "published": "2013-01-24T00:00:00", "type": "nessus", "title": "RHEL 5 : openssl (RHSA-2009:1335)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-7250", "CVE-2009-0590", "CVE-2009-1377", "CVE-2009-1378", "CVE-2009-1379", "CVE-2009-1386", "CVE-2009-1387"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:openssl", "p-cpe:/a:redhat:enterprise_linux:openssl-devel", "p-cpe:/a:redhat:enterprise_linux:openssl-perl", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2009-1335.NASL", "href": "https://www.tenable.com/plugins/nessus/63892", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1335. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63892);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-7250\", \"CVE-2009-0590\", \"CVE-2009-1377\", \"CVE-2009-1378\", \"CVE-2009-1379\", \"CVE-2009-1386\", \"CVE-2009-1387\");\n script_bugtraq_id(34256, 35001, 35138, 35174, 35417);\n script_xref(name:\"RHSA\", value:\"2009:1335\");\n\n script_name(english:\"RHEL 5 : openssl (RHSA-2009:1335)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssl packages that fix several security issues, various\nbugs, and add enhancements are now available for Red Hat Enterprise\nLinux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength general purpose cryptography library. Datagram TLS\n(DTLS) is a protocol based on TLS that is capable of securing datagram\ntransport (for example, UDP).\n\nMultiple denial of service flaws were discovered in OpenSSL's DTLS\nimplementation. A remote attacker could use these flaws to cause a\nDTLS server to use excessive amounts of memory, or crash on an invalid\nmemory access or NULL pointer dereference. (CVE-2009-1377,\nCVE-2009-1378, CVE-2009-1379, CVE-2009-1386, CVE-2009-1387)\n\nNote: These flaws only affect applications that use DTLS. Red Hat does\nnot ship any DTLS client or server applications in Red Hat Enterprise\nLinux.\n\nAn input validation flaw was found in the handling of the BMPString\nand UniversalString ASN1 string types in OpenSSL's\nASN1_STRING_print_ex() function. An attacker could use this flaw to\ncreate a specially crafted X.509 certificate that could cause\napplications using the affected function to crash when printing\ncertificate contents. (CVE-2009-0590)\n\nNote: The affected function is rarely used. No application shipped\nwith Red Hat Enterprise Linux calls this function, for example.\n\nThese updated packages also fix the following bugs :\n\n* 'openssl smime -verify -in' verifies the signature of the input file\nand the '-verify' switch expects a signed or encrypted input file.\nPreviously, running openssl on an S/MIME file that was not encrypted\nor signed caused openssl to segfault. With this update, the input file\nis now checked for a signature or encryption. Consequently, openssl\nnow returns an error and quits when attempting to verify an\nunencrypted or unsigned S/MIME file. (BZ#472440)\n\n* when generating RSA keys, pairwise tests were called even in\nnon-FIPS mode. This prevented small keys from being generated. With\nthis update, generating keys in non-FIPS mode no longer calls the\npairwise tests and keys as small as 32-bits can be generated in this\nmode. Note: In FIPS mode, pairwise tests are still called and keys\ngenerated in this mode must still be 1024-bits or larger. (BZ#479817)\n\nAs well, these updated packages add the following enhancements :\n\n* both the libcrypto and libssl shared libraries, which are part of\nthe OpenSSL FIPS module, are now checked for integrity on\ninitialization of FIPS mode. (BZ#475798)\n\n* an issuing Certificate Authority (CA) allows multiple certificate\ntemplates to inherit the CA's Common Name (CN). Because this CN is\nused as a unique identifier, each template had to have its own\nCertificate Revocation List (CRL). With this update, multiple CRLs\nwith the same subject name can now be stored in a X509_STORE\nstructure, with their signature field being used to distinguish\nbetween them. (BZ#457134)\n\n* the fipscheck library is no longer needed for rebuilding the openssl\nsource RPM. (BZ#475798)\n\nOpenSSL users should upgrade to these updated packages, which resolve\nthese issues and add these enhancements.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-7250\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0590\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1377\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1378\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1379\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1386\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1387\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1335\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected openssl, openssl-devel and / or openssl-perl\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1335\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"openssl-0.9.8e-12.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"openssl-devel-0.9.8e-12.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"openssl-perl-0.9.8e-12.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"openssl-perl-0.9.8e-12.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"openssl-perl-0.9.8e-12.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-perl\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-28T14:37:55", "description": "According to its self-reported version number, the Puppet Enterprise application running on the remote host is 3.x prior to 3.8.1. It is, therefore, affected by the following vulnerabilities :\n\n - An XML external entity injection (XXE) flaw exists in the Apache ActiveMQ component due to a faulty configuration that allows an XML parser to accept XML external entities from untrusted sources. A remote attacker, by sending crafted XML data, can exploit this to disclose arbitrary files. (CVE-2014-3600)\n\n - An authentication bypass vulnerability exists in the Apache ActiveMQ component due to a flaw in the LDAPLoginModule implementation. A remote attacker can exploit this to bypass authentication mechanisms.\n (CVE-2014-3612)\n\n - Multiple cross-site scripting vulnerabilities exist in the administrative console of Apache ActiveMQ that allow a remote attacker to inject arbitrary HTML or web scripts. (CVE-2014-8110)\n\n - An invalid free memory error exists due to improper validation of user-supplied input when a DTLS peer receives application data between ChangeCipherSpec and Finished messages. A remote attacker can exploit this to corrupt memory, resulting in a denial of service or the execution of arbitrary code. (CVE-2014-8176)\n\n - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks.\n (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner 'EncryptedContent'. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code due to an infinite loop that occurs when verifying a signedData message. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1792)\n\n - A double-free memory flaw exists in PostgreSQL due to a timeout interrupt occurring partway in the session shutdown sequence. A remote attacker, by closing an SSL session when the authentication timeout expires, can exploit this flaw to cause a denial of service.\n (CVE-2015-3165)\n\n - An out-of-memory condition exists in the printf() functions in PostgreSQL due to a failure to check for errors. A remote attacker can exploit this to access sensitive information. (CVE-2015-3166)\n\n - A flaw exists in contrib/pgcrypto in PostgreSQL due to cases of decryption reporting other error message texts, which a remote attacker can use to recover keys from other systems. (CVE-2015-3167)\n\n - A man-in-the-middle vulnerability, known as Logjam, exists due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-07-23T00:00:00", "type": "nessus", "title": "Puppet Enterprise 3.x < 3.8.1 Multiple Vulnerabilities (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3600", "CVE-2014-3612", "CVE-2014-8110", "CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3165", "CVE-2015-3166", "CVE-2015-3167", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:puppetlabs:puppet"], "id": "PUPPET_ENTERPRISE_ACTIVEMQ_PSQL_SSL.NASL", "href": "https://www.tenable.com/plugins/nessus/84960", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84960);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2014-3600\",\n \"CVE-2014-3612\",\n \"CVE-2014-8110\",\n \"CVE-2014-8176\",\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-3165\",\n \"CVE-2015-3166\",\n \"CVE-2015-3167\",\n \"CVE-2015-4000\"\n );\n script_bugtraq_id(\n 72510,\n 72511,\n 72513,\n 74733,\n 74787,\n 74789,\n 74790,\n 75154,\n 75156,\n 75157,\n 75158,\n 75159,\n 75161\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"Puppet Enterprise 3.x < 3.8.1 Multiple Vulnerabilities (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web application on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Puppet Enterprise\napplication running on the remote host is 3.x prior to 3.8.1. It is,\ntherefore, affected by the following vulnerabilities :\n\n - An XML external entity injection (XXE) flaw exists in\n the Apache ActiveMQ component due to a faulty\n configuration that allows an XML parser to accept XML\n external entities from untrusted sources. A remote\n attacker, by sending crafted XML data, can exploit this\n to disclose arbitrary files. (CVE-2014-3600)\n\n - An authentication bypass vulnerability exists in the\n Apache ActiveMQ component due to a flaw in the\n LDAPLoginModule implementation. A remote attacker can\n exploit this to bypass authentication mechanisms.\n (CVE-2014-3612)\n\n - Multiple cross-site scripting vulnerabilities exist in\n the administrative console of Apache ActiveMQ that allow\n a remote attacker to inject arbitrary HTML or web\n scripts. (CVE-2014-8110)\n\n - An invalid free memory error exists due to improper\n validation of user-supplied input when a DTLS peer\n receives application data between ChangeCipherSpec and\n Finished messages. A remote attacker can exploit this to\n corrupt memory, resulting in a denial of service or\n the execution of arbitrary code. (CVE-2014-8176)\n\n - A denial of service vulnerability exists when processing\n an ECParameters structure due to an infinite loop that\n occurs when a specified curve is over a malformed binary\n polynomial field. A remote attacker can exploit this to\n perform a denial of service against any system that\n processes public keys, certificate requests, or\n certificates. This includes TLS clients and TLS servers\n with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper\n validation of the content and length of the ASN1_TIME\n string by the X509_cmp_time() function. A remote\n attacker can exploit this, via a malformed certificate\n and CRLs of various sizes, to cause a segmentation\n fault, resulting in a denial of service condition. TLS\n clients that verify CRLs are affected. TLS clients and\n servers with client authentication enabled may be\n affected if they use custom verification callbacks.\n (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7\n parsing code due to incorrect handling of missing inner\n 'EncryptedContent'. This allows a remote attacker, via\n specially crafted ASN.1-encoded PKCS#7 blobs with\n missing content, to cause a denial of service condition\n or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that\n occurs when a NewSessionTicket is received by a\n multi-threaded client when attempting to reuse a\n previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code\n due to an infinite loop that occurs when verifying a\n signedData message. A remote attacker can exploit this\n to cause a denial of service condition. (CVE-2015-1792)\n\n - A double-free memory flaw exists in PostgreSQL due to\n a timeout interrupt occurring partway in the session\n shutdown sequence. A remote attacker, by closing\n an SSL session when the authentication timeout expires,\n can exploit this flaw to cause a denial of service.\n (CVE-2015-3165)\n\n - An out-of-memory condition exists in the printf()\n functions in PostgreSQL due to a failure to check for\n errors. A remote attacker can exploit this to access\n sensitive information. (CVE-2015-3166)\n\n - A flaw exists in contrib/pgcrypto in PostgreSQL due\n to cases of decryption reporting other error message\n texts, which a remote attacker can use to recover\n keys from other systems. (CVE-2015-3167)\n\n - A man-in-the-middle vulnerability, known as Logjam,\n exists due to a flaw in the SSL/TLS protocol. A remote\n attacker can exploit this flaw to downgrade connections\n using ephemeral Diffie-Hellman key exchange to 512-bit\n export-grade cryptography. (CVE-2015-4000)\");\n # https://puppet.com/security/cve/activemq-february-2015-vulnerability-fix\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f903b0fa\");\n # https://puppet.com/security/cve/postgresql-may-2015-vulnerability-fix\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?50c9bedd\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.postgresql.org/about/news/1587/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://puppet.com/security/cve/CVE-2015-4000\");\n script_set_attribute(attribute:\"see_also\", value:\"https://puppet.com/security/cve/openssl-june-2015-vulnerability-fix\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20150611.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://weakdh.org/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Puppet Enterprise version 3.8.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-3166\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/02/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:puppetlabs:puppet\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"puppet_rest_detect.nasl\");\n script_require_keys(\"puppet/rest_port\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\napp_name = \"Puppet Enterprise\";\n\nport = get_kb_item_or_exit('puppet/rest_port');\nver = get_kb_item_or_exit('puppet/' + port + '/version');\n\nif ('Enterprise' >< ver)\n{\n # convert something like\n # 2.7.19 (Puppet Enterprise 2.7.0)\n # to\n # 2.7.0\n match = eregmatch(string:ver, pattern:\"Enterprise ([0-9.]+)\\)\");\n if (isnull(match)) audit(AUDIT_UNKNOWN_WEB_APP_VER, app_name, build_url(port:port));\n ver = match[1];\n}\nelse audit(AUDIT_WEB_APP_NOT_INST, app_name, port);\n\nif (\n ver =~ \"^3\\.[0-7]($|[^0-9])\" ||\n ver =~ \"^3\\.8\\.0($|[^0-9])\"\n)\n{\n set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Installed version : Puppet Enterprise ' + ver +\n '\\n Fixed version : Puppet Enterprise 3.8.1\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, app_name, build_url(port:port), ver);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ibm": [{"lastseen": "2023-02-21T05:52:07", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. This includes Logjam Attack on TLS connections using the Diffie-Hellman (DH) key exchange protocol (CVE-2015-4000). OpenSSL is used by IBM InfoSphere Guardium. IBM InfoSphere Guardium has addressed the applicable CVEs\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-4000_](<https://vulners.com/cve/CVE-2015-4000>)** \nDESCRIPTION:** The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHE_EXPORT ciphersuite choice. An attacker could exploit this vulnerability using man-in-the-middle techniques to force a downgrade to 512-bit export-grade cipher. Successful exploitation could allow an attacker to recover the session key as well as modify the contents of the traffic. This vulnerability is commonly referred to as \"Logjam\". \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103294_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103294>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n \n**CVEID:** [CVE-2014-8176](<https://vulners.com/cve/CVE-2014-8176>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by an invalid free error when application data between the ChangeCipherSpec and Finished messages is received by the DTLS peer. An attacker could exploit this vulnerability to trigger a segmentation fault or possibly corrupt memory and execute arbitrary \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103782_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103782>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P) \n\n**CVEID:** [CVE-2015-1789](<https://vulners.com/cve/CVE-2015-1789>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in X509_cmp_time. An attacker could exploit this vulnerability using a specially crafted certificate or CRL to trigger a segmentation fault. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103779_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103779>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [CVE-2015-1790](<https://vulners.com/cve/CVE-2015-1790>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by the improper handling of missing inner EncryptedContent by the PKCS#7 parsing code. An attacker could exploit this vulnerability using specially crafted ASN.1-encoded PKCS#7 blobs with missing content to trigger a NULL pointer dereference. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103780_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103780>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [CVE-2015-1791](<https://vulners.com/cve/CVE-2015-1791>) \n**DESCRIPTION:** A double-free memory error in OpenSSL in the ssl3_get_new_session_ticket() function has an unknown impact. By returning a specially crafted NewSessionTicket message, an attacker could cause the client to reuse a previous ticket resulting in a race condition. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103609_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103609>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [CVE-2015-1792](<https://vulners.com/cve/CVE-2015-1792>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when verifying a signedData message. An attacker could exploit this vulnerability using an unknown hash function OID to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103781_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103781>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\n8.2, 9x\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nIBM InfoSphere Guardium _ _| _8.2 _| _PSIRT 57680_| [http://www.ibm.com/support/fixcentral/swg/quickorder?product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_8.2p6014_SecurityUpdate&includeSupersedes=0&source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_8.2p6014_SecurityUpdate&includeSupersedes=0&source=fc>) \nIBM InfoSphere Guardium| _9.x_| _PSIRT 57680_| [http://www.ibm.com/support/fixcentral/swg/quickorder?product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_9.0p6014_SecurityUpdate&includeSupersedes=0&source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_9.0p6014_SecurityUpdate&includeSupersedes=0&source=fc>) \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-16T21:26:56", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect IBM InfoSphere Guardium", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-4000"], "modified": "2018-06-16T21:26:56", "id": "ADF65B4A474E1421F71559C3F519C310FC36B59F7BDDCDE5839099E428CDBDB6", "href": "https://www.ibm.com/support/pages/node/533669", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-13T05:37:53", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed in June 2015 by the OpenSSL Project. OpenSSL is used by IBM SONAS. IBM SONAS has addressed the applicable CVEs.\n\n## Vulnerability Details\n\nOpenSSL is used in IBM SONAS for providing communication security by encrypting data being transmitted. \n** ** \n \n**CVEID:** [CVE-2014-8176](<https://vulners.com/cve/CVE-2014-8176>) \n \n**DESCRIPTION: **OpenSSL could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an error in handling internal data. An attacker could exploit this vulnerability to execute arbitrary code on the system. \n \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/103782> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P) \n \n \n**CVEID: **[CVE-2015-1789](<https://vulners.com/cve/CVE-2015-1789>) \n \n**DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by an error in one of its functions. An attacker could exploit this vulnerability using a specially crafted certificate or CRL to trigger a segmentation fault. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/103779> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n \n**CVEID: **[CVE-2015-1790](<https://vulners.com/cve/CVE-2015-1790>) \n \n**DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by an error in its parsing code. An attacker could exploit this vulnerability using specially crafted content to trigger a NULL pointer dereference. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/103780> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n \n**CVEID: **[CVE-2015-1791](<https://vulners.com/cve/CVE-2015-1791>) \n \n**DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by an error in one of its functions. By sending a specially crafted message, an attacker could produce a race condition. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/103609> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n \n**CVEID: **[CVE-2015-1792](<https://vulners.com/cve/CVE-2015-1792>) \n \n**DESCRIPTION: **OpenSSL is vulnerable to a denial of service. An attacker could exploit this vulnerability using specially crafted data to cause the application to enter into an infinite loop. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/103781> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nIBM SONAS \nThe product is affected when running a code releases 1.5.0.0 to 1.5.2.1\n\n## Remediation/Fixes\n\nA fix for these issues is in version 1.5.2.2 of IBM SONAS. Customers running an affected version of SONAS should upgrade to 1.5.2.2 or a later version, so that the fix gets applied. \n \nPlease contact IBM support for assistance in upgrading your system.\n\n## Workarounds and Mitigations\n\nWorkaround(s): None \n \nMitigation(s): Ensure that all users who have access to the system are authenticated by another security system such as a firewall.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-18T00:09:53", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect IBM SONAS (CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792"], "modified": "2018-06-18T00:09:53", "id": "807C4AB87E47CA332F6205CBA2C6C1C3C3158B123385BE5D10E64D27338C557A", "href": "https://www.ibm.com/support/pages/node/690571", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-13T05:37:51", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed in June 2015 by the OpenSSL Project. OpenSSL is used by by IBM Storwize V7000 Unified. IBM Storwize V7000 Unified has addressed the applicable CVEs.\n\n## Vulnerability Details\n\nOpenSSL is used in IBM Storwize V7000 Unified for providing communication security by encrypting data being transmitted. \n \n \n**CVEID:** [CVE-2014-8176](<https://vulners.com/cve/CVE-2014-8176>) \n \n**DESCRIPTION: **OpenSSL could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an error in handling internal data. An attacker could exploit this vulnerability to execute arbitrary code on the system. \n \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/103782> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P) \n \n \n**CVEID: **[CVE-2015-1789](<https://vulners.com/cve/CVE-2015-1789>) \n \n**DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by an error in one of its functions. An attacker could exploit this vulnerability using a specially crafted certificate or CRL to trigger a segmentation fault. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/103779> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n \n**CVEID: **[CVE-2015-1790](<https://vulners.com/cve/CVE-2015-1790>) \n \n**DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by an error in its parsing code. An attacker could exploit this vulnerability using specially crafted content to trigger a NULL pointer dereference. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/103780> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n \n**CVEID: **[CVE-2015-1791](<https://vulners.com/cve/CVE-2015-1791>) \n \n**DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by an error in one of its functions. By sending a specially crafted message, an attacker could produce a race condition. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/103609> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n \n**CVEID: **[CVE-2015-1792](<https://vulners.com/cve/CVE-2015-1792>) \n \n**DESCRIPTION: **OpenSSL is vulnerable to a denial of service. An attacker could exploit this vulnerability using specially crafted data to cause the application to enter into an infinite loop. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/103781> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nIBM Storwize V7000 Unified \nThe product is affected when running code releases 1.5.0.0 to 1.5.2.1\n\n## Remediation/Fixes\n\nA fix for these issues is in version 1.5.2.2 of IBM Storwize V7000 Unified. Customers running an affected version of V7000 Unified should upgrade to 1.5.2.2 or a later version, so that the fix gets applied. \n \n[_Latest Storwize V7000 Unified Software_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1003918&myns=s028&mynp=OCST5Q4U&mync=E>)\n\n## Workarounds and Mitigations\n\nWorkaround(s): None \n \nMitigation(s): Ensure that all users who have access to the system are authenticated by another security system such as a firewall.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-18T00:09:53", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect IBM Storwize V7000 Unified (CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792"], "modified": "2018-06-18T00:09:53", "id": "0F8EC0887570E466DCF4213DD901C1A007B8EFDAA1B999193C4CC4FDB9F8F7E4", "href": "https://www.ibm.com/support/pages/node/690573", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:50:30", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. This includes Logjam Attack on TLS connections using the Diffie-Hellman (DH) key exchange protocol (CVE-2015-4000). OpenSSL is used by MegaRAID Storage Manager. MegaRAID Storage Manager has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n## Summary\n\nOpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. This includes Logjam Attack on TLS connections using the Diffie-Hellman (DH) key exchange protocol (CVE-2015-4000). OpenSSL is used by MegaRAID Storage Manager. MegaRAID Storage Manager has addressed the applicable CVEs.\n\n**Vulnerability Details:**\n\n**CVE-ID:** [CVE-2015-4000](<https://vulners.com/cve/CVE-2015-4000>)\n\n**Description:** The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHE_EXPORT ciphersuite choice. An attacker could exploit this vulnerability using man-in-the-middle techniques to force a downgrade to 512-bit export-grade cipher. Successful exploitation could allow an attacker to recover the session key as well as modify the contents of the traffic. This vulnerability is commonly referred to as \"Logjam.\"\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/103294> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n**CVE-ID:** [CVE-2014-8176](<https://vulners.com/cve/CVE-2014-8176>)\n\n**Description:** OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by an invalid free error when application data between the ChangeCipherSpec and Finished messages is received by the DTLS peer. An attacker could exploit this vulnerability to trigger a segmentation fault or possibly corrupt memory and execute arbitrary code on the system.\n\nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [http://exchange.xforce.ibmcloud.com/vulnerabilities/103782](<http://exchange.xforce.ibmcloud.com/vulnerabilities/103782%20>) for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P)\n\n**CVE-ID:** [CVE-2015-1788](<https://vulners.com/cve/CVE-2015-1788>)\n\n**Description:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See [http://exchange.xforce.ibmcloud.com/vulnerabilities/103778](<http://exchange.xforce.ibmcloud.com/vulnerabilities/103778%20>) for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVE-ID:** [CVE-2015-1789](<https://vulners.com/cve/CVE-2015-1789>)\n\n**Description:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in X509_cmp_time. An attacker could exploit this vulnerability using a specially crafted certificate or CRL to trigger a segmentation fault.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See [http://exchange.xforce.ibmcloud.com/vulnerabilities/103779](<http://exchange.xforce.ibmcloud.com/vulnerabilities/103779%20>) for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVE-ID:** [CVE-2015-1790](<https://vulners.com/cve/CVE-2015-1790>)\n\n**Description:** OpenSSL is vulnerable to a denial of service, caused by the improper handling of missing inner EncryptedContent by the PKCS#7 parsing code. An attacker could exploit this vulnerability using specially crafted ASN.1-encoded PKCS#7 blobs with missing content to trigger a NULL pointer dereference.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See [http://exchange.xforce.ibmcloud.com/vulnerabilities/103780](<http://exchange.xforce.ibmcloud.com/vulnerabilities/103780%20>) for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVE-ID:** [CVE-2015-1791](<https://vulners.com/cve/CVE-2015-1791>)\n\n**Description:** A double-free memory error in OpenSSL in the ssl3_get_new_session_ticket() function has an unknown impact. By returning a specially crafted NewSessionTicket message, an attacker could cause the client to reuse a previous ticket resulting in a race condition.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/103609> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n**CVE-ID:** [CVE-2015-1792](<https://vulners.com/cve/CVE-2015-1792>)\n\n**Description:** OpenSSL is vulnerable to a denial of service, caused by an error when verifying a signedData message. An attacker could exploit this vulnerability using an unknown hash function OID to cause the application to enter into an infinite loop.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/103781> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nProduct | Affected Version \n---|--- \nMegaRAID Storage Manager | 15.05.* \n \n## Remediation/Fixes:\n\nIt is recommended to update to the firmware level listed below, or later version. Firmware updates are available through IBM Fix Central: \n<http://www.ibm.com/support/fixcentral/>.\n\nProduct | Fixed Version \n---|--- \nMegaRAID Storage Manager \nibm_utl_msm_15.11.50.00_linux_32-64 \nibm_utl_msm_15.11.50.00_windows_32-64 | 15.11.50.00 \n \nYou should verify applying the fix does not cause any compatibility issues.\n\nFor CVE-2015-4000: You should verify applying this configuration change does not cause any compatibility issues. If you change the default setting after applying the fix, you will expose yourself to the attack described above. IBM recommends that you review your entire environment to identify other areas where you have enabled the Diffie-Hellman key-exchange protocol used in TLS and take appropriate mitigation and remediation actions.\n\n## Workaround(s) & Mitigation(s):\n\nFor CVE-2015-4000: You should verify applying this configuration change does not cause any compatibility issues. If you change the default setting after applying the fix, you will expose yourself to the attack described above. IBM recommends that you review your entire environment to identify other areas where you have enabled the Diffie-Hellman key-exchange protocol used in TLS and take appropriate mitigation and remediation actions.\n\n## References:\n\n * [Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide.html>)\n * [On-line Calculator v2](<http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2>)\n\n**Related Information:** \n[IBM Secure Engineering Web Portal](<http://www-01.ibm.com/software/test/wenses/security/>) \n[IBM Product Security Incident Response Blog](<https://www.ibm.com/blogs/psirt/>) \n\n\n**Acknowledgement**\n\nReported to IBM by The WeakDH team at <https://weakdh.org>\n\n**Change History** \n01 August 2016: Original Copy Published\n\n* The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n**Disclaimer**\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-01-31T02:25:02", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect MegaRAID Storage Manager", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-4000"], "modified": "2019-01-31T02:25:02", "id": "6680272534C119E2F4255DAC0A5F66CF25F5D99D47E9760C164E835E0C60EF0F", "href": "https://www.ibm.com/support/pages/node/868546", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:41:11", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. This includes the Logjam Attack on TLS connections using the Diffie-Hellman (DH) key exchange protocol (CVE-2015-4000) which affects IBM SDK for Node.js in IBM Bluemix. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-4000_](<https://vulners.com/cve/CVE-2015-4000>)** \nDESCRIPTION:** The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHE_EXPORT ciphersuite choice. An attacker could exploit this vulnerability using man-in-the-middle techniques to force a downgrade to 512-bit export-grade cipher. Successful exploitation could allow an attacker to recover the session key as well as modify the contents of the traffic. This vulnerability is commonly referred to as \"Logjam\". \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103294_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103294>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n \n**CVEID:** [CVE-2014-8176](<https://vulners.com/cve/CVE-2014-8176>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by an invalid free error when application data between the ChangeCipherSpec and Finished messages is received by the DTLS peer. An attacker could exploit this vulnerability to trigger a segmentation fault or possibly corrupt memory and execute arbitrary \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103782_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103782>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P) \n\n**CVEID:** [CVE-2015-1788](<https://vulners.com/cve/CVE-2015-1788>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103778_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [CVE-2015-1789](<https://vulners.com/cve/CVE-2015-1789>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in X509_cmp_time. An attacker could exploit this vulnerability using a specially crafted certificate or CRL to trigger a segmentation fault. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103779_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103779>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [CVE-2015-1790](<https://vulners.com/cve/CVE-2015-1790>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by the improper handling of missing inner EncryptedContent by the PKCS#7 parsing code. An attacker could exploit this vulnerability using specially crafted ASN.1-encoded PKCS#7 blobs with missing content to trigger a NULL pointer dereference. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103780_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103780>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [CVE-2015-1791](<https://vulners.com/cve/CVE-2015-1791>) \n**DESCRIPTION:** A double-free memory error in OpenSSL in the ssl3_get_new_session_ticket() function has an unknown impact. By returning a specially crafted NewSessionTicket message, an attacker could cause the client to reuse a previous ticket resulting in a race condition. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103609_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103609>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [CVE-2015-1792](<https://vulners.com/cve/CVE-2015-1792>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when verifying a signedData message. An attacker could exploit this vulnerability using an unknown hash function OID to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103781_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103781>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n## Affected Products and Versions\n\nThis vulnerability affects all versions up to and including IBM SDK for Node.js v1.1.0.14 and v1.2.0.2. It also affects open-source version v0.10.38 and v0.12.4 of the Node.js runtime in IBM Bluemix. The issue has been resolved in IBM SDK for Node.js v1.1.0.15 and v1.2.0.3 with Node.js Buildpack Version: v2.2-20150630-1721. \n \nTo check which version of the Node.js runtime your Bluemix application is using, navigate to the \"Files and Logs\" for your application through the Bluemix UI. In the \"logs\" directory, check the \"staging_task.log\". You can also find this file through the command-line Cloud Foundry client by running \"cf files <appname> logs/staging_task.log\". \n \nLook for the following lines: \n \n\\-----> IBM SDK for Node.js Buildpack _______ \n \nIf the open-source version is not v0.10.39 or v0.12.5, or the buildpack verison is v2.2-xxxxxxxx-xxxx, your application may be vulnerable.\n\n## Remediation/Fixes\n\n_To upgrade to the latest version of the Node.js runtime, please specify the latest Node.js runtime in your package.json file for your application:_ \n \n\"engines\": { \n\"node\": \">=0.10.39\" \n}, \nor \n\"engines\": { \n\"node\": \">=0.12.5\" \n}, \n \nYou will then need to restage (or re-push) your application.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-08-09T04:20:36", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect IBM\u00ae SDK for Node.js\u2122 in IBM Bluemix", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-4000"], "modified": "2018-08-09T04:20:36", "id": "6808EC84BE4A9DD5A0B439C6FCE9D4EA1BDF91E3E0DEBF72E5BEFD925D973E99", "href": "https://www.ibm.com/support/pages/node/531301", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:38:38", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. This includes Logjam Attack on TLS connections using the Diffie-Hellman (DH) key exchange protocol (CVE-2015-4000). OpenSSL is used by Sterling Connect:Express for UNIX. Sterling Connect:Express for UNIX has addressed the applicable CVEs. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-4000_](<https://vulners.com/cve/CVE-2015-4000>) \n**DESCRIPTION:** The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHE_EXPORT ciphersuite choice. An attacker could exploit this vulnerability using man-in-the-middle techniques to force a downgrade to 512-bit export-grade cipher. Successful exploitation could allow an attacker to recover the session key as well as modify the contents of the traffic. This vulnerability is commonly referred to as \"Logjam\". \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103294_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103294>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n \n**CVEID:** [_CVE-2014-8176_](<https://vulners.com/cve/CVE-2014-8176>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by an invalid free error when application data between the ChangeCipherSpec and Finished messages is received by the DTLS peer. An attacker could exploit this vulnerability to trigger a segmentation fault or possibly corrupt memory and execute arbitrary \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103782_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103782>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P) \n\n**CVEID:** [_CVE-2015-1788 \n_](<https://vulners.com/cve/CVE-2015-1788>)**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103778_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-1789 \n_](<https://vulners.com/cve/CVE-2015-1789>)**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in X509_cmp_time. An attacker could exploit this vulnerability using a specially crafted certificate or CRL to trigger a segmentation fault. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103779_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103779>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-1790_](<https://vulners.com/cve/CVE-2015-1790>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by the improper handling of missing inner EncryptedContent by the PKCS#7 parsing code. An attacker could exploit this vulnerability using specially crafted ASN.1-encoded PKCS#7 blobs with missing content to trigger a NULL pointer dereference. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103780_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103780>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-1791 \n_](<https://vulners.com/cve/CVE-2015-1791>)**DESCRIPTION:** A double-free memory error in OpenSSL in the ssl3_get_new_session_ticket() function has an unknown impact. By returning a specially crafted NewSessionTicket message, an attacker could cause the client to reuse a previous ticket resulting in a race condition. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103609_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103609>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2015-1792_](<https://vulners.com/cve/CVE-2015-1792>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when verifying a signedData message. An attacker could exploit this vulnerability using an unknown hash function OID to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103781_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103781>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nIBM Sterling Connect:Express for UNIX 1.4.6 \n\\- All versions prior to 1.4.6.1 iFix 146-110 \n \nIBM Sterling Connect:Express for UNIX 1.5.0.12 \n\\- All versions prior to 1.5.0.12\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix as soon as practical. Please see below for information about the available fixes \n \n\n\nVRMF| Remediation \n---|--- \n1.4.6| Please contact your local [IBM Remote Technical Support Center ](<https://www-304.ibm.com/webapp/set2/sas/f/handbook/contacts.html>)to request Connect:Express 1.4.6.1 iFix 146-111 \n1.5.0.12| Apply 1.5.0.12 iFix 150-1201, available on [_Fix Central_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Sterling+Connect%3AExpress+for+UNIX&release=All&platform=All&function=all>) \n \nFor CVE-2015-4000: As the length of the server key size are increased, the amount of CPU required for full TLS/SSL handshake can significantly increase. Please carefully test and assess the impact to your CPU requirements to ensure sufficient CPU resources, otherwise the system availability may be impacted. \n \nFor CVE-2015-4000: In addition to the fix installation and in order to protect Connect:Express from the CVE-2015-4000 vulnerability, EDH ciphers must be disabled in all SSL server definitions. Refer to the Chapter 4 of [IBM Sterling Connect:Express for UNIX Option SSL](<ftp://public.dhe.ibm.com/software/commerce/doc/mft/cexpress/cxunix/15/CXUX15_SSL_fr.pdf>) documentation to learn how to specify a cipher list in a SSL server definition. In the cipher list, all EDH ciphers must be disabled. See [https://www.openssl.org/ ](<https://www.openssl.org/>)to learn how to use the OpenSSL cipher list tool. \n \nYou should verify applying this configuration change does not cause any compatibility issues. If you change the default setting after applying the fix, you will expose yourself to the attack described above. IBM recommends that you review your entire environment to identify other areas where you have enabled the Diffie-Hellman key-exchange protocol used in TLS and take appropriate mitigation and remediation actions. \n\n## Workarounds and Mitigations\n\nNone, fix must be applied and EDH ciphers must be disabled in all SSL server definitions. \n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-07-24T22:49:37", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect Sterling Connect:Express for UNIX (CVE-2015-4000, CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-4000"], "modified": "2020-07-24T22:49:37", "id": "09EFBF1EDC3D056A4C55B6D328B0019A52124F7A8C7DCA88E25031BCFD79F86E", "href": "https://www.ibm.com/support/pages/node/528605", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:39:17", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. This includes Logjam Attack on TLS connections using the Diffie-Hellman (DH) key exchange protocol (CVE-2015-4000). OpenSSL is used by IBM BladeCenter Advanced Management Module (AMM). IBM BladeCenter Advanced Management Module (AMM) has addressed the vulnerabilities.\n\n## Vulnerability Details\n\n## Summary\n\nOpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. This includes Logjam Attack on TLS connections using the Diffie-Hellman (DH) key exchange protocol (CVE-2015-4000). OpenSSL is used by IBM BladeCenter Advanced Management Module (AMM). IBM BladeCenter Advanced Management Module (AMM) has addressed the vulnerabilities.\n\n**Vulnerability Details:**\n\n**CVE-ID:** [CVE-2015-4000](<https://vulners.com/cve/CVE-2015-4000>)\n\n**Description:** The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHE_EXPORT ciphersuite choice. An attacker could exploit this vulnerability using man-in-the-middle techniques to force a downgrade to 512-bit export-grade cipher. Successful exploitation could allow an attacker to recover the session key as well as modify the contents of the traffic. This vulnerability is commonly referred to as \"Logjam.\"\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/103294> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n**CVE-ID:** [CVE-2015-3216](<https://vulners.com/cve/CVE-2015-3216>)\n\n**Description:** OpenSSL shipped with Red Hat Enterprise Linux is vulnerable to a denial of service, caused by an out-of-bounds memory read error in ssleay_rand_bytes() function. By sending specially crafted data, a remote attacker could exploit this vulnerability to cause the application to crash.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/103915> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVE-ID:** [CVE-2014-8176](<https://vulners.com/cve/CVE-2014-8176>)\n\n**Description:** OpenSSL could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an invalid free error when application data between the ChangeCipherSpecand Finished messages is received by the DTLS peer. An attacker could exploit this vulnerability to trigger a segmentation fault or possibly corrupt memory and execute arbitrary code on the system.\n\nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/103782> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P)\n\n**CVE-ID:** [CVE-2015-1789](<https://vulners.com/cve/CVE-2015-1789>)\n\n**Description:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in X509_cmp_time. An attacker could exploit this vulnerability using a specially crafted certificate or CRL to trigger a segmentation fault.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/103779> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVE-ID:** [CVE-2015-1790](<https://vulners.com/cve/CVE-2015-1790>)\n\n**Description:** OpenSSL is vulnerable to a denial of service, caused by the improper handling of missing inner EncryptedContent by the PKCS#7 parsing code. An attacker could exploit this vulnerability using specially crafted ASN.1-encoded PKCS#7 blobs with missing content to trigger a NULL pointer dereference.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/103780> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVE-ID:** [CVE-2015-1791](<https://vulners.com/cve/CVE-2015-1791>)\n\n**Description:** A double-free memory error in OpenSSL in the ssl3_get_new_session_ticket() function has an unknown impact. By returning a specially crafted NewSessionTicket message, an attacker could cause the client to reuse a previous ticket resulting in a race condition.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/103609> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n**CVE-ID:** [CVE-2015-1792](<https://vulners.com/cve/CVE-2015-1792>)\n\n**Description:** OpenSSL is vulnerable to a denial of service, caused by an error when verifying a signedData message. An attacker could exploit this vulnerability using an unknown hash function OID to cause the application to enter into an infinite loop.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/103781> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nProduct | Affected Version \n---|--- \nIBM BladeCenter Advanced Management Module (AMM) | 1.00 - 3.66n \n \n## Remediation/Fixes:\n\nFirmware fix versions are available on Fix Central: <http://www.ibm.com/support/fixcentral/>\n\nYou should verify applying the fix does not cause any compatibility issues.\n\nProduct | Fixed Version \n---|--- \nIBM BladeCenter Advanced Management Module (AMM) | BPET66P - 3.66p \n \nFor CVE-2015-4000: You should verify applying this configuration change does not cause any compatibility issues. If you change the default setting after applying the fix, you will expose yourself to the attack described above. IBM recommends that you review your entire environment to identify other areas where you have enabled the Diffie-Hellman key-exchange protocol used in TLS and take appropriate mitigation and remediation actions.\n\n## Workarounds and Mitigations:\n\nNone.\n\n## References:\n\n * [Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide.html>)\n * [On-line Calculator v2](<http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2>)\n\n**Related Information:** \n[IBM Secure Engineering Web Portal](<http://www-01.ibm.com/software/test/wenses/security/>) \n[IBM Product Security Incident Response Blog](<https://www.ibm.com/blogs/PSIRT>) \n\n\n**Acknowledgement**\n\nNone.\n\n**Change History** \n20 November 2015: Original version published\n\n* The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n**Disclaimer**\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-02T20:22:51", "type": "ibm", "title": "Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by multiple vulnerabilities in OpenSSL including Logjam (CVE-2015-4000, CVE-2015-3216, CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3216", "CVE-2015-4000"], "modified": "2020-11-02T20:22:51", "id": "B26BA31F7C8E180B2476A6D17348E9C8899E4E6C0D69D13EE7B0DE3A1B8FD9D5", "href": "https://www.ibm.com/support/pages/node/868150", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:38:26", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. This includes Logjam Attack on TLS connections using the Diffie-Hellman (DH) key exchange protocol (CVE-2015-4000). OpenSSL is used by IBM SDK for Node.js for the Cordova tools in Rational Software Architect and Rational Software Architect for Websphere Software. RSA and RSA4WS have addressed the applicable CVEs \n\n## Vulnerability Details\n\n \n**CVEID:** [_CVE-2015-4000_](<https://vulners.com/cve/CVE-2015-4000>) \n \n**DESCRIPTION:** The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHE_EXPORT ciphersuite choice. An attacker could exploit this vulnerability using man-in-the-middle techniques to force a downgrade to 512-bit export-grade cipher. Successful exploitation could allow an attacker to recover the session key as well as modify the contents of the traffic. This vulnerability is commonly referred to as \"Logjam\". \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103294_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103294>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n \n \n**CVEID:** [_CVE-2014-8176_](<https://vulners.com/cve/CVE-2014-8176>) \n[](<https://vulners.com/cve/CVE-2014-8176>) \n**DESCRIPTION:** OpenSSL could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an invalid free error when application data between the ChangeCipherSpec and Finished messages is received by the DTLS peer. An attacker could exploit this vulnerability to trigger a segmentation fault or possibly corrupt memory and execute arbitrary code on the system. \n \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103782_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103782>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P) \n \n \n**CVEID:** [_CVE-2015-1788_](<https://vulners.com/cve/CVE-2015-1788>) \n \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103778_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n \n**CVEID:** [_CVE-2015-1789_](<https://vulners.com/cve/CVE-2015-1789>) \n \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in X509_cmp_time. An attacker could exploit this vulnerability using a specially crafted certificate or CRL to trigger a segmentation fault. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103779_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103779>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n \n**CVEID:** [_CVE-2015-1790_](<https://vulners.com/cve/CVE-2015-1790>) \n \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by the improper handling of missing inner EncryptedContent by the PKCS#7 parsing code. An attacker could exploit this vulnerability using specially crafted ASN.1-encoded PKCS#7 blobs with missing content to trigger a NULL pointer dereference. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103780_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103780>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n \n**CVEID:** [_CVE-2015-1791_](<https://vulners.com/cve/CVE-2015-1791>) \n \n**DESCRIPTION:** A double-free memory error in OpenSSL in the ssl3_get_new_session_ticket() function has an unknown impact. By returning a specially crafted NewSessionTicket message, an attacker could cause the client to reuse a previous ticket resulting in a race condition. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103609_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103609>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \n \n**CVEID:** [_CVE-2015-1792_](<https://vulners.com/cve/CVE-2015-1792>) \n \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when verifying a signedData message. An attacker could exploit this vulnerability using an unknown hash function OID to cause the application to enter into an infinite loop. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103781_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103781>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n\n## Affected Products and Versions\n\nIBM Rational Software Architect and IBM Rational Software Architect for Websphere Software 9.1, 9.1.1 and 9.1.2 \n\n## Remediation/Fixes\n\nUpdate the IBM SDK for Node.js using by the Cordova platform in the product to address this vulnerability: \n \n\n\n**Product**| **VRMF**| **APAR**| **Remediation/Download FixCentral Link** \n---|---|---|--- \nRational Software Architect \nRational Software Architect for Websphere Software| 9.1, 9.1.1 and 9.1.2| \n| \n\n * Apply [IBM SDK for Node.js 1.1.0.15](<https://www.ibm.com/developerworks/web/nodesdk/>) to the Cordova platform in the product. The IBM SDK for Node.js package can be downloaded from the [IBM SDK for Node.js developerWorks community page](<https://www.ibm.com/developerworks/web/nodesdk/>). \n \nAfter the executable package for your platform is downloaded then launch the installation wizard, specify <installation folder>/cordova_cli/ as the installation location, and follow the wizard to complete the installation. The value of <installation folder> is your Software Delivery Platform product installation folder. \n \n**For **[**CVE-2015-4000**](<https://vulners.com/cve/CVE-2015-4000>)**: **As the length of the server key size are increased, the amount of CPU required for full TLS/SSL handshake can significantly increase. Please carefully test and assess the impact to your CPU requirements to ensure sufficient CPU resources, otherwise the system availability may be impacted. \nYou should verify applying this configuration change does not cause any compatibility issues. If you change the default setting after applying the fix, you will expose yourself to the attack described above. IBM recommends that you review your entire environment to identify other areas where you have enabled the Diffie-Hellman key-exchange protocol used in TLS and take appropriate mitigation and remediation actions. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-09-10T17:03:14", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect Rational Software Architect and Rational Software Architect for Websphere Software", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-4000"], "modified": "2020-09-10T17:03:14", "id": "2F044E6D3403CF1CE244F404A02D2A1E0F016AD4BEEC5C72C153F07E02439876", "href": "https://www.ibm.com/support/pages/node/531837", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:54:31", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. This includes Logjam Attack on TLS connections using the Diffie-Hellman (DH) key exchange protocol (CVE-2015-4000). OpenSSL is used by IBM Image Construction and Composition Tool. IBM Image Construction and Composition Tool has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-4000_](<https://vulners.com/cve/CVE-2015-4000>)** \nDESCRIPTION:** The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHE_EXPORT ciphersuite choice. An attacker could exploit this vulnerability using man-in-the-middle techniques to force a downgrade to 512-bit export-grade cipher. Successful exploitation could allow an attacker to recover the session key as well as modify the contents of the traffic. This vulnerability is commonly referred to as \"Logjam\". \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103294_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103294>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n \n**CVEID:** [CVE-2014-8176](<https://vulners.com/cve/CVE-2014-8176>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by an invalid free error when application data between the ChangeCipherSpec and Finished messages is received by the DTLS peer. An attacker could exploit this vulnerability to trigger a segmentation fault or possibly corrupt memory and execute arbitrary code on the system. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103782_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103782>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P) \n\n**CVEID:** [CVE-2015-1788](<https://vulners.com/cve/CVE-2015-1788>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103778_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [CVE-2015-1789](<https://vulners.com/cve/CVE-2015-1789>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in X509_cmp_time. An attacker could exploit this vulnerability using a specially crafted certificate or CRL to trigger a segmentation fault. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103779_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103779>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [CVE-2015-1790](<https://vulners.com/cve/CVE-2015-1790>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by the improper handling of missing inner EncryptedContent by the PKCS#7 parsing code. An attacker could exploit this vulnerability using specially crafted ASN.1-encoded PKCS#7 blobs with missing content to trigger a NULL pointer dereference. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103780_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103780>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [CVE-2015-1791](<https://vulners.com/cve/CVE-2015-1791>) \n**DESCRIPTION:** A double-free memory error in OpenSSL in the ssl3_get_new_session_ticket() function has an unknown impact. By returning a specially crafted NewSessionTicket message, an attacker could cause the client to reuse a previous ticket resulting in a race condition. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103609_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103609>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [CVE-2015-1792](<https://vulners.com/cve/CVE-2015-1792>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when verifying a signedData message. An attacker could exploit this vulnerability using an unknown hash function OID to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103781_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103781>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nIBM Image Construction and Composition Tool v2.3.2.0 \nIBM Image Construction and Composition Tool v2.3.1.0 \nIBM Image Construction and Composition Tool v2.2.1.3 \n\n## Remediation/Fixes\n\nThe solution is to apply the following IBM Image Construction and Composition Tool version fixes. \n \nUpgrade the IBM Image Construction and Composition Tool to the following fix levels or higher: \n \n\u00b7 For IBM Image Construction and Composition Tool v2.3.2.0 \nIBM Image Construction and Composition Tool v2.3.2.0 Build 21 \n \n[\u00b7 __http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=All&platform=All&function=fixId&fixids=ICCT_IM_Repository_2.3.2.0-21&includeRequisites=1&includeSupersedes=0__](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=All&platform=All&function=fixId&fixids=ICCT_IM_Repository_2.3.2.0-21&includeRequisites=1&includeSupersedes=0>) \n \n[\u00b7 __http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=All&platform=All&function=fixId&fixids=ICCT_efix_Repository_2.3.2.0-21&includeRequisites=1&includeSupersedes=0__](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=All&platform=All&function=fixId&fixids=ICCT_efix_Repository_2.3.2.0-21&includeRequisites=1&includeSupersedes=0>) \n \n\u00b7 For IBM Image Construction and Composition Tool v2.3.1.0 \nIBM Image Construction and Composition Tool v2.3.1.0 Build 44 \n \n[\u00b7 __http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=All&platform=All&function=fixId&fixids=ICCT_IM_Repository_2.3.1.0-44&includeRequisites=1&includeSupersedes=0__](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=All&platform=All&function=fixId&fixids=ICCT_IM_Repository_2.3.1.0-44&includeRequisites=1&includeSupersedes=0>)_ _ \n_ _ \n[\u00b7 __http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=All&platform=All&function=fixId&fixids=ICCT_efix_Repository_2.3.1.0-44&includeRequisites=1&includeSupersedes=0__](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=All&platform=All&function=fixId&fixids=ICCT_efix_Repository_2.3.1.0-44&includeRequisites=1&includeSupersedes=0>) \n \n \n\u00b7 For IBM Image Construction and Composition Tool v2.2.1.3 \nContact IBM support for upgrade options.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-15T07:04:19", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect IBM Image Construction and Composition Tool. (CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, and CVE-2015-4000)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-4000"], "modified": "2018-06-15T07:04:19", "id": "573D5194C5FA6D57BF7D7107395D0823BF59A24F4A6BFB8961AB7839F18340F7", "href": "https://www.ibm.com/support/pages/node/273157", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:54:42", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. This includes Logjam Attack on TLS connections using the Diffie-Hellman (DH) key exchange protocol (CVE-2015-4000). OpenSSL is used by IBM PureApplication System. IBM PureApplication System has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-4000_](<https://vulners.com/cve/CVE-2015-4000>)** \nDESCRIPTION:** The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHE_EXPORT ciphersuite choice. An attacker could exploit this vulnerability using man-in-the-middle techniques to force a downgrade to 512-bit export-grade cipher. Successful exploitation could allow an attacker to recover the session key as well as modify the contents of the traffic. This vulnerability is commonly referred to as \"Logjam\". \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103294_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103294>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n \n**CVEID:** [CVE-2014-8176](<https://vulners.com/cve/CVE-2014-8176>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by an invalid free error when application data between the ChangeCipherSpec and Finished messages is received by the DTLS peer. An attacker could exploit this vulnerability to trigger a segmentation fault or possibly corrupt memory and execute arbitrary \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103782_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103782>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P) \n \n**CVEID:** [CVE-2015-1788](<https://vulners.com/cve/CVE-2015-1788>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103778_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [CVE-2015-1789](<https://vulners.com/cve/CVE-2015-1789>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in X509_cmp_time. An attacker could exploit this vulnerability using a specially crafted certificate or CRL to trigger a segmentation fault. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103779_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103779>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [CVE-2015-1790](<https://vulners.com/cve/CVE-2015-1790>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by the improper handling of missing inner EncryptedContent by the PKCS#7 parsing code. An attacker could exploit this vulnerability using specially crafted ASN.1-encoded PKCS#7 blobs with missing content to trigger a NULL pointer dereference. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103780_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103780>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [CVE-2015-1791](<https://vulners.com/cve/CVE-2015-1791>) \n**DESCRIPTION:** A double-free memory error in OpenSSL in the ssl3_get_new_session_ticket() function has an unknown impact. By returning a specially crafted NewSessionTicket message, an attacker could cause the client to reuse a previous ticket resulting in a race condition. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103609_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103609>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [CVE-2015-1792](<https://vulners.com/cve/CVE-2015-1792>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when verifying a signedData message. An attacker could exploit this vulnerability using an unknown hash function OID to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103781_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103781>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nIBM PureApplication System V2.1 \nIBM PureApplication System V2.0 \n\n## Remediation/Fixes\n\nIBM PureApplication System V2.1 \nThe solution is to update to IBM PureApplication System V2.1.0.2 or IBM PureApplication System V2.1.1 \n \nIBM PureApplication System V2.0 \nThe solution is to upgrade to IBM PureApplication System V2.0.0.1 Interim Fix 5 \n \n \nFor CVE-2015-4000: You should verify applying this configuration change does not cause any compatibility issues. If you change the default setting after applying the fix, you will expose yourself to the attack described above. IBM recommends that you review your entire environment to identify other areas where you have enabled the Diffie-Hellman key-exchange protocol used in TLS and take appropriate mitigation and remediation actions.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-15T07:03:47", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect IBM PureApplication System. (CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, and CVE-2015-4000)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-4000"], "modified": "2018-06-15T07:03:47", "id": "D798A2662F653C58B07EF7AB7952BA9F9D262CA55D27B779D34C5A7F3DECACDF", "href": "https://www.ibm.com/support/pages/node/269989", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:54:49", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. This includes Logjam Attack on TLS connections using the Diffie-Hellman (DH) key exchange protocol (CVE-2015-4000). OpenSSL is used by IBM Workload Deployer. IBM Workload Deployer has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-4000_](<https://vulners.com/cve/CVE-2015-4000>)** \nDESCRIPTION:** The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHE_EXPORT ciphersuite choice. An attacker could exploit this vulnerability using man-in-the-middle techniques to force a downgrade to 512-bit export-grade cipher. Successful exploitation could allow an attacker to recover the session key as well as modify the contents of the traffic. This vulnerability is commonly referred to as \"Logjam\". \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103294_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103294>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n \n**CVEID:** [CVE-2014-8176](<https://vulners.com/cve/CVE-2014-8176>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by an invalid free error when application data between the ChangeCipherSpec and Finished messages is received by the DTLS peer. An attacker could exploit this vulnerability to trigger a segmentation fault or possibly corrupt memory and execute arbitrary \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103782_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103782>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P) \n\n**CVEID:** [CVE-2015-1788](<https://vulners.com/cve/CVE-2015-1788>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103778_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [CVE-2015-1789](<https://vulners.com/cve/CVE-2015-1789>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in X509_cmp_time. An attacker could exploit this vulnerability using a specially crafted certificate or CRL to trigger a segmentation fault. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103779_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103779>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [CVE-2015-1790](<https://vulners.com/cve/CVE-2015-1790>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by the improper handling of missing inner EncryptedContent by the PKCS#7 parsing code. An attacker could exploit this vulnerability using specially crafted ASN.1-encoded PKCS#7 blobs with missing content to trigger a NULL pointer dereference. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103780_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103780>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [CVE-2015-1791](<https://vulners.com/cve/CVE-2015-1791>) \n**DESCRIPTION:** A double-free memory error in OpenSSL in the ssl3_get_new_session_ticket() function has an unknown impact. By returning a specially crafted NewSessionTicket message, an attacker could cause the client to reuse a previous ticket resulting in a race condition. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103609_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103609>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [CVE-2015-1792](<https://vulners.com/cve/CVE-2015-1792>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when verifying a signedData message. An attacker could exploit this vulnerability using an unknown hash function OID to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103781_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103781>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nIBM Workload Deployer version 3.1 and later\n\n## Remediation/Fixes\n\nThe solution is to apply the following IBM Workload Deployer fix: \n \nUpgrade the IBM Workload Deployer to the following fix level: \n \n\n\n_Product_\n\n| \n\n_VRMF_\n\n| \n\n_Remediation/First Fix_ \n \n---|---|--- \nIBM Workload Deployer System| Release V3.1.0.7| V3.1.0.7 Interim fix9, \n \n[_http://www-933.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Workload+Deployer&release=3.1.0.7&platform=All&function=fixId&fixids=3.1.0.7-ifix9-IBM_Workload_Deployer&includeSupersedes=0_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Workload+Deployer&release=3.1.0.7&platform=All&function=fixId&fixids=3.1.0.7-ifix9-IBM_Workload_Deployer&includeSupersedes=0>) \n \n \nFor CVE-2015-4000: As the length of the server key size are increased, the amount of CPU required for full TLS/SSL handshake can significantly increase. Please carefully test and assess the impact to your CPU requirements to ensure sufficient CPU resources, otherwise the system availability may be impacted. \n \n \nFor CVE-2015-4000: You should verify applying this configuration change does not cause any compatibility issues. If you change the default setting after applying the fix, you will expose yourself to the attack described above. IBM recommends that you review your entire environment to identify other areas where you have enabled the Diffie-Hellman key-exchange protocol used in TLS and take appropriate mitigation and remediation actions. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-15T07:03:36", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSLincluding Logjam affect IBM Workload Deployer. (CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, and CVE-2015-4000)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-4000"], "modified": "2018-06-15T07:03:36", "id": "AFB18C01001C1ED3C57D258D7EAEF5E63B8016D0093506248A32EF21FB399220", "href": "https://www.ibm.com/support/pages/node/265651", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:39:36", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. This includes Logjam Attack on TLS connections using the Diffie-Hellman (DH) key exchange protocol (CVE-2015-4000). OpenSSL is used by IBM SDK for Node.js for the Cordova tools in Rational Application Developer for WebSphere Software. Rational Application Developer for WebSphere Software has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n \n**CVEID:** [_CVE-2015-4000_](<https://vulners.com/cve/CVE-2015-4000>) \n \n**DESCRIPTION:** The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHE_EXPORT ciphersuite choice. An attacker could exploit this vulnerability using man-in-the-middle techniques to force a downgrade to 512-bit export-grade cipher. Successful exploitation could allow an attacker to recover the session key as well as modify the contents of the traffic. This vulnerability is commonly referred to as \"Logjam\". \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103294_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103294>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n \n \n**CVEID:** [_CVE-2015-1791_](<https://vulners.com/cve/CVE-2015-1791>) \n \n**DESCRIPTION:** A double-free memory error in OpenSSL in the ssl3_get_new_session_ticket() function has an unknown impact. By returning a specially crafted NewSessionTicket message, an attacker could cause the client to reuse a previous ticket resulting in a race condition. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103609_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103609>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \n \n**CVEID:** [_CVE-2015-1792_](<https://vulners.com/cve/CVE-2015-1792>) \n \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when verifying a signedData message. An attacker could exploit this vulnerability using an unknown hash function OID to cause the application to enter into an infinite loop. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103781_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103781>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n \n**CVEID:** [_CVE-2014-8176_](<https://vulners.com/cve/CVE-2014-8176>) \n[](<https://vulners.com/cve/CVE-2014-8176>) \n**DESCRIPTION:** OpenSSL could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an invalid free error when application data between the ChangeCipherSpec and Finished messages is received by the DTLS peer. An attacker could exploit this vulnerability to trigger a segmentation fault or possibly corrupt memory and execute arbitrary code on the system. \n \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103782_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103782>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P) \n \n \n**CVEID:** [_CVE-2015-1788_](<https://vulners.com/cve/CVE-2015-1788>) \n \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103778_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n \n**CVEID:** [_CVE-2015-1789_](<https://vulners.com/cve/CVE-2015-1789>) \n \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in X509_cmp_time. An attacker could exploit this vulnerability using a specially crafted certificate or CRL to trigger a segmentation fault. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103779_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103779>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n \n**CVEID:** [_CVE-2015-1790_](<https://vulners.com/cve/CVE-2015-1790>) \n \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by the improper handling of missing inner EncryptedContent by the PKCS#7 parsing code. An attacker could exploit this vulnerability using specially crafted ASN.1-encoded PKCS#7 blobs with missing content to trigger a NULL pointer dereference. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103780_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103780>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nIBM Rational Application Developer for WebSphere Software 9.1, 9.1.0.1, and 9.1.1\n\n## Remediation/Fixes\n\nUpdate the IBM SDK for Node.js using by the Cordova platform in the product to address this vulnerability: \n \n\n\n**Product**| **VRMF**| **APAR**| **Remediation/First Fix** \n---|---|---|--- \nRational Application Developer| 9.1, 9.1.0.1, and 9.1.1| \n| \n\n * Apply [IBM SDK for Node.js 1.1.0.15](<https://www.ibm.com/developerworks/web/nodesdk/>) to the Cordova platform in the product. \n \nInstallation instructions for applying the update to the Cordova platform in the product can be found here: \n \n[Upgrading the IBM SDK for Node.js used by Cordova](<http://www.ibm.com/support/docview.wss?uid=swg21684946>) \n \nFor CVE-2015-4000: As the length of the server key size are increased, the amount of CPU required for full TLS/SSL handshake can significantly increase. Please carefully test and assess the impact to your CPU requirements to ensure sufficient CPU resources, otherwise the system availability may be impacted. \nYou should verify applying this configuration change does not cause any compatibility issues. If you change the default setting after applying the fix, you will expose yourself to the attack described above. IBM recommends that you review your entire environment to identify other areas where you have enabled the Diffie-Hellman key-exchange protocol used in TLS and take appropriate mitigation and remediation actions. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-02-05T00:09:48", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect Rational Application Developer for WebSphere Software (CVE-2015-1791, CVE-2015-1792, CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-4000"], "modified": "2020-02-05T00:09:48", "id": "7D8FF151823F9B967307D922CFD4A9025D96759EDDCD392AB7E59A523521BE8F", "href": "https://www.ibm.com/support/pages/node/531471", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:41:09", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. This includes the Logjam Attack on TLS connections using the Diffie-Hellman (DH) key exchange protocol (CVE-2015-4000). OpenSSL is used by IBM SDK for Node.js. IBM SDK for Node.js has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-4000_](<https://vulners.com/cve/CVE-2015-4000>)** \nDESCRIPTION:** The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHE_EXPORT ciphersuite choice. An attacker could exploit this vulnerability using man-in-the-middle techniques to force a downgrade to 512-bit export-grade cipher. Successful exploitation could allow an attacker to recover the session key as well as modify the contents of the traffic. This vulnerability is commonly referred to as \"Logjam\". \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103294_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103294>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n**CVEID:** [CVE-2014-8176](<https://vulners.com/cve/CVE-2014-8176>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by an invalid free error when application data between the ChangeCipherSpec and Finished messages is received by the DTLS peer. An attacker could exploit this vulnerability to trigger a segmentation fa
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2019-1548)
