Lucene search
Copyright (C) 2021 Greenbone AGOPENVAS:13614125623114201206231HistoryJun 09, 2021 - 12:00 a.m.
SUSE: Security Advisory (SUSE-SU-2012:0623-1)
2021-06-0900:00:00
Copyright (C) 2021 Greenbone AG
plugins.openvas.org
7.8 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.11 Low
EPSS
Percentile
95.1%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2021 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.4.2012.0623.1");
script_cve_id("CVE-2012-2110", "CVE-2012-2131");
script_tag(name:"creation_date", value:"2021-06-09 14:58:28 +0000 (Wed, 09 Jun 2021)");
script_version("2024-02-02T05:06:07+0000");
script_tag(name:"last_modification", value:"2024-02-02 05:06:07 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_name("SUSE: Security Advisory (SUSE-SU-2012:0623-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2021 Greenbone AG");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms", re:"ssh/login/release=(SLES11\.0SP1|SLES11\.0SP2)");
script_xref(name:"Advisory-ID", value:"SUSE-SU-2012:0623-1");
script_xref(name:"URL", value:"https://www.suse.com/support/update/announcement/2012/suse-su-20120623-1/");
script_tag(name:"summary", value:"The remote host is missing an update for the 'openssl' package(s) announced via the SUSE-SU-2012:0623-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"This update of openssl fixes an integer conversation issue which could cause a heap-based memory corruption
(CVE-2012-2110
> ).
Additionally, a check for negative buffer length values was added ( CVE-2012-2131
> ) and the stack made non-executable by marking the enhanced Intel SSSE3 assembler code as not needing executable stack.");
script_tag(name:"affected", value:"'openssl' package(s) on SUSE Linux Enterprise Desktop 11-SP1, SUSE Linux Enterprise Desktop 11-SP2, SUSE Linux Enterprise Server 11-SP1, SUSE Linux Enterprise Server 11-SP2, SUSE Linux Enterprise Software Development Kit 11-SP1, SUSE Linux Enterprise Software Development Kit 11-SP2.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "SLES11.0SP1") {
if(!isnull(res = isrpmvuln(pkg:"libopenssl0_9_8", rpm:"libopenssl0_9_8~0.9.8j~0.36.1", rls:"SLES11.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libopenssl0_9_8-32bit", rpm:"libopenssl0_9_8-32bit~0.9.8j~0.36.1", rls:"SLES11.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libopenssl0_9_8-x86", rpm:"libopenssl0_9_8-x86~0.9.8j~0.36.1", rls:"SLES11.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"openssl", rpm:"openssl~0.9.8j~0.36.1", rls:"SLES11.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"openssl-doc", rpm:"openssl-doc~0.9.8j~0.36.1", rls:"SLES11.0SP1"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLES11.0SP2") {
if(!isnull(res = isrpmvuln(pkg:"libopenssl0_9_8", rpm:"libopenssl0_9_8~0.9.8j~0.36.1", rls:"SLES11.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libopenssl0_9_8-32bit", rpm:"libopenssl0_9_8-32bit~0.9.8j~0.36.1", rls:"SLES11.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libopenssl0_9_8-x86", rpm:"libopenssl0_9_8-x86~0.9.8j~0.36.1", rls:"SLES11.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"openssl", rpm:"openssl~0.9.8j~0.36.1", rls:"SLES11.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"openssl-doc", rpm:"openssl-doc~0.9.8j~0.36.1", rls:"SLES11.0SP2"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
suse
suse
Security update for openssl (important)
2012-05-23 01:08:20
Security update for compat-openssl097g (important)
2012-09-18 15:08:35
Security update for compat-openssl097g (important)
2012-09-12 07:08:33
nessus
nessus
SuSE 11.1 Security Update : openssl (SAT Patch Number 6245)
2013-01-25 00:00:00
SuSE 11.2 Security Update : compat-openssl097g (SAT Patch Number 6749)
2013-01-25 00:00:00
Mandriva Linux Security Advisory : openssl0.9.8 (MDVSA-2012:064)
2012-04-25 00:00:00
debiancve
debiancve
CVE-2012-2131
2012-04-24 20:55:00
CVE-2012-2110
2012-04-19 17:55:00
openvas
openvas
Mandriva Update for openssl0.9.8 MDVSA-2012:064 (openssl0.9.8)
2012-08-03 00:00:00
Debian Security Advisory DSA 2454-2 (openssl)
2012-04-30 00:00:00
Ubuntu Update for openssl USN-1428-1
2012-04-26 00:00:00
prion
prion
Integer overflow
2012-04-24 20:55:00
Buffer overflow
2012-04-19 17:55:00
openssl
openssl
Vulnerability in OpenSSL CVE-2012-2131
2012-04-24 00:00:00
Vulnerability in OpenSSL CVE-2012-2110
2012-04-19 00:00:00
debian
debian
[SECURITY] [DSA 2454-2] openssl incomplete fix
2012-04-25 02:03:10
[SECURITY] [DSA 2454-1] openssl security update
2012-04-19 21:21:20
securityvulns
securityvulns
[ MDVSA-2012:064 ] openssl0.9.8
2012-04-24 00:00:00
OpenSSL memory corruption
2012-04-24 00:00:00
RSA BSAFE security vulnerabilities
2012-10-29 00:00:00
ubuntu
ubuntu
OpenSSL vulnerability
2012-04-24 00:00:00
OpenSSL vulnerabilities
2012-04-19 00:00:00
checkpoint_security
checkpoint_security
ubuntucve
ubuntucve
CVE-2012-2131
2012-04-24 00:00:00
CVE-2012-2110
2012-04-19 00:00:00
cve
cve
CVE-2012-2131
2012-04-24 20:55:00
CVE-2012-2110
2012-04-19 17:55:00
f5
f5
SOL17454 - OpenSSL vulnerabilities CVE-2005-2946, CVE-2008-0891, and CVE-2012-2131
2015-10-16 00:00:00
SOL16285 - OpenSSL vulnerability CVE-2012-2110
2015-04-09 00:00:00
osv
osv
openssl - multiple
2012-04-24 00:00:00
openssl - incomplete fix
2012-04-24 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package openssl10 version 1.0.0i-alt1
2012-04-19 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.0i-alt1
2012-04-19 00:00:00
Security fix for the ALT Linux 9 package openssl10 version 1.0.0i-alt1
2012-04-19 00:00:00
threatpost
threatpost
E-Mail, Source Code From VMWare Bubbles Up From Compromised Chinese Firm
2012-04-24 21:33:10
OpenSSL Releases New Fix for CVE-2012-2110 ASN1 Bug
2012-04-24 19:17:06
New Java Malware Exploits Both Windows And Mac Users
2012-04-24 17:37:49
oraclelinux
oraclelinux
openssl security update
2012-05-08 00:00:00
openssl security update
2012-04-25 00:00:00
openssl097a and openssl098e security update
2014-06-05 00:00:00
freebsd
freebsd
OpenSSL -- integer conversions result in memory corruption
2012-04-19 00:00:00
FreeBSD -- OpenSSL multiple vulnerabilities
2012-05-03 00:00:00
amazon
amazon
Important: openssl
2012-05-02 12:28:00
Important: openssl098e
2012-05-02 12:31:00
centos
centos
openssl, openssl097a, openssl098e security update
2012-04-25 01:22:21
seebug
seebug
OpenSSL "asn1_d2i_read_bio()" DER格式数据处理漏洞
2012-04-22 00:00:00
OpenSSL ASN1 BIO Memory Corruption Vulnerability
2014-07-01 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: openssl-1.0.0i-1.fc17
2012-04-26 20:07:43
[SECURITY] Fedora 16 Update: openssl-1.0.0i-1.fc16
2012-04-27 20:50:05
[SECURITY] Fedora 15 Update: openssl-1.0.0i-1.fc15
2012-05-10 14:16:11
veracode
veracode
Denial Of Service (DoS) Through Memory Consumption And Buffer Overflow
2017-02-09 00:33:40
Denial Of Service (DoS) Through Memory Consumption And Buffer Overflow
2019-01-15 08:50:55
exploitpack
exploitpack
OpenSSL - ASN1 BIO Memory Corruption
2012-04-19 00:00:00
redhat
redhat
(RHSA-2012:0522) Important: openssl security update
2012-04-25 00:00:00
(RHSA-2012:0518) Important: openssl security update
2012-04-24 00:00:00
(RHSA-2012:1308) Important: openssl security update
2012-09-24 15:54:31
aix
aix
Multiple OpenSSL vulnerabilities
2012-08-01 09:25:58
vmware
vmware
exploitdb
exploitdb
OpenSSL - ASN1 BIO Memory Corruption
2012-04-19 00:00:00
ibm
ibm
freebsd_advisory
freebsd_advisory
FreeBSD-SA-12:01.openssl
2012-05-30 00:00:00
gentoo
gentoo
OpenSSL: Multiple Vulnerabilities
2013-12-03 00:00:00
lenovo
lenovo
Intel® PROSet/Wireless WiFi Software Vulnerabilities - Lenovo Support US
2018-11-13 17:10:51
Intel® PROSet/Wireless WiFi Software Vulnerabilities - US
2018-11-13 17:10:51
7.8 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.11 Low
EPSS
Percentile
95.1%
Related for OPENVAS:13614125623114201206231