ID OPENVAS:702998 Type openvas Reporter Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net Modified 2017-07-11T00:00:00
Description
Multiple vulnerabilities have been identified in OpenSSL, a Secure
Sockets Layer toolkit, that may result in denial of service
(application crash, large memory consumption), information leak,
protocol downgrade. Additionally, a buffer overrun affecting only
applications explicitly set up for SRP has been fixed (CVE-2014-3512
).
Detailed descriptions of the vulnerabilities can be found at:
www.openssl.org/news/secadv_20140806.txt
It's important that you upgrade the libssl1.0.0 package and not just
the openssl package.
All applications linked to openssl need to be restarted. You can use
the checkrestart
tool from the debian-goodies package to detect
affected programs. Alternatively, you may reboot your system.
# OpenVAS Vulnerability Test
# $Id: deb_2998.nasl 6663 2017-07-11 09:58:05Z teissa $
# Auto-generated from advisory DSA 2998-1 using nvtgen 1.0
# Script version: 1.1
#
# Author:
# Greenbone Networks
#
# Copyright:
# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
tag_affected = "openssl on Debian Linux";
tag_insight = "This package contains the openssl binary and related tools.";
tag_solution = "For the stable distribution (wheezy), these problems have been fixed in
version 1.0.1e-2+deb7u12.
For the testing distribution (jessie), these problems will be fixed
soon.
For the unstable distribution (sid), these problems have been fixed in
version 1.0.1i-1.
We recommend that you upgrade your openssl packages.";
tag_summary = "Multiple vulnerabilities have been identified in OpenSSL, a Secure
Sockets Layer toolkit, that may result in denial of service
(application crash, large memory consumption), information leak,
protocol downgrade. Additionally, a buffer overrun affecting only
applications explicitly set up for SRP has been fixed (CVE-2014-3512
).
Detailed descriptions of the vulnerabilities can be found at:
www.openssl.org/news/secadv_20140806.txt
It's important that you upgrade the libssl1.0.0 package and not just
the openssl package.
All applications linked to openssl need to be restarted. You can use
the checkrestart
tool from the debian-goodies package to detect
affected programs. Alternatively, you may reboot your system.";
tag_vuldetect = "This check tests the installed software version using the apt package manager.";
if(description)
{
script_id(702998);
script_version("$Revision: 6663 $");
script_cve_id("CVE-2014-3505", "CVE-2014-3506", "CVE-2014-3507", "CVE-2014-3508", "CVE-2014-3509", "CVE-2014-3510", "CVE-2014-3511", "CVE-2014-3512", "CVE-2014-5139");
script_name("Debian Security Advisory DSA 2998-1 (openssl - security update)");
script_tag(name: "last_modification", value:"$Date: 2017-07-11 11:58:05 +0200 (Tue, 11 Jul 2017) $");
script_tag(name: "creation_date", value:"2014-08-07 00:00:00 +0200 (Thu, 07 Aug 2014)");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_xref(name: "URL", value: "http://www.debian.org/security/2014/dsa-2998.html");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages");
script_tag(name: "affected", value: tag_affected);
script_tag(name: "insight", value: tag_insight);
# script_tag(name: "impact", value: tag_impact);
script_tag(name: "solution", value: tag_solution);
script_tag(name: "summary", value: tag_summary);
script_tag(name: "vuldetect", value: tag_vuldetect);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
res = "";
report = "";
if ((res = isdpkgvuln(pkg:"libssl-dev", ver:"1.0.1e-2+deb7u12", rls:"DEB7.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"libssl-doc", ver:"1.0.1e-2+deb7u12", rls:"DEB7.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"libssl1.0.0", ver:"1.0.1e-2+deb7u12", rls:"DEB7.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"libssl1.0.0-dbg", ver:"1.0.1e-2+deb7u12", rls:"DEB7.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"openssl", ver:"1.0.1e-2+deb7u12", rls:"DEB7.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"libssl-dev", ver:"1.0.1e-2+deb7u12", rls:"DEB7.1")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"libssl-doc", ver:"1.0.1e-2+deb7u12", rls:"DEB7.1")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"libssl1.0.0", ver:"1.0.1e-2+deb7u12", rls:"DEB7.1")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"libssl1.0.0-dbg", ver:"1.0.1e-2+deb7u12", rls:"DEB7.1")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"openssl", ver:"1.0.1e-2+deb7u12", rls:"DEB7.1")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"libssl-dev", ver:"1.0.1e-2+deb7u12", rls:"DEB7.2")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"libssl-doc", ver:"1.0.1e-2+deb7u12", rls:"DEB7.2")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"libssl1.0.0", ver:"1.0.1e-2+deb7u12", rls:"DEB7.2")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"libssl1.0.0-dbg", ver:"1.0.1e-2+deb7u12", rls:"DEB7.2")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"openssl", ver:"1.0.1e-2+deb7u12", rls:"DEB7.2")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"libssl-dev", ver:"1.0.1e-2+deb7u12", rls:"DEB7.3")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"libssl-doc", ver:"1.0.1e-2+deb7u12", rls:"DEB7.3")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"libssl1.0.0", ver:"1.0.1e-2+deb7u12", rls:"DEB7.3")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"libssl1.0.0-dbg", ver:"1.0.1e-2+deb7u12", rls:"DEB7.3")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"openssl", ver:"1.0.1e-2+deb7u12", rls:"DEB7.3")) != NULL) {
report += res;
}
if (report != "") {
security_message(data:report);
} else if (__pkg_match) {
exit(99); # Not vulnerable.
}
{"bulletinFamily": "scanner", "viewCount": 0, "naslFamily": "Debian Local Security Checks", "reporter": "Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net", "references": ["http://www.debian.org/security/2014/dsa-2998.html"], "description": "Multiple vulnerabilities have been identified in OpenSSL, a Secure\nSockets Layer toolkit, that may result in denial of service\n(application crash, large memory consumption), information leak,\nprotocol downgrade. Additionally, a buffer overrun affecting only\napplications explicitly set up for SRP has been fixed (CVE-2014-3512 \n).\n\nDetailed descriptions of the vulnerabilities can be found at:\nwww.openssl.org/news/secadv_20140806.txt \nIt's important that you upgrade the libssl1.0.0 package and not just\nthe openssl package.\n\nAll applications linked to openssl need to be restarted. You can use\nthe checkrestart \ntool from the debian-goodies package to detect\naffected programs. Alternatively, you may reboot your system.", "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "b739687c325e36320fd07bc7b7748ff1"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "f061789f3a0ca33ef3b184dcd5395639"}, {"key": "href", "hash": "bb25d95685145ceda2f8a93e9ebfef86"}, {"key": "modified", "hash": "bf6febede5ca68e35fdf4a0f47b4ef18"}, {"key": "naslFamily", "hash": "74562d71b087df9eabd0c21f99b132cc"}, {"key": "pluginID", "hash": "8986514facb49ac28ed8623039a71bba"}, {"key": "published", "hash": "1a7aff2809a1b96171d4a229d30c1dcc"}, {"key": "references", "hash": "ae4bff63a0ffe19e3c71594d95db5fe7"}, {"key": "reporter", "hash": "d360c61f7849405ebf50eccc7225e087"}, {"key": "sourceData", "hash": "a7293841f69d80c7922596818f7f5b8e"}, {"key": "title", "hash": "dc466afd613920b4baca03b0e9b88eed"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "href": "http://plugins.openvas.org/nasl.php?oid=702998", "modified": "2017-07-11T00:00:00", "objectVersion": "1.3", "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "f5", "idList": ["F5:K15573", "SOL15573", "F5:K15567", "F5:K15565", "F5:K15571", "F5:K15541", "F5:K15568", "SOL15567", "SOL15565", "F5:K15564"]}, {"type": "slackware", "idList": ["SSA-2014-220-01"]}, {"type": "kaspersky", "idList": ["KLA10343"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13908"]}, {"type": "freebsd", "idList": ["8AFF07EB-1DBD-11E4-B6BA-3C970E169BC2"]}, {"type": "nessus", "idList": ["UBUNTU_USN-2308-1.NASL", "PFSENSE_SA-14_14.NASL", "ALA_ALAS-2014-391.NASL", "OPENSSL_1_0_1I.NASL", "DEBIAN_DSA-2998.NASL", "AIX_OPENSSL_ADVISORY10.NASL", "STUNNEL_5_03.NASL", "SLACKWARE_SSA_2014-220-01.NASL", "FREEBSD_PKG_8AFF07EB1DBD11E4B6BA3C970E169BC2.NASL", "WINSCP_5_5_5.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2998-1:7D1C0", "DEBIAN:DLA-33-1:85002"]}, {"type": "aix", "idList": ["OPENSSL_ADVISORY10.ASC"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20141008-OPENSSL"]}, {"type": "ubuntu", "idList": ["USN-2308-1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310841924", "OPENVAS:1361412562310702998", "OPENVAS:1361412562310120249", "OPENVAS:1361412562310123331", "OPENVAS:1361412562310882005", "OPENVAS:1361412562310881988", "OPENVAS:1361412562310871227", "OPENVAS:1361412562310121325", "OPENVAS:1361412562310871226", "OPENVAS:1361412562310123332"]}, {"type": "amazon", "idList": ["ALAS-2014-391"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-1052", "ELSA-2014-1053", "ELSA-2014-1652"]}, {"type": "centos", "idList": ["CESA-2014:1052", "CESA-2014:1053"]}, {"type": "redhat", "idList": ["RHSA-2014:1054", "RHSA-2014:1052", "RHSA-2014:1053"]}, {"type": "cve", "idList": ["CVE-2014-5139", "CVE-2014-3512", "CVE-2014-3505", "CVE-2014-3507", "CVE-2014-3508", "CVE-2014-3506", "CVE-2014-3510", "CVE-2014-3511", "CVE-2014-3509"]}, {"type": "gentoo", "idList": ["GLSA-201412-39"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2014-5139", "OPENSSL:CVE-2014-3507", "OPENSSL:CVE-2014-3512", "OPENSSL:CVE-2014-3505", "OPENSSL:CVE-2014-3506", "OPENSSL:CVE-2014-3510", "OPENSSL:CVE-2014-3509", "OPENSSL:CVE-2014-3508", "OPENSSL:CVE-2014-3511"]}], "modified": "2017-07-26T08:48:19"}, "vulnersScore": 5.0}, "id": "OPENVAS:702998", "title": "Debian Security Advisory DSA 2998-1 (openssl - security update)", "hash": "fa0c7a1eeeca3261a4e43ef0ad5217ec2c85a5388379c977a664adfbea65fc8b", "edition": 3, "published": "2014-08-07T00:00:00", "type": "openvas", "history": [{"lastseen": "2017-07-24T12:48:14", "bulletin": {"hash": "a099bebfc11a76c638fd959b946ed3260d0830c5e7fa95272749f193e94e1db5", "viewCount": 0, "reporter": "Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net", "references": ["http://www.debian.org/security/2014/dsa-2998.html"], "description": "Multiple vulnerabilities have been identified in OpenSSL, a Secure\nSockets Layer toolkit, that may result in denial of service\n(application crash, large memory consumption), information leak,\nprotocol downgrade. Additionally, a buffer overrun affecting only\napplications explicitly set up for SRP has been fixed (CVE-2014-3512 \n).\n\nDetailed descriptions of the vulnerabilities can be found at:\nwww.openssl.org/news/secadv_20140806.txt \nIt's important that you upgrade the libssl1.0.0 package and not just\nthe openssl package.\n\nAll applications linked to openssl need to be restarted. You can use\nthe checkrestart \ntool from the debian-goodies package to detect\naffected programs. Alternatively, you may reboot your system.", "hashmap": [{"key": "sourceData", "hash": "b9fe5d6dbaa2f905089afdfdc9cc34bd"}, {"key": "href", "hash": "bb25d95685145ceda2f8a93e9ebfef86"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "published", "hash": "1a7aff2809a1b96171d4a229d30c1dcc"}, {"key": "description", "hash": "f061789f3a0ca33ef3b184dcd5395639"}, {"key": "title", "hash": "dc466afd613920b4baca03b0e9b88eed"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}, {"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "modified", "hash": "d89cc672a6266551218ef8145d1f22e2"}, {"key": "references", "hash": "ae4bff63a0ffe19e3c71594d95db5fe7"}, {"key": "reporter", "hash": "d360c61f7849405ebf50eccc7225e087"}, {"key": "cvelist", "hash": "b739687c325e36320fd07bc7b7748ff1"}, {"key": "naslFamily", "hash": "74562d71b087df9eabd0c21f99b132cc"}, {"key": "pluginID", "hash": "8986514facb49ac28ed8623039a71bba"}], "naslFamily": "Debian Local Security Checks", "modified": "2017-07-07T00:00:00", "objectVersion": "1.3", "href": "http://plugins.openvas.org/nasl.php?oid=702998", "published": "2014-08-07T00:00:00", "enchantments": {}, "id": "OPENVAS:702998", "title": "Debian Security Advisory DSA 2998-1 (openssl - security update)", "bulletinFamily": "scanner", "edition": 2, "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2998.nasl 6610 2017-07-07 12:06:40Z cfischer $\n# Auto-generated from advisory DSA 2998-1 using nvtgen 1.0\n# Script version: 1.1\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"openssl on Debian Linux\";\ntag_insight = \"This package contains the openssl binary and related tools.\";\ntag_solution = \"For the stable distribution (wheezy), these problems have been fixed in\nversion 1.0.1e-2+deb7u12.\n\nFor the testing distribution (jessie), these problems will be fixed\nsoon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.1i-1.\n\nWe recommend that you upgrade your openssl packages.\";\ntag_summary = \"Multiple vulnerabilities have been identified in OpenSSL, a Secure\nSockets Layer toolkit, that may result in denial of service\n(application crash, large memory consumption), information leak,\nprotocol downgrade. Additionally, a buffer overrun affecting only\napplications explicitly set up for SRP has been fixed (CVE-2014-3512 \n).\n\nDetailed descriptions of the vulnerabilities can be found at:\nwww.openssl.org/news/secadv_20140806.txt \nIt's important that you upgrade the libssl1.0.0 package and not just\nthe openssl package.\n\nAll applications linked to openssl need to be restarted. You can use\nthe checkrestart \ntool from the debian-goodies package to detect\naffected programs. Alternatively, you may reboot your system.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(702998);\n script_version(\"$Revision: 6610 $\");\n script_cve_id(\"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3508\", \"CVE-2014-3509\", \"CVE-2014-3510\", \"CVE-2014-3511\", \"CVE-2014-3512\", \"CVE-2014-5139\");\n script_name(\"Debian Security Advisory DSA 2998-1 (openssl - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-07 14:06:40 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-08-07 00:00:00 +0200 (Thu, 07 Aug 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2998.html\");\n\n script_summary(\"Debian Security Advisory DSA 2998-1 (openssl - security update)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "type": "openvas", "history": [], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "cvelist": ["CVE-2014-3505", "CVE-2014-3508", "CVE-2014-3507", "CVE-2014-3511", "CVE-2014-3506", "CVE-2014-3512", "CVE-2014-3510", "CVE-2014-3509", "CVE-2014-5139"], "lastseen": "2017-07-24T12:48:14", "pluginID": "702998"}, "differentElements": ["modified", "sourceData"], "edition": 2}, {"lastseen": "2017-07-02T21:09:15", "bulletin": {"hash": "0cbfdff88d65ed338788e189cc3501beda44048f78baecc54b41bb5d85d63483", "viewCount": 0, "reporter": "Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net", "references": ["http://www.debian.org/security/2014/dsa-2998.html"], "description": "Multiple vulnerabilities have been identified in OpenSSL, a Secure\nSockets Layer toolkit, that may result in denial of service\n(application crash, large memory consumption), information leak,\nprotocol downgrade. Additionally, a buffer overrun affecting only\napplications explicitly set up for SRP has been fixed (CVE-2014-3512 \n).\n\nDetailed descriptions of the vulnerabilities can be found at:\nwww.openssl.org/news/secadv_20140806.txt \nIt's important that you upgrade the libssl1.0.0 package and not just\nthe openssl package.\n\nAll applications linked to openssl need to be restarted. You can use\nthe checkrestart \ntool from the debian-goodies package to detect\naffected programs. Alternatively, you may reboot your system.", "hashmap": [{"key": "href", "hash": "bb25d95685145ceda2f8a93e9ebfef86"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "published", "hash": "1a7aff2809a1b96171d4a229d30c1dcc"}, {"key": "description", "hash": "f061789f3a0ca33ef3b184dcd5395639"}, {"key": "title", "hash": "dc466afd613920b4baca03b0e9b88eed"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}, {"key": "modified", "hash": "8a8dd8f3315ed34b241fe19dba85c623"}, {"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "sourceData", "hash": "989fb9b821a0fff526f6d860035e4efd"}, {"key": "references", "hash": "ae4bff63a0ffe19e3c71594d95db5fe7"}, {"key": "reporter", "hash": "d360c61f7849405ebf50eccc7225e087"}, {"key": "cvelist", "hash": "b739687c325e36320fd07bc7b7748ff1"}, {"key": "naslFamily", "hash": "74562d71b087df9eabd0c21f99b132cc"}, {"key": "pluginID", "hash": "8986514facb49ac28ed8623039a71bba"}], "naslFamily": "Debian Local Security Checks", "modified": "2016-03-03T00:00:00", "objectVersion": "1.3", "href": "http://plugins.openvas.org/nasl.php?oid=702998", "published": "2014-08-07T00:00:00", "enchantments": {}, "id": "OPENVAS:702998", "title": "Debian Security Advisory DSA 2998-1 (openssl - security update)", "bulletinFamily": "scanner", "edition": 1, "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2998.nasl 2767 2016-03-03 09:38:42Z benallard $\n# Auto-generated from advisory DSA 2998-1 using nvtgen 1.0\n# Script version: 1.1\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"openssl on Debian Linux\";\ntag_insight = \"This package contains the openssl binary and related tools.\";\ntag_solution = \"For the stable distribution (wheezy), these problems have been fixed in\nversion 1.0.1e-2+deb7u12.\n\nFor the testing distribution (jessie), these problems will be fixed\nsoon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.1i-1.\n\nWe recommend that you upgrade your openssl packages.\";\ntag_summary = \"Multiple vulnerabilities have been identified in OpenSSL, a Secure\nSockets Layer toolkit, that may result in denial of service\n(application crash, large memory consumption), information leak,\nprotocol downgrade. Additionally, a buffer overrun affecting only\napplications explicitly set up for SRP has been fixed (CVE-2014-3512 \n).\n\nDetailed descriptions of the vulnerabilities can be found at:\nwww.openssl.org/news/secadv_20140806.txt \nIt's important that you upgrade the libssl1.0.0 package and not just\nthe openssl package.\n\nAll applications linked to openssl need to be restarted. You can use\nthe checkrestart \ntool from the debian-goodies package to detect\naffected programs. Alternatively, you may reboot your system.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(702998);\n script_version(\"$Revision: 2767 $\");\n script_cve_id(\"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3508\", \"CVE-2014-3509\", \"CVE-2014-3510\", \"CVE-2014-3511\", \"CVE-2014-3512\", \"CVE-2014-5139\");\n script_name(\"Debian Security Advisory DSA 2998-1 (openssl - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2016-03-03 10:38:42 +0100 (Thu, 03 Mar 2016) $\");\n script_tag(name: \"creation_date\", value:\"2014-08-07 00:00:00 +0200 (Thu, 07 Aug 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2998.html\");\n\n script_summary(\"Debian Security Advisory DSA 2998-1 (openssl - security update)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"HostDetails/OS/cpe:/o:debian:debian_linux\", \"login/SSH/success\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "type": "openvas", "history": [], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "cvelist": ["CVE-2014-3505", "CVE-2014-3508", "CVE-2014-3507", "CVE-2014-3511", "CVE-2014-3506", "CVE-2014-3512", "CVE-2014-3510", "CVE-2014-3509", "CVE-2014-5139"], "lastseen": "2017-07-02T21:09:15", "pluginID": "702998"}, "differentElements": ["modified", "sourceData"], "edition": 1}], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "cvelist": ["CVE-2014-3505", "CVE-2014-3508", "CVE-2014-3507", "CVE-2014-3511", "CVE-2014-3506", "CVE-2014-3512", "CVE-2014-3510", "CVE-2014-3509", "CVE-2014-5139"], "lastseen": "2017-07-26T08:48:19", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2998.nasl 6663 2017-07-11 09:58:05Z teissa $\n# Auto-generated from advisory DSA 2998-1 using nvtgen 1.0\n# Script version: 1.1\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"openssl on Debian Linux\";\ntag_insight = \"This package contains the openssl binary and related tools.\";\ntag_solution = \"For the stable distribution (wheezy), these problems have been fixed in\nversion 1.0.1e-2+deb7u12.\n\nFor the testing distribution (jessie), these problems will be fixed\nsoon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.1i-1.\n\nWe recommend that you upgrade your openssl packages.\";\ntag_summary = \"Multiple vulnerabilities have been identified in OpenSSL, a Secure\nSockets Layer toolkit, that may result in denial of service\n(application crash, large memory consumption), information leak,\nprotocol downgrade. Additionally, a buffer overrun affecting only\napplications explicitly set up for SRP has been fixed (CVE-2014-3512 \n).\n\nDetailed descriptions of the vulnerabilities can be found at:\nwww.openssl.org/news/secadv_20140806.txt \nIt's important that you upgrade the libssl1.0.0 package and not just\nthe openssl package.\n\nAll applications linked to openssl need to be restarted. You can use\nthe checkrestart \ntool from the debian-goodies package to detect\naffected programs. Alternatively, you may reboot your system.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(702998);\n script_version(\"$Revision: 6663 $\");\n script_cve_id(\"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3508\", \"CVE-2014-3509\", \"CVE-2014-3510\", \"CVE-2014-3511\", \"CVE-2014-3512\", \"CVE-2014-5139\");\n script_name(\"Debian Security Advisory DSA 2998-1 (openssl - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-11 11:58:05 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-08-07 00:00:00 +0200 (Thu, 07 Aug 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2998.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "pluginID": "702998"}
{"f5": [{"lastseen": "2017-10-12T02:11:04", "bulletinFamily": "software", "description": " \n\n\n * [CVE-2014-3505](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505>) \n \nDouble free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition.\n * [CVE-2014-3506](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506>) \n \nd1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values.\n * [CVE-2014-3507](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507>) \n \nMemory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of the return value of a certain insert function.\n\nImpact \n\n\nRemote attackers may be able to cause a denial-of-service (DoS) via crafted Datagram Transport Layer Security (DTLS) packets.\n\nIf the previous table lists a version in the** Versions known to be not vulnerable column**, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists. \n \nF5 is responding to this vulnerability as determined by the parameters defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>). \n\n\nTo mitigate this vulnerability, you can perform the following tasks: \n\n\n * Verify that DTLS virtual servers referencing SSL profiles do not permit COMPAT SSL ciphers.\n * If you are using secure-mode for failover (**tmsh list /sys db failover.secure**), verify that the failover traffic is only allowed on an isolated Virtual Local Area Network (VLAN). \n\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "modified": "2016-01-09T02:20:00", "published": "2014-09-06T01:04:00", "href": "https://support.f5.com/csp/article/K15573", "id": "F5:K15573", "type": "f5", "title": "OpenSSL DTLS vulnerabilities CVE-2014-3505, CVE-2014-3506, and CVE-2014-3507", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:23:01", "bulletinFamily": "software", "description": "1 If you are planning to upgrade to BIG-IP APM 11.5.1 HF6 to mitigate this issue, you should instead upgrade to 11.5.1 HF7 to avoid an issue specific to BIG-IP APM. For more information, refer to SOL15914: The tmm process may restart and produce a core file after BIG-IP APM systems are upgraded. \n\n\n2 The SOD process is only vulnerable if the** failover.secure **db variable is enabled; the db variable is disabled by default.\n\nRecommended Action\n\nIf the previous table lists a version in the** Versions known to be not vulnerable column**, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists. \n \nF5 is responding to this vulnerability as determined by the parameters defined in SOL4602: Overview of the F5 security vulnerability response policy. \n\n\nTo mitigate this vulnerability, you can perform the following tasks: \n\n\n * Verify that DTLS virtual servers referencing SSL profiles do not permit COMPAT SSL ciphers.\n * If you are using secure-mode for failover (**tmsh list /sys db failover.secure**), verify that the failover traffic is only allowed on an isolated Virtual Local Area Network (VLAN). \n\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2015-09-15T00:00:00", "published": "2014-09-05T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html", "id": "SOL15573", "title": "SOL15573 - OpenSSL DTLS vulnerabilities CVE-2014-3505, CVE-2014-3506, and CVE-2014-3507", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-10-12T02:11:05", "bulletinFamily": "software", "description": " \n\n\nMultiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid SRP (1) g, (2) A, or (3) B parameter. ([CVE-2014-3512](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3512>)) \n\n\nImpact \n\n\nA malicious client or server may be able to overrun an internal buffer by sending invalid Secure Remote Password (SRP) parameters. Only applications which are explicitly set up for SRP use are affected.\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability on LineRate, do not enable SRP. SRP is not enabled, by default. \n\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "modified": "2016-01-09T02:21:00", "published": "2014-09-05T04:24:00", "href": "https://support.f5.com/csp/article/K15565", "id": "F5:K15565", "title": "OpenSSL vulnerability CVE-2014-3512", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-12T02:11:23", "bulletinFamily": "software", "description": " \n\n\nThe ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client. ([CVE-2014-5139](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5139>)) \n\n\nImpact \n\n\nAn attacker may be able to cause a denial-of-service (DoS) attack by specifying a Secure Remote Password (SRP) ciphersuite, even if it was not properly negotiated with the client. \n\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability on LineRate systems, do not enable SRP. SRP is not enabled by default.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents.](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "modified": "2016-01-09T02:20:00", "published": "2014-09-06T01:36:00", "id": "F5:K15567", "href": "https://support.f5.com/csp/article/K15567", "title": "OpenSSL vulnerability CVE-2014-5139", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-10-12T02:11:19", "bulletinFamily": "software", "description": "Description \n\n\nThe OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\\0' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions. ([CVE-2014-3508](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508>)) \n\n\nImpact \n\n\nApplications may be affected if they use pretty printing to echo output to the attacker. OpenSSL SSL/TLS clients and servers themselves are not affected. \n\n\nStatus\n\nF5 Product Development has assigned ID 474757 (LineRate) and ID 410742 (ARX) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM | None \n| 11.0.0 - 11.6.0 \n10.0.0 - 10.2.4 \n| None \nBIG-IP AAM | None | 11.4.0 - 11.6.0 | None \nBIG-IP AFM | None | 11.3.0 - 11.6.0 | None \nBIG-IP Analytics | None | 11.0.0 - 11.6.0 | None \nBIG-IP APM | None | 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 | None \nBIG-IP ASM | None | 11.0.0 - 11.6.0 \n10.0.0 - 10.2.4 | None \nBIG-IP Edge Gateway \n| None | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | None \nBIG-IP GTM | None | 11.0.0 - 11.6.0 \n10.0.0 - 10.2.4 | None \nBIG-IP Link Controller | None \n| 11.0.0 - 11.6.0 \n10.0.0 - 10.2.4 \n| None \nBIG-IP PEM | None \n| 11.3.0 - 11.6.0 \n| None \nBIG-IP PSM | None | 11.0.0 - 11.4.1 \n10.0.0 - 10.2.4 | None \nBIG-IP WebAccelerator | None | 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4 | None \nBIG-IP WOM | None | 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4 | None \nARX | 6.0.0 - 6.4.0 | None \n| Configuration utility \n \nEnterprise Manager | None | 3.0.0 - 3.1.1 \n2.1.0 - 2.3.0 | None \nFirePass | None | 7.0.0 \n6.0.0 - 6.1.0 | None \nBIG-IQ Cloud | None \n| 4.0.0 - 4.5.0 \n| None \nBIG-IQ Device | None \n| 4.2.0 - 4.5.0 \n| None \nBIG-IQ Security | None \n| 4.0.0 - 4.5.0 \n| None \nBIG-IQ ADC | None | 4.5.0 | None \nLineRate | 2.4.0 \n2.3.0 - 2.3.1 \n2.2.0 - 2.2.4 | 2.4.1 \n2.3.2 \n2.2.5 | Command-line interface \nBIG-IP Edge Clients for Android | None \n| 2.0.0 - 2.0.5 | None \n \nBIG-IP Edge Clients for Apple iOS | None \n| 2.0.0 - 2.0.2 \n1.0.5 - 1.0.6 | None \nBIG-IP Edge Clients for Linux | None \n| 6035.* - 7110.* | None \n \nBIG-IP Edge Clients for MAC OS X | None \n| 6035.* - 7110.* \n| None \nBIG-IP Edge Clients for Windows | None | 6035.* - 7110.* \n| None \n \nBIG-IP Edge Portal for Android | None | 1.0.0 - 1.0.2 | None \nBIG-IP Edge Portal for Apple iOS | None | 1.0.0 - 1.0.3 | None \n \nRecommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 is responding to this vulnerability as determined by the parameters defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nSupplemental Information\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)[](<https://support.f5.com/csp/article/K4918>)\n", "modified": "2016-01-09T02:20:00", "published": "2014-09-06T02:46:00", "href": "https://support.f5.com/csp/article/K15571", "id": "F5:K15571", "title": "OpenSSL vulnerability CVE-2014-3508", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-10-12T02:11:21", "bulletinFamily": "software", "description": " \n\n\nRace condition in the ssl_parse_serverhello_tlsext function in t1_lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL servers to cause a denial of service (memory overwrite and client application crash) or possibly have unspecified other impact by sending Elliptic Curve (EC) Supported Point Formats Extension data. ([CVE-2014-3509](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3509>)) \n\n\nImpact \n\n\nNone. F5 products are not affected by this vulnerability.\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "modified": "2016-01-09T02:20:00", "published": "2014-09-05T23:03:00", "id": "F5:K15541", "href": "https://support.f5.com/csp/article/K15541", "title": "OpenSSL vulnerability CVE-2014-3509", "type": "f5", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-12T02:11:17", "bulletinFamily": "software", "description": " \n\n\nThe ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake message in conjunction with a (1) anonymous DH or (2) anonymous ECDH ciphersuite. ([CVE-2014-3510](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510>))\n\nImpact \n\n\nA malicious server may be able to cause a denial-of-service (DoS) to clients using anonymous Diffie-Hellman (DH) ciphersuites via crafted packets.\n\nYou can eliminate this vulnerability by running a version listed in the **Versions known to be not vulnerable** column in the previous table. If the **Versions known to be not vulnerable** column does not list a version that is later than the version you are running, then no upgrade candidate currently exists.\n\nFor BIG-IP Edge Clients, there is no workaround. To mitigate this vulnerability for all other affected products, perform the following task:\n\n * Verify that Datagram Transport Layer Security (DTLS) virtual servers referencing Secure Socket Layer (SSL) profiles do not permit COMPAT SSL ciphers. \n\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents.](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "modified": "2016-01-09T02:20:00", "published": "2014-09-06T01:19:00", "href": "https://support.f5.com/csp/article/K15568", "id": "F5:K15568", "type": "f5", "title": "OpenSSL vulnerability CVE-2014-3510", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-03-19T09:01:49", "bulletinFamily": "software", "description": "Recommended action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability on LineRate, do not enable SRP. SRP is not enabled, by default. \n\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2014-09-04T00:00:00", "published": "2014-09-04T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15565.html", "id": "SOL15565", "title": "SOL15565 - OpenSSL vulnerability CVE-2014-3512", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:23:25", "bulletinFamily": "software", "description": "Recommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability on LineRate systems, do not enable SRP. SRP is not enabled by default.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents.\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2014-09-05T00:00:00", "published": "2014-09-05T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15567.html", "id": "SOL15567", "title": "SOL15567 - OpenSSL vulnerability CVE-2014-5139", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-21T02:17:02", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned ID 474757 (BIG-IP and Enterprise Manager) and ID 477194 (BIG-IQ) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H477834 on the **Diagnostics **> **Identified **> **High **screen. \n\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM | 11.6.0 \n11.5.0, 11.5.1 \n \n| 12.0.0 \n11.6.0 HF4 \n11.5.2 \n11.5.1 HF6 \n11.0.0 - 11.4.1 \n10.0.0 - 10.2.4 \n| TLS1.1/1.2 with COMPAT ciphers \nConfiguration utility \niControl \n \nBIG-IP AAM | 11.6.0 \n11.5.0, 11.5.1 | 12.0.0 \n11.6.0 HF4 \n11.5.2 \n11.5.1 HF6 \n11.4.0 - 11.4.1 \n| TLS1.1/1.2 with COMPAT ciphers \nConfiguration utility \niControl \nBIG-IP AFM | 11.6.0 \n11.5.0, 11.5.1 | 12.0.0 \n11.6.0 HF4 \n11.5.2 \n11.5.1 HF6 \n11.3.0 - 11.4.1 \n| TLS1.1/1.2 with COMPAT ciphers \nConfiguration utility \niControl \nBIG-IP Analytics | 11.6.0 \n11.5.0, 11.5.1 | 12.0.0 \n11.6.0 HF4 \n11.5.2 \n11.5.1 HF6 \n11.0.0 - 11.4.1 \n| TLS1.1/1.2 with COMPAT ciphers \nConfiguration utility \niControl \nBIG-IP APM | 11.6.0 \n11.5.0, 11.5.1 | 12.0.0 \n11.6.0 HF4 \n11.5.2 \n11.5.1 HF6 1 \n11.0.0 - 11.4.1 \n10.1.0 - 10.2.4 \n| TLS1.1/1.2 with COMPAT ciphers \nConfiguration utility \niControl \nBIG-IP ASM | 11.6.0 \n11.5.0, 11.5.1 | 12.0.0 \n11.6.0 HF4 \n11.5.2 \n11.5.1 HF6 \n11.0.0 - 11.4.1 \n10.0.0 - 10.2.4 \n| TLS1.1/1.2 with COMPAT ciphers \nConfiguration utility \niControl \nBIG-IP DNS \n| None \n| 12.0.0 \n| None \n \nBIG-IP Edge Gateway \n| None | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 \n| None \nBIG-IP GTM | 11.6.0 \n11.5.0, 11.5.1 | 11.6.0 HF4 \n11.5.2 \n11.5.1 HF6 \n11.0.0 - 11.4.1 \n10.0.0 - 10.2.4 \n| Configuration utility \niControl \nBIG-IP Link Controller | 11.6.0 \n11.5.0, 11.5.1 | 12.0.0 \n11.6.0 HF4 \n11.5.2 \n11.5.1 HF6 \n11.0.0 - 11.4.1 \n10.0.0 - 10.2.4 \n| Configuration utility \niControl \nBIG-IP PEM | 11.6.0 \n11.5.0, 11.5.1 | 12.0.0 \n11.6.0 HF4 \n11.5.2 \n11.5.1 HF6 \n11.3.0 - 11.4.1 \n| TLS1.1/1.2 with COMPAT ciphers \nConfiguration utility \niControl \nBIG-IP PSM | None | 11.0.0 - 11.4.1 \n10.0.0 - 10.2.4 \n| None \nBIG-IP WebAccelerator | None | 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4 \n| None \nBIG-IP WOM | None | 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4 \n| None \nARX | None | 6.0.0 - 6.4.0 \n| None \nEnterprise Manager | None | 3.0.0 - 3.1.1 \n2.1.0 - 2.3.0 \n| None \nFirePass | None | 7.0.0 \n6.0.0 - 6.1.0 \n| None \nBIG-IQ Cloud | 4.4.0 \n| 4.5.0 \n4.0.0 - 4.3.0 \n| Configuration utility \niControl \nBIG-IQ Device | 4.4.0 \n| 4.5.0 \n4.2.0 - 4.3.0 \n| Configuration utility \niControl \nBIG-IQ Security | 4.4.0 \n| 4.5.0 \n4.0.0 - 4.3.0 \n| Configuration utility \niControl \nBIG-IQ ADC \n| None \n| 4.5.0 \n| None \n \n \n1 If you are planning to upgrade to BIG-IP APM 11.5.1 HF6 to mitigate this issue, you should instead upgrade to 11.5.1 HF7 to avoid an issue specific to BIG-IP APM. For more information, refer to [K15914: The tmm process may restart and produce a core file after BIG-IP APM systems are upgraded](<https://support.f5.com/csp/article/K15914>). \n\n**BIG-IP 11.x**\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability for virtual servers, you can disable all TLS1 protocols in the SSL profile. To do so, perform the following procedure:\n\n**Impact of procedure**: The following procedure should not have a negative impact on your system.\n\n 1. Log in to the Configuration utility as the administrative user.\n 2. For Server SSL profiles, navigate to **Local Traffic** > **Profiles** > **SSL** > **Server**. \n\nFor Client SSL profiles, navigate to **Local Traffic** >** Profiles** > **SSL** > **Client**.\n\n 3. Open the SSL Server profile you want to modify.\n 4. Under **Options List **in the** Available Ciphers**, highlight the **NoTLSv1 **option and click **Enable**.\n 5. To complete the change, click **Update**.\n 6. Repeat this procedure for all Server and Client SSL profiles.\n\nTo mitigate this vulnerability for the Configuration utility, you can disable all TLS1 protocols for** httpd**. To do so, perform the following procedure:\n\n**Impact of procedure:** Some browsers, such as Mozilla Firefox, may fail to connect to the Configuration utility with TLS1 ciphers disabled. \n\n 1. Log in to the Traffic Management Shell (**tmsh**) by typing the following command: \n\ntmsh\n\n 2. Before you change the SSL cipher string, you should review the existing string for your specific BIG-IP version. To list the currently configured cipher string, type the following command: \n\nlist /sys httpd ssl-ciphersuite\n\nFor example, the BIG-IP 11.5.1 system displays the following cipher string: \n\nALL:!ADH:!EXPORT:!eNULL:!MD5:!DES:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2\n\n 3. To restrict Configuration utility access from clients using TLS1, type the following command with the **!TLSv1 **cipher exclusion appended: \n\nmodify /sys httpd ssl-ciphersuite 'ALL:!ADH:!EXPORT:!eNULL:!MD5:!DES:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:!TLSv1'\n\n 4. Save the configuration change by typing the following command: \n\nsave /sys config\n\n 5. Restart the **httpd** process by typing the following command: \n\nrestart /sys service httpd\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 12.x)](<https://support.f5.com/csp/article/K13123>)\n", "modified": "2017-03-14T22:06:00", "published": "2014-09-06T02:34:00", "href": "https://support.f5.com/csp/article/K15564", "id": "F5:K15564", "title": "TLS vulnerability CVE-2014-3511", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "kaspersky": [{"lastseen": "2019-02-15T12:34:29", "bulletinFamily": "info", "description": "### *Detect date*:\n08/07/2014\n\n### *Severity*:\nCritical\n\n### *Description*:\nAn obsolete version of OpenSSL was found in Stunnel. By exploiting this vulnerability malicious users can cause denial of service, obtain sensitive information and bypass security. This vulnerability can be exploited remotely.\n\n### *Affected products*:\nStunnel versions 5.02 and earlier\n\n### *Solution*:\nUpdate to latest version\n\n### *Original advisories*:\n[Stunnel changelog](<https://www.stunnel.org/sdf_ChangeLog.html>) \n\n\n### *Impacts*:\nOSI \n\n### *Related products*:\n[Stunnel](<https://threats.kaspersky.com/en/product/Stunnel/>)\n\n### *CVE-IDS*:\n[CVE-2014-3508](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508>) \n[CVE-2014-3509](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509>) \n[CVE-2014-3511](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511>) \n[CVE-2014-5139](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5139>) \n[CVE-2014-3505](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505>) \n[CVE-2014-3506](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506>) \n[CVE-2014-3507](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507>) \n[CVE-2014-3510](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510>) \n[CVE-2014-3512](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3512>)", "modified": "2019-02-13T00:00:00", "published": "2014-08-07T00:00:00", "id": "KLA10343", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10343", "title": "\r KLA10343Multiple vulnerabilities in Stunnel ", "type": "kaspersky", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:56", "bulletinFamily": "software", "description": "DoS and protocol version downgrades in client and server code, memory corruptions and information leaks in client code.", "modified": "2014-08-07T00:00:00", "published": "2014-08-07T00:00:00", "id": "SECURITYVULNS:VULN:13908", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13908", "title": "OpenSSL multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2018-08-31T01:14:48", "bulletinFamily": "unix", "description": "\nThe OpenSSL Project reports:\n\nA flaw in OBJ_obj2txt may cause pretty printing functions\n\t such as X509_name_oneline, X509_name_print_ex et al. to leak\n\t some information from the stack. [CVE-2014-3508]\nThe issue affects OpenSSL clients and allows a malicious\n\t server to crash the client with a null pointer dereference\n\t (read) by specifying an SRP ciphersuite even though it was\n\t not properly negotiated with the client. [CVE-2014-5139]\nIf a multithreaded client connects to a malicious server\n\t using a resumed session and the server sends an ec point\n\t format extension it could write up to 255 bytes to freed\n\t memory. [CVE-2014-3509]\nAn attacker can force an error condition which causes\n\t openssl to crash whilst processing DTLS packets due to\n\t memory being freed twice. This can be exploited through\n\t a Denial of Service attack. [CVE-2014-3505]\nAn attacker can force openssl to consume large amounts\n\t of memory whilst processing DTLS handshake messages.\n\t This can be exploited through a Denial of Service\n\t attack. [CVE-2014-3506]\nBy sending carefully crafted DTLS packets an attacker\n\t could cause openssl to leak memory. This can be exploited\n\t through a Denial of Service attack. [CVE-2014-3507]\nOpenSSL DTLS clients enabling anonymous (EC)DH\n\t ciphersuites are subject to a denial of service attack.\n\t A malicious server can crash the client with a null pointer\n\t dereference (read) by specifying an anonymous (EC)DH\n\t ciphersuite and sending carefully crafted handshake\n\t messages. [CVE-2014-3510]\nA flaw in the OpenSSL SSL/TLS server code causes the\n\t server to negotiate TLS 1.0 instead of higher protocol\n\t versions when the ClientHello message is badly\n\t fragmented. This allows a man-in-the-middle attacker\n\t to force a downgrade to TLS 1.0 even if both the server\n\t and the client support a higher protocol version, by\n\t modifying the client's TLS records. [CVE-2014-3511]\nA malicious client or server can send invalid SRP\n\t parameters and overrun an internal buffer. Only\n\t applications which are explicitly set up for SRP\n\t use are affected. [CVE-2014-3512]\n\n", "modified": "2016-08-09T00:00:00", "published": "2014-08-06T00:00:00", "id": "8AFF07EB-1DBD-11E4-B6BA-3C970E169BC2", "href": "https://vuxml.freebsd.org/freebsd/8aff07eb-1dbd-11e4-b6ba-3c970e169bc2.html", "title": "OpenSSL -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "slackware": [{"lastseen": "2018-08-31T00:36:38", "bulletinFamily": "unix", "description": "New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\nand -current to fix security issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/openssl-1.0.1i-i486-1_slack14.1.txz: Upgraded.\n This update fixes several security issues:\n Double Free when processing DTLS packets (CVE-2014-3505)\n DTLS memory exhaustion (CVE-2014-3506)\n DTLS memory leak from zero-length fragments (CVE-2014-3507)\n Information leak in pretty printing functions (CVE-2014-3508)\n Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509)\n OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)\n OpenSSL TLS protocol downgrade attack (CVE-2014-3511)\n SRP buffer overrun (CVE-2014-3512)\n Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139)\n For more information, see:\n https://www.openssl.org/news/secadv_20140806.txt\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3512\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5139\n (* Security fix *)\npatches/packages/openssl-solibs-1.0.1i-i486-1_slack14.1.txz: Upgraded.\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zb-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zb-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zb-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1i-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1i-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1i-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1i-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1i-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1i-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1i-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1i-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 packages:\n30bdc015b10d8891b90d3f6ea34f5fdd openssl-0.9.8zb-i486-1_slack13.0.txz\n3dc4140c22c04c94e5e74386a5a1c200 openssl-solibs-0.9.8zb-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\n3da32f51273762d67bf9dbcc91af9413 openssl-0.9.8zb-x86_64-1_slack13.0.txz\n075e5d12e5b909ecac923cb210f83544 openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n3b7e2bb2b317bf72b8f9b2b7a14bddfb openssl-0.9.8zb-i486-1_slack13.1.txz\n92af0784eade0674332a56bfab73b97d openssl-solibs-0.9.8zb-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\ndf5f961109d7b50971660ca6a7d4c48c openssl-0.9.8zb-x86_64-1_slack13.1.txz\n582aaeae3d56730a2e1538a67d4e44da openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n546445d56d3b367fa0dd4e80859c4620 openssl-0.9.8zb-i486-1_slack13.37.txz\nb80e9df8cdd0649939ec2fab20d24691 openssl-solibs-0.9.8zb-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\n9c9ce97dc21340924a3e27c1a8047023 openssl-0.9.8zb-x86_64-1_slack13.37.txz\n0fe1931f2fc82fb8d5fbe72680caf843 openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\nd1580f4b22b99cee42b22276653c8180 openssl-1.0.1i-i486-1_slack14.0.txz\nec93cec2bcab8ae7391a504573cbc231 openssl-solibs-1.0.1i-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n329475de3759225b1d02aa7317b2eb58 openssl-1.0.1i-x86_64-1_slack14.0.txz\n25f2a198022d974534986a3913ca705c openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n8336457bc31d44ebf502ffc4443f12f7 openssl-1.0.1i-i486-1_slack14.1.txz\n4b99ac357fbd3065c53367eea246b8c7 openssl-solibs-1.0.1i-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\nf2b8f81d9d7dc02e5d1011f663ccc95d openssl-1.0.1i-x86_64-1_slack14.1.txz\n4360abffbb57cb18ba0720f782d78250 openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n49ecd332a899cf742d3467a6efe44269 a/openssl-solibs-1.0.1i-i486-1.txz\n27da017c49045981b1793f105aff365f n/openssl-1.0.1i-i486-1.txz\n\nSlackware x86_64 -current packages:\n8d74f3d770802182137c84d925f58cbc a/openssl-solibs-1.0.1i-x86_64-1.txz\nfd9d94d3210f0aedf74959cb0887e2b8 n/openssl-1.0.1i-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg openssl-1.0.1i-i486-1_slack14.1.txz openssl-solibs-1.0.1i-i486-1_slack14.1.txz", "modified": "2014-08-08T14:22:00", "published": "2014-08-08T14:22:00", "id": "SSA-2014-220-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.788587", "title": "openssl", "type": "slackware", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-01-16T20:19:31", "bulletinFamily": "scanner", "description": "Adam Langley and Wan-Teh Chang discovered that OpenSSL incorrectly\nhandled certain DTLS packets. A remote attacker could use this issue\nto cause OpenSSL to crash, resulting in a denial of service.\n(CVE-2014-3505)\n\nAdam Langley discovered that OpenSSL incorrectly handled memory when\nprocessing DTLS handshake messages. A remote attacker could use this\nissue to cause OpenSSL to consume memory, resulting in a denial of\nservice. (CVE-2014-3506)\n\nAdam Langley discovered that OpenSSL incorrectly handled memory when\nprocessing DTLS fragments. A remote attacker could use this issue to\ncause OpenSSL to leak memory, resulting in a denial of service. This\nissue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.\n(CVE-2014-3507)\n\nIvan Fratric discovered that OpenSSL incorrectly leaked information in\nthe pretty printing functions. When OpenSSL is used with certain\napplications, an attacker may use this issue to possibly gain access\nto sensitive information. (CVE-2014-3508)\n\nGabor Tyukasz discovered that OpenSSL contained a race condition when\nprocessing serverhello messages. A malicious server could use this\nissue to cause clients to crash, resulting in a denial of service.\nThis issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.\n(CVE-2014-3509)\n\nFelix Grobert discovered that OpenSSL incorrectly handled certain\nDTLS handshake messages. A malicious server could use this issue to\ncause clients to crash, resulting in a denial of service.\n(CVE-2014-3510)\n\nDavid Benjamin and Adam Langley discovered that OpenSSL incorrectly\nhandled fragmented ClientHello messages. If a remote attacker were\nable to perform a man-in-the-middle attack, this flaw could be used to\nforce a protocol downgrade to TLS 1.0. This issue only affected Ubuntu\n12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3511)\n\nSean Devlin and Watson Ladd discovered that OpenSSL incorrectly\nhandled certain SRP parameters. A remote attacker could use this with\napplications that use SRP to cause a denial of service, or possibly\nexecute arbitrary code. This issue only affected Ubuntu 12.04 LTS and\nUbuntu 14.04 LTS. (CVE-2014-3512)\n\nJoonas Kuorilehto and Riku Hietamaki discovered that OpenSSL\nincorrectly handled certain Server Hello messages that specify an SRP\nciphersuite. A malicious server could use this issue to cause clients\nto crash, resulting in a denial of service. This issue only affected\nUbuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-5139).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2018-12-01T00:00:00", "published": "2014-08-08T00:00:00", "id": "UBUNTU_USN-2308-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=77085", "title": "Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS : openssl vulnerabilities (USN-2308-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2308-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77085);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/12/01 15:12:39\");\n\n script_cve_id(\"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3508\", \"CVE-2014-3509\", \"CVE-2014-3510\", \"CVE-2014-3511\", \"CVE-2014-3512\", \"CVE-2014-5139\");\n script_bugtraq_id(69075, 69076, 69077, 69078, 69079, 69081, 69082, 69083, 69084);\n script_xref(name:\"USN\", value:\"2308-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS : openssl vulnerabilities (USN-2308-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Adam Langley and Wan-Teh Chang discovered that OpenSSL incorrectly\nhandled certain DTLS packets. A remote attacker could use this issue\nto cause OpenSSL to crash, resulting in a denial of service.\n(CVE-2014-3505)\n\nAdam Langley discovered that OpenSSL incorrectly handled memory when\nprocessing DTLS handshake messages. A remote attacker could use this\nissue to cause OpenSSL to consume memory, resulting in a denial of\nservice. (CVE-2014-3506)\n\nAdam Langley discovered that OpenSSL incorrectly handled memory when\nprocessing DTLS fragments. A remote attacker could use this issue to\ncause OpenSSL to leak memory, resulting in a denial of service. This\nissue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.\n(CVE-2014-3507)\n\nIvan Fratric discovered that OpenSSL incorrectly leaked information in\nthe pretty printing functions. When OpenSSL is used with certain\napplications, an attacker may use this issue to possibly gain access\nto sensitive information. (CVE-2014-3508)\n\nGabor Tyukasz discovered that OpenSSL contained a race condition when\nprocessing serverhello messages. A malicious server could use this\nissue to cause clients to crash, resulting in a denial of service.\nThis issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.\n(CVE-2014-3509)\n\nFelix Grobert discovered that OpenSSL incorrectly handled certain\nDTLS handshake messages. A malicious server could use this issue to\ncause clients to crash, resulting in a denial of service.\n(CVE-2014-3510)\n\nDavid Benjamin and Adam Langley discovered that OpenSSL incorrectly\nhandled fragmented ClientHello messages. If a remote attacker were\nable to perform a man-in-the-middle attack, this flaw could be used to\nforce a protocol downgrade to TLS 1.0. This issue only affected Ubuntu\n12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3511)\n\nSean Devlin and Watson Ladd discovered that OpenSSL incorrectly\nhandled certain SRP parameters. A remote attacker could use this with\napplications that use SRP to cause a denial of service, or possibly\nexecute arbitrary code. This issue only affected Ubuntu 12.04 LTS and\nUbuntu 14.04 LTS. (CVE-2014-3512)\n\nJoonas Kuorilehto and Riku Hietamaki discovered that OpenSSL\nincorrectly handled certain Server Hello messages that specify an SRP\nciphersuite. A malicious server could use this issue to cause clients\nto crash, resulting in a denial of service. This issue only affected\nUbuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-5139).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2308-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libssl0.9.8 and / or libssl1.0.0 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(10\\.04|12\\.04|14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 12.04 / 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libssl0.9.8\", pkgver:\"0.9.8k-7ubuntu8.20\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.1-4ubuntu5.17\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.1f-1ubuntu2.5\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libssl0.9.8 / libssl1.0.0\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:19:30", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities have been identified in OpenSSL, a Secure\nSockets Layer toolkit, that may result in denial of service\n(application crash, large memory consumption), information leak,\nprotocol downgrade. Additionally, a buffer overrun affecting only\napplications explicitly set up for SRP has been fixed (CVE-2014-3512\n).\n\nDetailed descriptions of the vulnerabilities can be found at:\nwww.openssl.org/news/secadv/20140806.txt\n\nIt's important that you upgrade the libssl1.0.0 package and not just\nthe openssl package.\n\nAll applications linked to openssl need to be restarted. You can use\nthe 'checkrestart' tool from the debian-goodies package to detect\naffected programs. Alternatively, you may reboot your system.", "modified": "2018-11-10T00:00:00", "published": "2014-08-07T00:00:00", "id": "DEBIAN_DSA-2998.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=77035", "title": "Debian DSA-2998-1 : openssl - security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2998. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77035);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/11/10 11:49:36\");\n\n script_cve_id(\"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3508\", \"CVE-2014-3509\", \"CVE-2014-3510\", \"CVE-2014-3511\", \"CVE-2014-3512\", \"CVE-2014-5139\");\n script_bugtraq_id(69075, 69076, 69077, 69078, 69079, 69081, 69082, 69083, 69084);\n script_xref(name:\"DSA\", value:\"2998\");\n\n script_name(english:\"Debian DSA-2998-1 : openssl - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities have been identified in OpenSSL, a Secure\nSockets Layer toolkit, that may result in denial of service\n(application crash, large memory consumption), information leak,\nprotocol downgrade. Additionally, a buffer overrun affecting only\napplications explicitly set up for SRP has been fixed (CVE-2014-3512\n).\n\nDetailed descriptions of the vulnerabilities can be found at:\nwww.openssl.org/news/secadv/20140806.txt\n\nIt's important that you upgrade the libssl1.0.0 package and not just\nthe openssl package.\n\nAll applications linked to openssl need to be restarted. You can use\nthe 'checkrestart' tool from the debian-goodies package to detect\naffected programs. Alternatively, you may reboot your system.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-3512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20140806.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/openssl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-2998\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the openssl packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 1.0.1e-2+deb7u12.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libssl-dev\", reference:\"1.0.1e-2+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libssl-doc\", reference:\"1.0.1e-2+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libssl1.0.0\", reference:\"1.0.1e-2+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libssl1.0.0-dbg\", reference:\"1.0.1e-2+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openssl\", reference:\"1.0.1e-2+deb7u12\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:19:31", "bulletinFamily": "scanner", "description": "The OpenSSL Project reports :\n\nA flaw in OBJ_obj2txt may cause pretty printing functions such as\nX509_name_oneline, X509_name_print_ex et al. to leak some information\nfrom the stack. [CVE-2014-3508]\n\nThe issue affects OpenSSL clients and allows a malicious server to\ncrash the client with a NULL pointer dereference (read) by specifying\nan SRP ciphersuite even though it was not properly negotiated with the\nclient. [CVE-2014-5139]\n\nIf a multithreaded client connects to a malicious server using a\nresumed session and the server sends an ec point format extension it\ncould write up to 255 bytes to freed memory. [CVE-2014-3509]\n\nAn attacker can force an error condition which causes openssl to crash\nwhilst processing DTLS packets due to memory being freed twice. This\ncan be exploited through a Denial of Service attack. [CVE-2014-3505]\n\nAn attacker can force openssl to consume large amounts of memory\nwhilst processing DTLS handshake messages. This can be exploited\nthrough a Denial of Service attack. [CVE-2014-3506]\n\nBy sending carefully crafted DTLS packets an attacker could cause\nopenssl to leak memory. This can be exploited through a Denial of\nService attack. [CVE-2014-3507]\n\nOpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are\nsubject to a denial of service attack. A malicious server can crash\nthe client with a NULL pointer dereference (read) by specifying an\nanonymous (EC)DH ciphersuite and sending carefully crafted handshake\nmessages. [CVE-2014-3510]\n\nA flaw in the OpenSSL SSL/TLS server code causes the server to\nnegotiate TLS 1.0 instead of higher protocol versions when the\nClientHello message is badly fragmented. This allows a\nman-in-the-middle attacker to force a downgrade to TLS 1.0 even if\nboth the server and the client support a higher protocol version, by\nmodifying the client's TLS records. [CVE-2014-3511]\n\nA malicious client or server can send invalid SRP parameters and\noverrun an internal buffer. Only applications which are explicitly set\nup for SRP use are affected. [CVE-2014-3512]", "modified": "2018-11-10T00:00:00", "published": "2014-08-07T00:00:00", "id": "FREEBSD_PKG_8AFF07EB1DBD11E4B6BA3C970E169BC2.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=77036", "title": "FreeBSD : OpenSSL -- multiple vulnerabilities (8aff07eb-1dbd-11e4-b6ba-3c970e169bc2)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77036);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/11/10 11:49:43\");\n\n script_cve_id(\"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3508\", \"CVE-2014-3509\", \"CVE-2014-3510\", \"CVE-2014-3511\", \"CVE-2014-3512\", \"CVE-2014-5139\");\n script_bugtraq_id(69075, 69076, 69077, 69078, 69079, 69082, 69083, 69084);\n script_xref(name:\"FreeBSD\", value:\"SA-14:18.openssl\");\n\n script_name(english:\"FreeBSD : OpenSSL -- multiple vulnerabilities (8aff07eb-1dbd-11e4-b6ba-3c970e169bc2)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The OpenSSL Project reports :\n\nA flaw in OBJ_obj2txt may cause pretty printing functions such as\nX509_name_oneline, X509_name_print_ex et al. to leak some information\nfrom the stack. [CVE-2014-3508]\n\nThe issue affects OpenSSL clients and allows a malicious server to\ncrash the client with a NULL pointer dereference (read) by specifying\nan SRP ciphersuite even though it was not properly negotiated with the\nclient. [CVE-2014-5139]\n\nIf a multithreaded client connects to a malicious server using a\nresumed session and the server sends an ec point format extension it\ncould write up to 255 bytes to freed memory. [CVE-2014-3509]\n\nAn attacker can force an error condition which causes openssl to crash\nwhilst processing DTLS packets due to memory being freed twice. This\ncan be exploited through a Denial of Service attack. [CVE-2014-3505]\n\nAn attacker can force openssl to consume large amounts of memory\nwhilst processing DTLS handshake messages. This can be exploited\nthrough a Denial of Service attack. [CVE-2014-3506]\n\nBy sending carefully crafted DTLS packets an attacker could cause\nopenssl to leak memory. This can be exploited through a Denial of\nService attack. [CVE-2014-3507]\n\nOpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are\nsubject to a denial of service attack. A malicious server can crash\nthe client with a NULL pointer dereference (read) by specifying an\nanonymous (EC)DH ciphersuite and sending carefully crafted handshake\nmessages. [CVE-2014-3510]\n\nA flaw in the OpenSSL SSL/TLS server code causes the server to\nnegotiate TLS 1.0 instead of higher protocol versions when the\nClientHello message is badly fragmented. This allows a\nman-in-the-middle attacker to force a downgrade to TLS 1.0 even if\nboth the server and the client support a higher protocol version, by\nmodifying the client's TLS records. [CVE-2014-3511]\n\nA malicious client or server can send invalid SRP parameters and\noverrun an internal buffer. Only applications which are explicitly set\nup for SRP use are affected. [CVE-2014-3512]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20140806.txt\"\n );\n # https://vuxml.freebsd.org/freebsd/8aff07eb-1dbd-11e4-b6ba-3c970e169bc2.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?51e472c7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mingw32-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"openssl>=1.0.1<1.0.1_14\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mingw32-openssl>=1.0.1<1.0.1i\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:19:34", "bulletinFamily": "scanner", "description": "The version of stunnel installed on the remote host is prior to\nversion 5.03. It is, therefore, affected by the following\nvulnerabilities in the bundled OpenSSL library :\n\n - A memory double-free error exists related to handling\n DTLS packets that allows denial of service attacks.\n (CVE-2014-3505)\n\n - An unspecified error exists related to handling DTLS\n handshake messages that allows denial of service attacks\n due to large amounts of memory being consumed.\n (CVE-2014-3506)\n\n - A memory leak error exists related to handling\n specially crafted DTLS packets that allows denial of\n service attacks. (CVE-2014-3507)\n\n - An error exists related to 'OBJ_obj2txt' and the pretty\n printing 'X509_name_*' functions which leak stack data,\n resulting in an information disclosure. (CVE-2014-3508)\n\n - An error exists related to 'ec point format extension'\n handling and multithreaded clients that allows freed\n memory to be overwritten during a resumed session.\n (CVE-2014-3509)\n\n - A NULL pointer dereference error exists related to\n handling anonymous ECDH cipher suites and crafted\n handshake messages that allow denial of service attacks\n against clients. (CVE-2014-3510)\n\n - An error exists related to handling fragmented\n 'ClientHello' messages that could allow a\n man-in-the-middle attacker to force usage of TLS 1.0\n regardless of higher protocol levels being supported by\n both the server and the client. (CVE-2014-3511)\n\n - A buffer overflow error exists related to handling\n Secure Remote Password protocol (SRP) parameters having\n unspecified impact. (CVE-2014-3512)\n\n - A NULL pointer dereference error exists related to\n handling Secure Remote Password protocol (SRP) that\n allows a malicious server to crash a client, resulting\n in a denial of service. (CVE-2014-5139\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.", "modified": "2018-11-15T00:00:00", "published": "2014-08-13T00:00:00", "id": "STUNNEL_5_03.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=77182", "title": "stunnel < 5.03 OpenSSL Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77182);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/11/15 20:50:28\");\n\n script_cve_id(\n \"CVE-2014-3505\",\n \"CVE-2014-3506\",\n \"CVE-2014-3507\",\n \"CVE-2014-3508\",\n \"CVE-2014-3509\",\n \"CVE-2014-3510\",\n \"CVE-2014-3511\",\n \"CVE-2014-3512\",\n \"CVE-2014-5139\"\n );\n script_bugtraq_id(\n 69075,\n 69076,\n 69077,\n 69078,\n 69079,\n 69081,\n 69082,\n 69083,\n 69084\n );\n\n script_name(english:\"stunnel < 5.03 OpenSSL Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of stunnel.exe.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a program that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of stunnel installed on the remote host is prior to\nversion 5.03. It is, therefore, affected by the following\nvulnerabilities in the bundled OpenSSL library :\n\n - A memory double-free error exists related to handling\n DTLS packets that allows denial of service attacks.\n (CVE-2014-3505)\n\n - An unspecified error exists related to handling DTLS\n handshake messages that allows denial of service attacks\n due to large amounts of memory being consumed.\n (CVE-2014-3506)\n\n - A memory leak error exists related to handling\n specially crafted DTLS packets that allows denial of\n service attacks. (CVE-2014-3507)\n\n - An error exists related to 'OBJ_obj2txt' and the pretty\n printing 'X509_name_*' functions which leak stack data,\n resulting in an information disclosure. (CVE-2014-3508)\n\n - An error exists related to 'ec point format extension'\n handling and multithreaded clients that allows freed\n memory to be overwritten during a resumed session.\n (CVE-2014-3509)\n\n - A NULL pointer dereference error exists related to\n handling anonymous ECDH cipher suites and crafted\n handshake messages that allow denial of service attacks\n against clients. (CVE-2014-3510)\n\n - An error exists related to handling fragmented\n 'ClientHello' messages that could allow a\n man-in-the-middle attacker to force usage of TLS 1.0\n regardless of higher protocol levels being supported by\n both the server and the client. (CVE-2014-3511)\n\n - A buffer overflow error exists related to handling\n Secure Remote Password protocol (SRP) parameters having\n unspecified impact. (CVE-2014-3512)\n\n - A NULL pointer dereference error exists related to\n handling Secure Remote Password protocol (SRP) that\n allows a malicious server to crash a client, resulting\n in a denial of service. (CVE-2014-5139\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n\n script_set_attribute(attribute:\"see_also\", value:\"https://www.stunnel.org/?page=sdf_ChangeLog\");\n # https://www.stunnel.org/pipermail/stunnel-announce/2014-August/000078.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bfb06a2c\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140806.txt\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to stunnel version 5.03 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:stunnel:stunnel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"stunnel_installed.nasl\");\n script_require_keys(\"installed_sw/stunnel\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\napp = 'stunnel';\ninstall = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);\n\nversion = install[\"version\"];\npath = install[\"path\"];\n\n# Affected < 5.03\nif (\n version =~ \"^[0-4]($|[^0-9])\" ||\n version =~ \"^5\\.0[0-2]($|[^0-9])\"\n)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 5.03\\n';\n security_report_v4(severity:SECURITY_HOLE, port:port, extra:report);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app, version, path);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:19:32", "bulletinFamily": "scanner", "description": "New openssl packages are available for Slackware 13.0, 13.1, 13.37,\n14.0, 14.1, and -current to fix security issues.", "modified": "2015-01-28T00:00:00", "published": "2014-08-09T00:00:00", "id": "SLACKWARE_SSA_2014-220-01.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=77091", "title": "Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : openssl (SSA:2014-220-01)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2014-220-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77091);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2015/01/28 19:00:57 $\");\n\n script_cve_id(\"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3508\", \"CVE-2014-3509\", \"CVE-2014-3510\", \"CVE-2014-3511\", \"CVE-2014-3512\", \"CVE-2014-5139\");\n script_bugtraq_id(69075, 69076, 69077, 69078, 69079, 69081, 69082, 69083, 69084);\n script_xref(name:\"SSA\", value:\"2014-220-01\");\n\n script_name(english:\"Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : openssl (SSA:2014-220-01)\");\n script_summary(english:\"Checks for updated packages in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New openssl packages are available for Slackware 13.0, 13.1, 13.37,\n14.0, 14.1, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.788587\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a8d020eb\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl and / or openssl-solibs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:openssl-solibs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"13.0\", pkgname:\"openssl\", pkgver:\"0.9.8zb\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zb\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"0.9.8zb\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zb\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"openssl\", pkgver:\"0.9.8zb\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zb\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"0.9.8zb\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zb\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"openssl\", pkgver:\"0.9.8zb\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zb\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"0.9.8zb\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zb\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"14.0\", pkgname:\"openssl\", pkgver:\"1.0.1i\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1i\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"1.0.1i\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1i\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"openssl\", pkgver:\"1.0.1i\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1i\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"1.0.1i\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1i\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"openssl\", pkgver:\"1.0.1i\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1i\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"1.0.1i\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1i\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:19:41", "bulletinFamily": "scanner", "description": "The version of OpenSSL installed on the remote host is affected by the\nfollowing vulnerabilities :\n\n - A memory double-free error exists related to handling\n DTLS packets that allows denial of service attacks.\n (CVE-2014-3505)\n\n - An unspecified error exists related to handling DTLS\n handshake messages that allows denial of service attacks\n due to large amounts of memory being consumed.\n (CVE-2014-3506)\n\n - A memory leak error exists related to handling\n specially crafted DTLS packets that allows denial of\n service attacks. (CVE-2014-3507)\n\n - An error exists related to 'OBJ_obj2txt' and the pretty\n printing 'X509_name_*' functions which leak stack data,\n resulting in an information disclosure. (CVE-2014-3508)\n\n - An error exists related to 'ec point format extension'\n handling and multithreaded clients that allows freed\n memory to be overwritten during a resumed session.\n (CVE-2014-3509)\n\n - A NULL pointer dereference error exists related to\n handling anonymous ECDH cipher suites and crafted\n handshake messages that allow denial of service attacks\n against clients. (CVE-2014-3510)\n\n - An error exists related to handling fragmented\n 'ClientHello' messages that could allow a\n man-in-the-middle attacker to force usage of TLS 1.0\n regardless of higher protocol levels being supported by\n both the server and the client. (CVE-2014-3511)\n\n - A buffer overflow error exists related to handling\n Secure Remote Password protocol (SRP) parameters having\n unspecified impact. (CVE-2014-3512)\n\n - A NULL pointer dereference error exists related to\n handling Secure Remote Password protocol (SRP) that\n allows a malicious server to crash a client, resulting\n in a denial of service. (CVE-2014-5139)", "modified": "2018-07-17T00:00:00", "published": "2014-09-10T00:00:00", "id": "AIX_OPENSSL_ADVISORY10.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=77603", "title": "AIX OpenSSL Advisory : openssl_advisory10.asc", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory openssl_advisory10.asc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77603);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/17 12:00:06\");\n\n script_cve_id(\n \"CVE-2014-3505\",\n \"CVE-2014-3506\",\n \"CVE-2014-3507\",\n \"CVE-2014-3508\",\n \"CVE-2014-3509\",\n \"CVE-2014-3510\",\n \"CVE-2014-3511\",\n \"CVE-2014-3512\",\n \"CVE-2014-5139\"\n );\n script_bugtraq_id(\n 69075,\n 69076,\n 69077,\n 69078,\n 69079,\n 69081,\n 69082,\n 69083,\n 69084\n );\n\n script_name(english:\"AIX OpenSSL Advisory : openssl_advisory10.asc\");\n script_summary(english:\"Checks the version of the openssl packages and iFixes.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AIX host has a version of OpenSSL installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of OpenSSL installed on the remote host is affected by the\nfollowing vulnerabilities :\n\n - A memory double-free error exists related to handling\n DTLS packets that allows denial of service attacks.\n (CVE-2014-3505)\n\n - An unspecified error exists related to handling DTLS\n handshake messages that allows denial of service attacks\n due to large amounts of memory being consumed.\n (CVE-2014-3506)\n\n - A memory leak error exists related to handling\n specially crafted DTLS packets that allows denial of\n service attacks. (CVE-2014-3507)\n\n - An error exists related to 'OBJ_obj2txt' and the pretty\n printing 'X509_name_*' functions which leak stack data,\n resulting in an information disclosure. (CVE-2014-3508)\n\n - An error exists related to 'ec point format extension'\n handling and multithreaded clients that allows freed\n memory to be overwritten during a resumed session.\n (CVE-2014-3509)\n\n - A NULL pointer dereference error exists related to\n handling anonymous ECDH cipher suites and crafted\n handshake messages that allow denial of service attacks\n against clients. (CVE-2014-3510)\n\n - An error exists related to handling fragmented\n 'ClientHello' messages that could allow a\n man-in-the-middle attacker to force usage of TLS 1.0\n regardless of higher protocol levels being supported by\n both the server and the client. (CVE-2014-3511)\n\n - A buffer overflow error exists related to handling\n Secure Remote Password protocol (SRP) parameters having\n unspecified impact. (CVE-2014-3512)\n\n - A NULL pointer dereference error exists related to\n handling Secure Remote Password protocol (SRP) that\n allows a malicious server to crash a client, resulting\n in a denial of service. (CVE-2014-5139)\");\n\n script_set_attribute(attribute:\"see_also\", value:\"http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=aixbp\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140806.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"A fix is available and can be downloaded from the AIX website.\n\nIMPORTANT : If possible, it is recommended that a mksysb backup of the\nsystem be created. Verify that it is both bootable and readable before\nproceeding.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/10\");\n\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\ninclude(\"aix.inc\");\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This AIX package check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\n#0.9.8.2502\nif (aix_check_ifix(release:\"5.3\", patch:\"098_fix\", package:\"openssl.base\", minfilesetver:\"0.9.8.401\", maxfilesetver:\"0.9.8.2502\") < 0) flag++;\nif (aix_check_ifix(release:\"6.1\", patch:\"098_fix\", package:\"openssl.base\", minfilesetver:\"0.9.8.401\", maxfilesetver:\"0.9.8.2502\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", patch:\"098_fix\", package:\"openssl.base\", minfilesetver:\"0.9.8.401\", maxfilesetver:\"0.9.8.2502\") < 0) flag++;\n\n#1.0.1.511\nif (aix_check_ifix(release:\"5.3\", patch:\"101_fix\", package:\"openssl.base\", minfilesetver:\"1.0.1.500\", maxfilesetver:\"1.0.1.511\") < 0) flag++;\nif (aix_check_ifix(release:\"6.1\", patch:\"101_fix\", package:\"openssl.base\", minfilesetver:\"1.0.1.500\", maxfilesetver:\"1.0.1.511\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", patch:\"101_fix\", package:\"openssl.base\", minfilesetver:\"1.0.1.500\", maxfilesetver:\"1.0.1.511\") < 0) flag++;\n\n#12.9.8.2502\nif (aix_check_ifix(release:\"5.3\", patch:\"1298_fix\", package:\"openssl.base\", minfilesetver:\"12.9.8.1100\", maxfilesetver:\"12.9.8.2502\") < 0) flag++;\nif (aix_check_ifix(release:\"6.1\", patch:\"1298_fix\", package:\"openssl.base\", minfilesetver:\"12.9.8.1100\", maxfilesetver:\"12.9.8.2502\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", patch:\"1298_fix\", package:\"openssl.base\", minfilesetver:\"12.9.8.1100\", maxfilesetver:\"12.9.8.2502\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:aix_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:33:20", "bulletinFamily": "scanner", "description": "According to its self-reported version number, the remote pfSense\ninstall is a version prior to 2.1.5 It is, therefore, affected by \nmultiple vulnerabilities.", "modified": "2018-03-22T00:00:00", "published": "2018-03-21T00:00:00", "id": "PFSENSE_SA-14_14.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=108516", "title": "pfSense < 2.1.5 Multiple Vulnerabilities ( SA-14_14 )", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108516);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/03/22 14:52:58\");\n\n script_cve_id(\n \"CVE-2014-3508\",\n \"CVE-2014-5139\",\n \"CVE-2014-3509\",\n \"CVE-2014-3505\",\n \"CVE-2014-3506\",\n \"CVE-2014-3507\",\n \"CVE-2014-3510\",\n \"CVE-2014-3511\",\n \"CVE-2014-3512\"\n );\n script_bugtraq_id(\n 69075,\n 69077,\n 69084,\n 69081,\n 69076,\n 69078,\n 69082,\n 69079,\n 69083\n );\n\n script_name(english:\"pfSense < 2.1.5 Multiple Vulnerabilities ( SA-14_14 )\");\n script_summary(english:\"Checks the version of pfSense.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote firewall host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the remote pfSense\ninstall is a version prior to 2.1.5 It is, therefore, affected by \nmultiple vulnerabilities.\");\n # https://www.pfsense.org/security/advisories/pfSense-SA-14_14.openssl.asc\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0f5a6f06\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to pfSense version 2.1.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:pfsense:pfsense\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:bsdperimeter:pfsense\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"pfsense_detect.nbin\");\n script_require_keys(\"Host/pfSense\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\ninclude(\"vcf_extras.inc\");\n\nif (!get_kb_item(\"Host/pfSense\")) audit(AUDIT_HOST_NOT, \"pfSense\");\n\napp_info = vcf::pfsense::get_app_info();\nconstraints = [\n { \"fixed_version\" : \"2.1.5\" }\n];\n\nvcf::pfsense::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_HOLE\n);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:19:52", "bulletinFamily": "scanner", "description": "A flaw was discovered in the way OpenSSL handled DTLS packets. A\nremote attacker could use this flaw to cause a DTLS server or client\nusing OpenSSL to crash or use excessive amounts of memory.\n\nMultiple buffer overflows in crypto/srp/srp_lib.c in the SRP\nimplementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers\nto cause a denial of service (application crash) or possibly have\nunspecified other impact via an invalid SRP (1) g, (2) A, or (3) B\nparameter.\n\nA flaw was found in the way OpenSSL handled fragmented handshake\npackets. A man-in-the-middle attacker could use this flaw to force a\nTLS/SSL server using OpenSSL to use TLS 1.0, even if both the client\nand the server supported newer protocol versions.\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed\na handshake when using the anonymous Diffie-Hellman (DH) key exchange.\nA malicious server could cause a DTLS client using OpenSSL to crash if\nthat client had anonymous DH cipher suites enabled.\n\nIt was discovered that the OBJ_obj2txt() function could fail to\nproperly NUL-terminate its output. This could possibly cause an\napplication using OpenSSL functions to format fields of X.509\ncertificates to disclose portions of its memory.\n\nA race condition was found in the way OpenSSL handled ServerHello\nmessages with an included Supported EC Point Format extension. A\nmalicious server could possibly use this flaw to cause a\nmulti-threaded TLS/SSL client using OpenSSL to write into freed\nmemory, causing the client to crash or execute arbitrary code.\n\nThe ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1\nbefore 1.0.1i allows remote SSL servers to cause a denial of service\n(NULL pointer dereference and client application crash) via a\nServerHello message that includes an SRP ciphersuite without the\nrequired negotiation of that ciphersuite with the client.", "modified": "2018-04-18T00:00:00", "published": "2014-10-12T00:00:00", "id": "ALA_ALAS-2014-391.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78334", "title": "Amazon Linux AMI : openssl (ALAS-2014-391)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2014-391.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78334);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3508\", \"CVE-2014-3509\", \"CVE-2014-3510\", \"CVE-2014-3511\", \"CVE-2014-3512\", \"CVE-2014-5139\");\n script_xref(name:\"ALAS\", value:\"2014-391\");\n\n script_name(english:\"Amazon Linux AMI : openssl (ALAS-2014-391)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was discovered in the way OpenSSL handled DTLS packets. A\nremote attacker could use this flaw to cause a DTLS server or client\nusing OpenSSL to crash or use excessive amounts of memory.\n\nMultiple buffer overflows in crypto/srp/srp_lib.c in the SRP\nimplementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers\nto cause a denial of service (application crash) or possibly have\nunspecified other impact via an invalid SRP (1) g, (2) A, or (3) B\nparameter.\n\nA flaw was found in the way OpenSSL handled fragmented handshake\npackets. A man-in-the-middle attacker could use this flaw to force a\nTLS/SSL server using OpenSSL to use TLS 1.0, even if both the client\nand the server supported newer protocol versions.\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed\na handshake when using the anonymous Diffie-Hellman (DH) key exchange.\nA malicious server could cause a DTLS client using OpenSSL to crash if\nthat client had anonymous DH cipher suites enabled.\n\nIt was discovered that the OBJ_obj2txt() function could fail to\nproperly NUL-terminate its output. This could possibly cause an\napplication using OpenSSL functions to format fields of X.509\ncertificates to disclose portions of its memory.\n\nA race condition was found in the way OpenSSL handled ServerHello\nmessages with an included Supported EC Point Format extension. A\nmalicious server could possibly use this flaw to cause a\nmulti-threaded TLS/SSL client using OpenSSL to write into freed\nmemory, causing the client to crash or execute arbitrary code.\n\nThe ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1\nbefore 1.0.1i allows remote SSL servers to cause a denial of service\n(NULL pointer dereference and client application crash) via a\nServerHello message that includes an SRP ciphersuite without the\nrequired negotiation of that ciphersuite with the client.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2014-391.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update openssl' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"openssl-1.0.1i-1.78.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-debuginfo-1.0.1i-1.78.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-devel-1.0.1i-1.78.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-perl-1.0.1i-1.78.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-static-1.0.1i-1.78.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:19:32", "bulletinFamily": "scanner", "description": "According to its banner, the remote web server uses a version of\nOpenSSL 1.0.1 prior to 1.0.1i. The OpenSSL library is, therefore,\naffected by the following vulnerabilities :\n\n - A memory double-free error exists related to handling\n DTLS packets that allows denial of service attacks.\n (CVE-2014-3505)\n\n - An unspecified error exists related to handling DTLS\n handshake messages that allows denial of service attacks\n due to large amounts of memory being consumed.\n (CVE-2014-3506)\n\n - A memory leak error exists related to handling\n specially crafted DTLS packets that allows denial of\n service attacks. (CVE-2014-3507)\n\n - An error exists related to 'OBJ_obj2txt' and the pretty\n printing 'X509_name_*' functions which leak stack data,\n resulting in an information disclosure. (CVE-2014-3508)\n\n - An error exists related to 'ec point format extension'\n handling and multithreaded clients that allows freed\n memory to be overwritten during a resumed session.\n (CVE-2014-3509)\n\n - A NULL pointer dereference error exists related to\n handling anonymous ECDH cipher suites and crafted\n handshake messages that allow denial of service attacks\n against clients. (CVE-2014-3510)\n\n - An error exists related to handling fragmented\n 'ClientHello' messages that could allow a\n man-in-the-middle attacker to force usage of TLS 1.0\n regardless of higher protocol levels being supported by\n both the server and the client. (CVE-2014-3511)\n\n - A buffer overflow error exists related to handling\n Secure Remote Password protocol (SRP) parameters having\n unspecified impact. (CVE-2014-3512)\n\n - A NULL pointer dereference error exists related to\n handling Secure Remote Password protocol (SRP) that\n allows a malicious server to crash a client, resulting\n in a denial of service. (CVE-2014-5139)", "modified": "2018-07-16T00:00:00", "published": "2014-08-08T00:00:00", "id": "OPENSSL_1_0_1I.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=77088", "title": "OpenSSL 1.0.1 < 1.0.1i Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77088);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/07/16 14:09:14\");\n\n script_cve_id(\n \"CVE-2014-3505\",\n \"CVE-2014-3506\",\n \"CVE-2014-3507\",\n \"CVE-2014-3508\",\n \"CVE-2014-3509\",\n \"CVE-2014-3510\",\n \"CVE-2014-3511\",\n \"CVE-2014-3512\",\n \"CVE-2014-5139\"\n );\n script_bugtraq_id(\n 69075,\n 69076,\n 69077,\n 69078,\n 69079,\n 69081,\n 69082,\n 69083,\n 69084\n );\n\n script_name(english:\"OpenSSL 1.0.1 < 1.0.1i Multiple Vulnerabilities\");\n script_summary(english:\"Performs a banner check.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote service is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote web server uses a version of\nOpenSSL 1.0.1 prior to 1.0.1i. The OpenSSL library is, therefore,\naffected by the following vulnerabilities :\n\n - A memory double-free error exists related to handling\n DTLS packets that allows denial of service attacks.\n (CVE-2014-3505)\n\n - An unspecified error exists related to handling DTLS\n handshake messages that allows denial of service attacks\n due to large amounts of memory being consumed.\n (CVE-2014-3506)\n\n - A memory leak error exists related to handling\n specially crafted DTLS packets that allows denial of\n service attacks. (CVE-2014-3507)\n\n - An error exists related to 'OBJ_obj2txt' and the pretty\n printing 'X509_name_*' functions which leak stack data,\n resulting in an information disclosure. (CVE-2014-3508)\n\n - An error exists related to 'ec point format extension'\n handling and multithreaded clients that allows freed\n memory to be overwritten during a resumed session.\n (CVE-2014-3509)\n\n - A NULL pointer dereference error exists related to\n handling anonymous ECDH cipher suites and crafted\n handshake messages that allow denial of service attacks\n against clients. (CVE-2014-3510)\n\n - An error exists related to handling fragmented\n 'ClientHello' messages that could allow a\n man-in-the-middle attacker to force usage of TLS 1.0\n regardless of higher protocol levels being supported by\n both the server and the client. (CVE-2014-3511)\n\n - A buffer overflow error exists related to handling\n Secure Remote Password protocol (SRP) parameters having\n unspecified impact. (CVE-2014-3512)\n\n - A NULL pointer dereference error exists related to\n handling Secure Remote Password protocol (SRP) that\n allows a malicious server to crash a client, resulting\n in a denial of service. (CVE-2014-5139)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/openssl-1.0.1-notes.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140806.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/vulnerabilities.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to OpenSSL 1.0.1i or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:'1.0.1i', min:\"1.0.1\", severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:19:48", "bulletinFamily": "scanner", "description": "The WinSCP program installed on the remote host is version 4.3.8,\n4.3.9, 4.4.0, or 5.x prior to 5.5.5. It therefore contains a bundled\nversion of OpenSSL prior to 1.0.1i which is affected by the following\nvulnerabilities :\n\n - A memory double-free error exists related to handling\n DTLS packets that allows denial of service attacks.\n (CVE-2014-3505)\n\n - An unspecified error exists related to handling DTLS\n handshake messages that allows denial of service attacks\n due to large amounts of memory being consumed.\n (CVE-2014-3506)\n\n - A memory leak error exists related to handling\n specially crafted DTLS packets that allows denial of\n service attacks. (CVE-2014-3507)\n\n - An error exists related to 'OBJ_obj2txt' and the pretty\n printing 'X509_name_*' functions which leak stack data,\n resulting in an information disclosure. (CVE-2014-3508)\n\n - An error exists related to 'ec point format extension'\n handling and multithreaded clients that allows freed\n memory to be overwritten during a resumed session.\n (CVE-2014-3509)\n\n - A NULL pointer dereference error exists related to\n handling anonymous ECDH cipher suites and crafted\n handshake messages that allow denial of service attacks\n against clients. (CVE-2014-3510)\n\n - An error exists related to handling fragmented\n 'ClientHello' messages that allows a man-in-the-middle\n attacker to force usage of TLS 1.0 regardless of higher\n protocol levels being supported by both the server and\n the client. (CVE-2014-3511)\n\n - A buffer overflow error exists related to handling\n Secure Remote Password protocol (SRP) parameters having\n unspecified impact. (CVE-2014-3512)\n\n - A NULL pointer dereference error exists related to\n handling Secure Remote Password protocol (SRP) that\n allows a malicious server to crash a client, resulting\n in a denial of service. (CVE-2014-5139)", "modified": "2018-11-15T00:00:00", "published": "2014-10-07T00:00:00", "id": "WINSCP_5_5_5.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78078", "title": "WinSCP 5.x < 5.5.5 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78078);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/11/15 20:50:29\");\n\n script_cve_id(\n \"CVE-2014-3505\",\n \"CVE-2014-3506\",\n \"CVE-2014-3507\",\n \"CVE-2014-3508\",\n \"CVE-2014-3509\",\n \"CVE-2014-3510\",\n \"CVE-2014-3511\",\n \"CVE-2014-3512\",\n \"CVE-2014-5139\"\n );\n script_bugtraq_id(\n 69075,\n 69076,\n 69077,\n 69078,\n 69079,\n 69081,\n 69082,\n 69083,\n 69084\n );\n\n script_name(english:\"WinSCP 5.x < 5.5.5 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of WinSCP.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has an application installed that is affected\nby multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The WinSCP program installed on the remote host is version 4.3.8,\n4.3.9, 4.4.0, or 5.x prior to 5.5.5. It therefore contains a bundled\nversion of OpenSSL prior to 1.0.1i which is affected by the following\nvulnerabilities :\n\n - A memory double-free error exists related to handling\n DTLS packets that allows denial of service attacks.\n (CVE-2014-3505)\n\n - An unspecified error exists related to handling DTLS\n handshake messages that allows denial of service attacks\n due to large amounts of memory being consumed.\n (CVE-2014-3506)\n\n - A memory leak error exists related to handling\n specially crafted DTLS packets that allows denial of\n service attacks. (CVE-2014-3507)\n\n - An error exists related to 'OBJ_obj2txt' and the pretty\n printing 'X509_name_*' functions which leak stack data,\n resulting in an information disclosure. (CVE-2014-3508)\n\n - An error exists related to 'ec point format extension'\n handling and multithreaded clients that allows freed\n memory to be overwritten during a resumed session.\n (CVE-2014-3509)\n\n - A NULL pointer dereference error exists related to\n handling anonymous ECDH cipher suites and crafted\n handshake messages that allow denial of service attacks\n against clients. (CVE-2014-3510)\n\n - An error exists related to handling fragmented\n 'ClientHello' messages that allows a man-in-the-middle\n attacker to force usage of TLS 1.0 regardless of higher\n protocol levels being supported by both the server and\n the client. (CVE-2014-3511)\n\n - A buffer overflow error exists related to handling\n Secure Remote Password protocol (SRP) parameters having\n unspecified impact. (CVE-2014-3512)\n\n - A NULL pointer dereference error exists related to\n handling Secure Remote Password protocol (SRP) that\n allows a malicious server to crash a client, resulting\n in a denial of service. (CVE-2014-5139)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://winscp.net/eng/docs/history#5.5.5\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/openssl-1.0.1-notes.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140806.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/vulnerabilities.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to WinSCP version 5.5.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:winscp:winscp\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"winscp_installed.nbin\");\n script_require_keys(\"installed_sw/WinSCP\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\napp = 'WinSCP';\nfixed_version = '5.5.5';\n\ninstall = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);\n\nversion = install['version'];\npath = install['path'];\n\nif (\n # 4.3.8 uses OpenSSL 1.0.1c\n version == '4.3.8.1771' ||\n # 4.3.9 uses OpenSSL 1.0.1c\n version == '4.3.9.1817' ||\n # 4.4.0 uses OpenSSL 1.0.1c\n version == '4.4.0.1904' ||\n # 5.0.7 >= version < 5.5.4\n (\n version =~ \"^5\\.\" &&\n ver_compare(ver:version, fix:\"5.0.7.2268\", strict:FALSE) >= 0 &&\n ver_compare(ver:version, fix:\"5.5.5.4605\", strict:FALSE) < 0\n )\n)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + \n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app, version, path);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-09-01T23:55:24", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities have been identified in OpenSSL, a Secure\nSockets Layer toolkit, that may result in denial of service\n(application crash, large memory consumption), information leak,\nprotocol downgrade. Additionally, a buffer overrun affecting only\napplications explicitly set up for SRP has been fixed (CVE-2014-3512 \n).\n\nDetailed descriptions of the vulnerabilities can be found at:\nwww.openssl.org/news/secadv_20140806.txt \nIt's important that you upgrade the libssl1.0.0 package and not just\nthe openssl package.\n\nAll applications linked to openssl need to be restarted. You can use\nthe checkrestart \ntool from the debian-goodies package to detect\naffected programs. Alternatively, you may reboot your system.", "modified": "2018-04-06T00:00:00", "published": "2014-08-07T00:00:00", "id": "OPENVAS:1361412562310702998", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702998", "title": "Debian Security Advisory DSA 2998-1 (openssl - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2998.nasl 9354 2018-04-06 07:15:32Z cfischer $\n# Auto-generated from advisory DSA 2998-1 using nvtgen 1.0\n# Script version: 1.1\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"openssl on Debian Linux\";\ntag_insight = \"This package contains the openssl binary and related tools.\";\ntag_solution = \"For the stable distribution (wheezy), these problems have been fixed in\nversion 1.0.1e-2+deb7u12.\n\nFor the testing distribution (jessie), these problems will be fixed\nsoon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.1i-1.\n\nWe recommend that you upgrade your openssl packages.\";\ntag_summary = \"Multiple vulnerabilities have been identified in OpenSSL, a Secure\nSockets Layer toolkit, that may result in denial of service\n(application crash, large memory consumption), information leak,\nprotocol downgrade. Additionally, a buffer overrun affecting only\napplications explicitly set up for SRP has been fixed (CVE-2014-3512 \n).\n\nDetailed descriptions of the vulnerabilities can be found at:\nwww.openssl.org/news/secadv_20140806.txt \nIt's important that you upgrade the libssl1.0.0 package and not just\nthe openssl package.\n\nAll applications linked to openssl need to be restarted. You can use\nthe checkrestart \ntool from the debian-goodies package to detect\naffected programs. Alternatively, you may reboot your system.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702998\");\n script_version(\"$Revision: 9354 $\");\n script_cve_id(\"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3508\", \"CVE-2014-3509\", \"CVE-2014-3510\", \"CVE-2014-3511\", \"CVE-2014-3512\", \"CVE-2014-5139\");\n script_name(\"Debian Security Advisory DSA 2998-1 (openssl - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2018-04-06 09:15:32 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value:\"2014-08-07 00:00:00 +0200 (Thu, 07 Aug 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2998.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-19T13:03:22", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2014-08-08T00:00:00", "id": "OPENVAS:1361412562310841924", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841924", "title": "Ubuntu Update for openssl USN-2308-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2308_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# Ubuntu Update for openssl USN-2308-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841924\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-08-08 06:02:31 +0200 (Fri, 08 Aug 2014)\");\n script_cve_id(\"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3508\",\n \"CVE-2014-3509\", \"CVE-2014-3510\", \"CVE-2014-3511\", \"CVE-2014-3512\",\n \"CVE-2014-5139\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Ubuntu Update for openssl USN-2308-1\");\n\n\n script_tag(name:\"affected\", value:\"openssl on Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"insight\", value:\"Adam Langley and Wan-Teh Chang discovered that OpenSSL\nincorrectly handled certain DTLS packets. A remote attacker could use this issue\nto cause OpenSSL to crash, resulting in a denial of service. (CVE-2014-3505)\n\nAdam Langley discovered that OpenSSL incorrectly handled memory when\nprocessing DTLS handshake messages. A remote attacker could use this issue\nto cause OpenSSL to consume memory, resulting in a denial of service.\n(CVE-2014-3506)\n\nAdam Langley discovered that OpenSSL incorrectly handled memory when\nprocessing DTLS fragments. A remote attacker could use this issue to cause\nOpenSSL to leak memory, resulting in a denial of service. This issue\nonly affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3507)\n\nIvan Fratric discovered that OpenSSL incorrectly leaked information in\nthe pretty printing functions. When OpenSSL is used with certain\napplications, an attacker may use this issue to possibly gain access to\nsensitive information. (CVE-2014-3508)\n\nGabor Tyukasz discovered that OpenSSL contained a race condition when\nprocessing serverhello messages. A malicious server could use this issue\nto cause clients to crash, resulting in a denial of service. This issue\nonly affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3509)\n\nFelix Grö bert discovered that OpenSSL incorrectly handled certain DTLS\nhandshake messages. A malicious server could use this issue to cause\nclients to crash, resulting in a denial of service. (CVE-2014-3510)\n\nDavid Benjamin and Adam Langley discovered that OpenSSL incorrectly\nhandled fragmented ClientHello messages. If a remote attacker were able to\nperform a man-in-the-middle attack, this flaw could be used to force a\nprotocol downgrade to TLS 1.0. This issue only affected Ubuntu 12.04 LTS\nand Ubuntu 14.04 LTS. (CVE-2014-3511)\n\nSean Devlin and Watson Ladd discovered that OpenSSL incorrectly handled\ncertain SRP parameters. A remote attacker could use this with applications\nthat use SRP to cause a denial of service, or possibly execute arbitrary\ncode. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.\n(CVE-2014-3512)\n\nJoonas Kuorilehto and Riku Hietamä ki discovered that OpenSSL incorrectly\nhandled certain Server Hello messages that specify an SRP ciphersuite. A\nmalicious server could use this issue to cause clients to crash, resulting\nin a denial of service. This issue only affected Ubuntu 12.04 LTS and\nUbuntu 14.04 LTS. (CVE-2014-5139)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2308-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2308-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|10\\.04 LTS)\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:i386\", ver:\"1.0.1f-1ubuntu2.5\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1-4ubuntu5.17\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8k-7ubuntu8.20\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-02T14:32:57", "bulletinFamily": "scanner", "description": "Amazon Linux Local Security Checks", "modified": "2018-10-01T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120249", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120249", "title": "Amazon Linux Local Check: ALAS-2014-391", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2014-391.nasl 6715 2017-07-13 09:57:40Z teissa$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120249\");\n script_version(\"$Revision: 11711 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:21:23 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 14:30:57 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: ALAS-2014-391\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in OpenSSL. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update openssl to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2014-391.html\");\n script_cve_id(\"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3512\", \"CVE-2014-3511\", \"CVE-2014-3510\", \"CVE-2014-3508\", \"CVE-2014-3509\", \"CVE-2014-5139\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1i~1.78.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1i~1.78.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1i~1.78.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1i~1.78.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1i~1.78.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-28T18:25:43", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2014-1052", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123331", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123331", "title": "Oracle Linux Local Check: ELSA-2014-1052", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-1052.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123331\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:02:22 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-1052\");\n script_tag(name:\"insight\", value:\"ELSA-2014-1052 - openssl security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-1052\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-1052.html\");\n script_cve_id(\"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3508\", \"CVE-2014-3509\", \"CVE-2014-3510\", \"CVE-2014-3511\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~34.el7_0.4\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~34.el7_0.4\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-libs\", rpm:\"openssl-libs~1.0.1e~34.el7_0.4\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1e~34.el7_0.4\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1e~34.el7_0.4\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~16.el6_5.15\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~16.el6_5.15\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1e~16.el6_5.15\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1e~16.el6_5.15\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:55:33", "bulletinFamily": "scanner", "description": "Check for the Version of openssl", "modified": "2018-04-06T00:00:00", "published": "2014-09-10T00:00:00", "id": "OPENVAS:1361412562310882005", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882005", "title": "CentOS Update for openssl CESA-2014:1052 centos7 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for openssl CESA-2014:1052 centos7 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882005\");\n script_version(\"$Revision: 9373 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:57:18 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-09-10 06:20:03 +0200 (Wed, 10 Sep 2014)\");\n script_cve_id(\"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3508\",\n \"CVE-2014-3509\", \"CVE-2014-3510\", \"CVE-2014-3511\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Update for openssl CESA-2014:1052 centos7 \");\n script_tag(name: \"insight\", value: \"OpenSSL is a toolkit that implements the\nSecure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram\nTransport Layer Security (DTLS) protocols, as well as a full-strength, general\npurpose cryptography library.\n\nA race condition was found in the way OpenSSL handled ServerHello messages\nwith an included Supported EC Point Format extension. A malicious server\ncould possibly use this flaw to cause a multi-threaded TLS/SSL client using\nOpenSSL to write into freed memory, causing the client to crash or execute\narbitrary code. (CVE-2014-3509)\n\nIt was discovered that the OBJ_obj2txt() function could fail to properly\nNUL-terminate its output. This could possibly cause an application using\nOpenSSL functions to format fields of X.509 certificates to disclose\nportions of its memory. (CVE-2014-3508)\n\nA flaw was found in the way OpenSSL handled fragmented handshake packets.\nA man-in-the-middle attacker could use this flaw to force a TLS/SSL server\nusing OpenSSL to use TLS 1.0, even if both the client and the server\nsupported newer protocol versions. (CVE-2014-3511)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS packets.\nA remote attacker could use these flaws to cause a DTLS server or client\nusing OpenSSL to crash or use excessive amounts of memory. (CVE-2014-3505,\nCVE-2014-3506, CVE-2014-3507)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a\nhandshake when using the anonymous Diffie-Hellman (DH) key exchange. A\nmalicious server could cause a DTLS client using OpenSSL to crash if that\nclient had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n\");\n script_tag(name: \"affected\", value: \"openssl on CentOS 7\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name: \"CESA\", value: \"2014:1052\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2014-August/020489.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\nexit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~34.el7_0.4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~34.el7_0.4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-libs\", rpm:\"openssl-libs~1.0.1e~34.el7_0.4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1e~34.el7_0.4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1e~34.el7_0.4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:54:53", "bulletinFamily": "scanner", "description": "Check for the Version of openssl", "modified": "2018-04-06T00:00:00", "published": "2014-08-14T00:00:00", "id": "OPENVAS:1361412562310881988", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881988", "title": "CentOS Update for openssl CESA-2014:1052 centos6 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for openssl CESA-2014:1052 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881988\");\n script_version(\"$Revision: 9373 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:57:18 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-08-14 05:54:57 +0200 (Thu, 14 Aug 2014)\");\n script_cve_id(\"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3508\",\n \"CVE-2014-3509\", \"CVE-2014-3510\", \"CVE-2014-3511\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Update for openssl CESA-2014:1052 centos6 \");\n\n tag_insight = \"OpenSSL is a toolkit that implements the Secure Sockets Layer\n(SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary.\n\nA race condition was found in the way OpenSSL handled ServerHello messages\nwith an included Supported EC Point Format extension. A malicious server\ncould possibly use this flaw to cause a multi-threaded TLS/SSL client using\nOpenSSL to write into freed memory, causing the client to crash or execute\narbitrary code. (CVE-2014-3509)\n\nIt was discovered that the OBJ_obj2txt() function could fail to properly\nNUL-terminate its output. This could possibly cause an application using\nOpenSSL functions to format fields of X.509 certificates to disclose\nportions of its memory. (CVE-2014-3508)\n\nA flaw was found in the way OpenSSL handled fragmented handshake packets.\nA man-in-the-middle attacker could use this flaw to force a TLS/SSL server\nusing OpenSSL to use TLS 1.0, even if both the client and the server\nsupported newer protocol versions. (CVE-2014-3511)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS packets.\nA remote attacker could use these flaws to cause a DTLS server or client\nusing OpenSSL to crash or use excessive amounts of memory. (CVE-2014-3505,\nCVE-2014-3506, CVE-2014-3507)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a\nhandshake when using the anonymous Diffie-Hellman (DH) key exchange. A\nmalicious server could cause a DTLS client using OpenSSL to crash if that\nclient had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n\";\n\n tag_affected = \"openssl on CentOS 6\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2014:1052\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2014-August/020488.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~16.el6_5.15\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~16.el6_5.15\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1e~16.el6_5.15\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1e~16.el6_5.15\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-23T15:13:32", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2014-08-14T00:00:00", "id": "OPENVAS:1361412562310871227", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871227", "title": "RedHat Update for openssl RHSA-2014:1052-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for openssl RHSA-2014:1052-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871227\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-08-14 05:54:31 +0200 (Thu, 14 Aug 2014)\");\n script_cve_id(\"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3508\",\n \"CVE-2014-3509\", \"CVE-2014-3510\", \"CVE-2014-3511\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Update for openssl RHSA-2014:1052-01\");\n\n\n script_tag(name:\"affected\", value:\"openssl on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Server (v. 7),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary.\n\nA race condition was found in the way OpenSSL handled ServerHello messages\nwith an included Supported EC Point Format extension. A malicious server\ncould possibly use this flaw to cause a multi-threaded TLS/SSL client using\nOpenSSL to write into freed memory, causing the client to crash or execute\narbitrary code. (CVE-2014-3509)\n\nIt was discovered that the OBJ_obj2txt() function could fail to properly\nNUL-terminate its output. This could possibly cause an application using\nOpenSSL functions to format fields of X.509 certificates to disclose\nportions of its memory. (CVE-2014-3508)\n\nA flaw was found in the way OpenSSL handled fragmented handshake packets.\nA man-in-the-middle attacker could use this flaw to force a TLS/SSL server\nusing OpenSSL to use TLS 1.0, even if both the client and the server\nsupported newer protocol versions. (CVE-2014-3511)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS packets.\nA remote attacker could use these flaws to cause a DTLS server or client\nusing OpenSSL to crash or use excessive amounts of memory. (CVE-2014-3505,\nCVE-2014-3506, CVE-2014-3507)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a\nhandshake when using the anonymous Diffie-Hellman (DH) key exchange. A\nmalicious server could cause a DTLS client using OpenSSL to crash if that\nclient had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:1052-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-August/msg00026.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(7|6)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~34.el7_0.4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1e~34.el7_0.4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~34.el7_0.4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-libs\", rpm:\"openssl-libs~1.0.1e~34.el7_0.4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~16.el6_5.15\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1e~16.el6_5.15\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~16.el6_5.15\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-29T12:40:34", "bulletinFamily": "scanner", "description": "Gentoo Linux Local Security Checks GLSA 201412-39", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121325", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121325", "title": "Gentoo Security Advisory GLSA 201412-39", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201412-39.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121325\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:28:21 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201412-39\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201412-39\");\n script_cve_id(\"CVE-2013-6449\", \"CVE-2013-6450\", \"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3509\", \"CVE-2014-3510\", \"CVE-2014-3511\", \"CVE-2014-3512\", \"CVE-2014-3513\", \"CVE-2014-3567\", \"CVE-2014-3568\", \"CVE-2014-5139\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201412-39\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 1.0.1j\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p2\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p3\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p4\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p5\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p6\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p7\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p8\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p9\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p10\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p11\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p12\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p13\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p14\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p15\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(), vulnerable: make_list(\"lt 1.0.1j\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:53:39", "bulletinFamily": "scanner", "description": "Check for the Version of openssl", "modified": "2018-04-06T00:00:00", "published": "2014-08-14T00:00:00", "id": "OPENVAS:1361412562310881987", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881987", "title": "CentOS Update for openssl CESA-2014:1053 centos5 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for openssl CESA-2014:1053 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881987\");\n script_version(\"$Revision: 9373 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:57:18 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-08-14 05:54:51 +0200 (Thu, 14 Aug 2014)\");\n script_cve_id(\"CVE-2014-0221\", \"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3508\",\n \"CVE-2014-3510\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"CentOS Update for openssl CESA-2014:1053 centos5 \");\n\n tag_insight = \"OpenSSL is a toolkit that implemnts the Secure Sockets Layer\n(SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary.\n\nIt was discovered that the OBJ_obj2txt() function could fail to properly\nNUL-terminate its output. This could possibly cause an application using\nOpenSSL functions to format fields of X.509 certificates to disclose\nportions of its memory. (CVE-2014-3508)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS packets.\nA remote attacker could use these flaws to cause a DTLS server or client\nusing OpenSSL to crash or use excessive amounts of memory. (CVE-2014-0221,\nCVE-2014-3505, CVE-2014-3506)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a\nhandshake when using the anonymous Diffie-Hellman (DH) key exchange. A\nmalicious server could cause a DTLS client using OpenSSL to crash if that\nclient had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2014-0221. Upstream acknowledges Imre Rad of Search-Lab as the original\nreporter of this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n\";\n\n tag_affected = \"openssl on CentOS 5\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2014:1053\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2014-August/020487.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8e~27.el5_10.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~0.9.8e~27.el5_10.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~0.9.8e~27.el5_10.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-11-23T15:14:15", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2014-08-14T00:00:00", "id": "OPENVAS:1361412562310871226", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871226", "title": "RedHat Update for openssl RHSA-2014:1053-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for openssl RHSA-2014:1053-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871226\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-08-14 05:54:26 +0200 (Thu, 14 Aug 2014)\");\n script_cve_id(\"CVE-2014-0221\", \"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3508\", \"CVE-2014-3510\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"RedHat Update for openssl RHSA-2014:1053-01\");\n\n\n script_tag(name:\"affected\", value:\"openssl on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary.\n\nIt was discovered that the OBJ_obj2txt() function could fail to properly\nNUL-terminate its output. This could possibly cause an application using\nOpenSSL functions to format fields of X.509 certificates to disclose\nportions of its memory. (CVE-2014-3508)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS packets.\nA remote attacker could use these flaws to cause a DTLS server or client\nusing OpenSSL to crash or use excessive amounts of memory. (CVE-2014-0221,\nCVE-2014-3505, CVE-2014-3506)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a\nhandshake when using the anonymous Diffie-Hellman (DH) key exchange. A\nmalicious server could cause a DTLS client using OpenSSL to crash if that\nclient had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2014-0221. Upstream acknowledges Imre Rad of Search-Lab as the original\nreporter of this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:1053-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-August/msg00027.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8e~27.el5_10.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~0.9.8e~27.el5_10.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~0.9.8e~27.el5_10.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~0.9.8e~27.el5_10.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "huawei": [{"lastseen": "2019-02-01T18:01:48", "bulletinFamily": "software", "description": "Products\n\nSwitches\nRouters\nWLAN\nServers\nSee All\n\n\n\nSolutions\n\nCloud Data Center\nEnterprise Networking\nWireless Private Network\nSolutions by Industry\nSee All\n\n\n\nServices\n\nTraining and Certification\nICT Lifecycle Services\nTechnology Services\nIndustry Solution Services\nSee All\n\n\n\nSee all offerings at e.huawei.com\n\n\n\nNeed Support ?\n\nProduct Support\nSoftware Download\nCommunity\nTools\n\nGo to Full Support", "modified": "2015-03-11T00:00:00", "published": "2014-10-08T00:00:00", "id": "HUAWEI-SA-20141008-OPENSSL", "href": "https://www.huawei.com/en/psirt/security-advisories/2015/hw-372998", "title": "Security Advisory-9 OpenSSL vulnerabilities on Huawei products", "type": "huawei", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-18T13:49:02", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2998-1 security@debian.org\nhttp://www.debian.org/security/ Raphael Geissert\nAugust 07, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openssl\nCVE ID : CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 \n CVE-2014-3509 CVE-2014-3510 CVE-2014-3511 CVE-2014-3512 \n CVE-2014-5139\n\nMultiple vulnerabilities have been identified in OpenSSL, a Secure\nSockets Layer toolkit, that may result in denial of service\n(application crash, large memory consumption), information leak,\nprotocol downgrade. Additionally, a buffer overrun affecting only\napplications explicitly set up for SRP has been fixed (CVE-2014-3512).\n\nDetailed descriptions of the vulnerabilities can be found at:\nhttps://www.openssl.org/news/secadv_20140806.txt\n\nIt's important that you upgrade the libssl1.0.0 package and not just\nthe openssl package.\n\nAll applications linked to openssl need to be restarted. You can use\nthe "checkrestart" tool from the debian-goodies package to detect\naffected programs. Alternatively, you may reboot your system.\n\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.0.1e-2+deb7u12.\n\nFor the testing distribution (jessie), these problems will be fixed\nsoon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.1i-1.\n\nWe recommend that you upgrade your openssl packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2014-08-06T23:45:18", "published": "2014-08-06T23:45:18", "id": "DEBIAN:DSA-2998-1:7D1C0", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00180.html", "title": "[SECURITY] [DSA 2998-1] openssl security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-16T22:14:29", "bulletinFamily": "unix", "description": "Package : openssl\nVersion : 0.9.8o-4squeeze17\nCVE ID : CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 \n CVE-2014-3510\n\nDetailed descriptions of the vulnerabilities can be found at:\nhttps://www.openssl.org/news/secadv_20140806.txt\n\nIt's important that you upgrade the libssl0.9.8 package and not just\nthe openssl package.\n\nAll applications linked to openssl need to be restarted. You can use\nthe "checkrestart" tool from the debian-goodies package to detect\naffected programs. Alternatively, you may reboot your system.\n\n", "modified": "2014-08-07T20:36:26", "published": "2014-08-07T20:36:26", "id": "DEBIAN:DLA-33-1:85002", "href": "https://lists.debian.org/debian-lts-announce/2014/debian-lts-announce-201408/msg00007.html", "title": "[DLA 33-1] openssl security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "aix": [{"lastseen": "2018-08-31T00:08:33", "bulletinFamily": "unix", "description": "IBM SECURITY ADVISORY\n\nFirst Issued: <Tue Sep 9 00:50:00 CDT 2014>\n\nThe most recent version of this document is available here:\n\nhttp://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc\nhttps://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc\nftp://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc\n===============================================================================\n VULNERABILITY SUMMARY\n\n1.VULNERABILITY: AIX OpenSSL Denial of Service due to double free\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-3505\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n2. VULNERABILITY: AIX OpenSSL Denial of Service due to memory allocation of large length values\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-3506\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n3. VULNERABILITY: AIX OpenSSL Denial of Service due to improper handling of the return value\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-3507\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n4. VULNERABILITY: AIX OpenSSL allows attackers to obtain sensitive information\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-3508\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n5. VULNERABILITY: AIX OpenSSL Denial of Service due to memory overwrite\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-3509\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n6. VULNERABILITY: AIX OpenSSL Denial of Service due to NULL pointer dereference\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-3510\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n7. VULNERABILITY: AIX OpenSSL Man-in-the-Middle attack related to protocol downgrade issue\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-3511\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n8. VULNERABILITY: AIX OpenSSL Denial of Service due to invalid SRP (1)g, (2)A or (3)B parameter\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-3512\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n9. VULNERABILITY: AIX OpenSSL Denial of Service due to NULL pointer dereference\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-5139\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n===============================================================================\n DETAILED INFORMATION\n\nI. DESCRIPTION \n \n 1. CVE-2014-3505\n\tOpenSSL could allow remote attackers to cause a denial of service \n\t(application crash) via crafted DTLS packets that trigger an error condition.\n\n 2. CVE-2014-3506\n\tOpenSSL could allow remote attackers to cause a denial of service (memory \n\tconsumption) via crafted DTLS handshake messages that trigger memory \n\tallocations corresponding to large length values.\n\n 3. CVE-2014-3507\n\tOpenSSL could allow remote attackers to cause a denial of service \n\t(memory consumption) via zero-length DTLS fragments that trigger improper \n\thandling of the return value of insert function.\n\n 4. CVE-2014-3508\n\tOpenSSL could allow context-dependent attackers to obtain sensitive information \n\tfrom process stack memory by reading output from some functions when pretty \n\tprinting is used\n\n 5. CVE-2014-3509\n\tOpenSSL could allow remote SSL servers to cause a denial of service \n\t(memory overwrite and client application crash) or possibly have unspecified \n\timpact by sending Elliptic Curve (EC) Supported Point Formats Extension data when\n\tmultithreading and session resumption are used\n\n 6. CVE-2014-3510\n\tOpenSSL could allow remote DTLS servers to cause a denial of service \n\t(NULL pointer dereference and client application crash) via a crafted \n\thandshake message in conjunction with a (1) anonymous DH or \n\t(2) anonymous ECDH ciphersuite.\n\n 7. CVE-2014-3511\n\tOpenSSL could allow man-in-the middle attacker to force the use of TLS 1.0 by \n\ttriggering ClientHello message fragmentation in communication between a \n\tclient and server that both support later TLS versions, related to a \n\t\"protocol downgrade\" issue\n\n 8. CVE-2014-3512\n\tOpenssl could allow remote attackers to cause a denial of service or possibly \n\thave unspecified impact via an invalid SRP (1)g, (2)A or (3)B parameter\n\n 9. CVE-2014-5139\n\tOpenSSL could allow SSL servers to cause a denial of service (NULL pointer \n\tdeference and client application crash) through a ServerHello message that \n\tinclude an SRP ciphersuite without the required negotiation of that \n\tciphersuite with the client\n\nII. CVSS\n\n 1. CVE-2014-3505\n CVSS Base Score: 5\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/95163\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n 2. CVE-2014-3506\n CVSS Base Score: 5\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/95160\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n 3. CVE-2014-3507\n CVSS Base Score: 5\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/95161\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n 4. CVE-2014-3508\n CVSS Base Score: 4.3\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/95165\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n 5. CVE-2014-3509\n CVSS Base Score: 4.3\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/95159\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n 6. CVE-2014-3510\n CVSS Base Score: 4.3\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/95164\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n 7. CVE-2014-3511\n CVSS Base Score: 4.3\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/95162\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n 8. CVE-2014-3512\n CVSS Base Score: 5\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/95158\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n 9. CVE-2014-5139\n CVSS Base Score: 5\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/95166\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\nIII. PLATFORM VULNERABILITY ASSESSMENT\n\n To determine if your system is vulnerable, execute the following\n command:\n\n lslpp -L openssl.base\n \n The following fileset levels are vulnerable:\n \n A. CVE-2014-3509, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139\n\n AIX Fileset Lower Level Upper Level \n ------------------------------------------\n openssl.base 1.0.1.500 1.0.1.511\n\n B. CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3510\n\n AIX Fileset Lower Level Upper Level \n ------------------------------------------\n openssl.base 1.0.1.500 1.0.1.511\n openssl.base 0.9.8.401 0.9.8.2502\n openssl.base 12.9.8.1100 12.9.8.2502\n\n\nIV. SOLUTIONS\n\n A. FIXES\n\n Fix is available. The fix can be downloaded via ftp\n from:\n\n ftp://aix.software.ibm.com/aix/efixes/security/openssl_fix10.tar\n\n The link above is to a tar file containing this signed\n advisory, fix packages, and OpenSSL signatures for each package.\n The fixes below include prerequisite checking. This will\n enforce the correct mapping between the fixes and AIX\n releases.\n\n\tNote that the tar file contains Interim fixes that are based on OpenSSL version.\n\n AIX Level Interim Fix (*.Z) Fileset Name\n -------------------------------------------------------------------\n 5.3, 6.1, 7.1 101_fix.140902.epkg.Z\t openssl.base(1.0.1.511 version)\n 5.3, 6.1, 7.1 098_fix.140902.epkg.Z\t openssl.base(0.9.8.2502 version)\n 5.3, 6.1, 7.1 1298_fix.140902.epkg.Z \t openssl.base(12.9.8.2502 version)\n\n VIOS Level Interim Fix (*.Z)\t Fileset Name\n -------------------------------------------------------------------\n 2.2.* 101_fix.140902.epkg.Z\t openssl.base(1.0.1.511 version)\n 2.2.* 098_fix.140902.epkg.Z\t openssl.base(0.9.8.2502 version)\n 2.2.* 1298_fix.140902.epkg.Z \t openssl.base(12.9.8.2502 version)\n\n\n To extract the fix from the tar file:\n\n tar xvf openssl_fix10.tar\n cd openssl_fix10\n\n Verify you have retrieved the fix intact:\n\n The checksums below were generated using the\n \"openssl dgst -sha256 file\" command is the followng:\n\n openssl dgst -sha256 \t\t\t\t\t\t filename\t \n ----------------------------------------------------------------------------------------------\n \t4b5dcf19fbe1068b65b9ecc125d098fcf6f2077971e80c8da7bdfb2260554bd6 \t101_fix.140902.epkg.Z\n\t 834ff7e39d65c98eb7d96b877eab5c2f3ce9922d6ee5b8278358ae6b86d6ab87\t098_fix.140902.epkg.Z\n\t 749536a5247176e8074ba1ec289426cbd4b484c9925ce17a66b411fad2e90841\t1298_fix.140902.epkg.Z\n\n\t These sums should match exactly. The OpenSSL signatures in the tar\n file and on this advisory can also be used to verify the\n integrity of the fixes. If the sums or signatures cannot be\n confirmed, contact IBM AIX Security at\n security-alert@austin.ibm.com and describe the discrepancy.\n \n Published advisory OpenSSL signature file location:\n\n http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc.sig\n https://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc.sig\n ftp://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc.sig \n\n\t openssl dgst -sha1 -verify <pubkey_file> -signature <advisory_file>.sig <advisory_file>\n\n openssl dgst -sha1 -verify <pubkey_file> -signature <ifix_file>.sig <ifix_file>\n\n These fixes will also be part of the next filesets of OpenSSL versions 0.9.8.2503, 12.9.8.2503 and 1.0.1.512.\n\t\n These filesets will be made available by 10th October 2014 and can be downloaded from - \n\n\t https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=aixbp&lang=en_US&S_PKG=openssl&cp=UTF-8\n\n \n B. FIX AND INTERIM FIX INSTALLATION\n\n IMPORTANT: If possible, it is recommended that a mksysb backup\n of the system be created. Verify it is both bootable and\n readable before proceeding.\n\n To preview a fix installation:\n\n installp -a -d fix_name -p all # where fix_name is the name of the\n # fix package being previewed.\n To install a fix package:\n\n installp -a -d fix_name -X all # where fix_name is the name of the\n # fix package being installed.\n\n Interim fixes have had limited functional and regression\n testing but not the full regression testing that takes place\n for Service Packs; however, IBM does fully support them.\n\n Interim fix management documentation can be found at:\n\n http://www14.software.ibm.com/webapp/set2/sas/f/aix.efixmgmt/home.html\n\n To preview an interim fix installation:\n\n emgr -e ipkg_name -p # where ipkg_name is the name of the\n # interim fix package being previewed.\n\n To install an interim fix package:\n\n emgr -e ipkg_name -X # where ipkg_name is the name of the\n # interim fix package being installed.\n\n\nV. WORKAROUNDS\n \n No workarounds.\n\nVI. CONTACT INFORMATION\n\n If you would like to receive AIX Security Advisories via email,\n please visit:\n\n http://www.ibm.com/systems/support\n\n and click on the \"My notifications\" link.\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n \n Comments regarding the content of this announcement can be\n directed to:\n\n security-alert@austin.ibm.com\n\n To obtain the OpenSSL public key that can be used to verify the\n signed advisories and ifixes:\n\n Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pgpkey.txt\n\n To obtain the PGP public key that can be used to communicate\n securely with the AIX Security Team you can either:\n\n A. Send an email with \"get key\" in the subject line to:\n\n security-alert@austin.ibm.com\n\n B. Download the key from a PGP Public Key Server. The key ID is:\n\n 0x28BFAA12\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n\n\nVII. REFERENCES:\n\n Note: Keywords labeled as KEY in this document are used for parsing purposes.\n\n eServer is a trademark of International Business Machines\n Corporation. IBM, AIX and pSeries are registered trademarks of\n International Business Machines Corporation. All other trademarks\n are property of their respective holders.\n\n Complete CVSS Guide: http://www.first.org/cvss/cvss-guide.html\n On-line Calculator V2: http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2\n\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/95163\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/95160\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/95161\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/95165\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/95159\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/95164\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/95162\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/95158\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/95166\n CVE-2014-3505 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505\n CVE-2014-3506 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506\n CVE-2014-3507 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507\n CVE-2014-3508 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508\n CVE-2014-3509 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509\n CVE-2014-3510 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510\n CVE-2014-3511 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511\n CVE-2014-3512 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3512\n CVE-2014-5139 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5139\n\n *The CVSS Environment Score is customer environment specific and will\n ultimately impact the Overall CVSS Score. Customers can evaluate the\n impact of this vulnerability in their environments by accessing the links\n in the Reference section of this Flash.\n\n Note: According to the Forum of Incident Response and Security Teams\n (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry\n open standard designed to convey vulnerability severity and help to\n determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES\n \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF\n MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE\n RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY\n VULNERABILITY.\n", "modified": "2014-09-09T00:50:00", "published": "2014-09-09T00:50:00", "id": "OPENSSL_ADVISORY10.ASC", "href": "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc", "title": "AIX OpenSSL Denial of Service due to double free and others", "type": "aix", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:47", "bulletinFamily": "unix", "description": "Adam Langley and Wan-Teh Chang discovered that OpenSSL incorrectly handled certain DTLS packets. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2014-3505)\n\nAdam Langley discovered that OpenSSL incorrectly handled memory when processing DTLS handshake messages. A remote attacker could use this issue to cause OpenSSL to consume memory, resulting in a denial of service. (CVE-2014-3506)\n\nAdam Langley discovered that OpenSSL incorrectly handled memory when processing DTLS fragments. A remote attacker could use this issue to cause OpenSSL to leak memory, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3507)\n\nIvan Fratric discovered that OpenSSL incorrectly leaked information in the pretty printing functions. When OpenSSL is used with certain applications, an attacker may use this issue to possibly gain access to sensitive information. (CVE-2014-3508)\n\nGabor Tyukasz discovered that OpenSSL contained a race condition when processing serverhello messages. A malicious server could use this issue to cause clients to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3509)\n\nFelix Gr\u00c3\u00b6bert discovered that OpenSSL incorrectly handled certain DTLS handshake messages. A malicious server could use this issue to cause clients to crash, resulting in a denial of service. (CVE-2014-3510)\n\nDavid Benjamin and Adam Langley discovered that OpenSSL incorrectly handled fragmented ClientHello messages. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be used to force a protocol downgrade to TLS 1.0. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3511)\n\nSean Devlin and Watson Ladd discovered that OpenSSL incorrectly handled certain SRP parameters. A remote attacker could use this with applications that use SRP to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3512)\n\nJoonas Kuorilehto and Riku Hietam\u00c3\u00a4ki discovered that OpenSSL incorrectly handled certain Server Hello messages that specify an SRP ciphersuite. A malicious server could use this issue to cause clients to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-5139)", "modified": "2014-08-07T00:00:00", "published": "2014-08-07T00:00:00", "id": "USN-2308-1", "href": "https://usn.ubuntu.com/2308-1/", "title": "OpenSSL vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "amazon": [{"lastseen": "2018-10-02T16:55:09", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nA flaw was discovered in the way OpenSSL handled DTLS packets. A remote attacker could use this flaw to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory. \n\nMultiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid SRP (1) g, (2) A, or (3) B parameter. \n\nA flaw was found in the way OpenSSL handled fragmented handshake packets. A man-in-the-middle attacker could use this flaw to force a TLS/SSL server using OpenSSL to use TLS 1.0, even if both the client and the server supported newer protocol versions. \n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a handshake when using the anonymous Diffie-Hellman (DH) key exchange. A malicious server could cause a DTLS client using OpenSSL to crash if that client had anonymous DH cipher suites enabled. \n\nIt was discovered that the OBJ_obj2txt() function could fail to properly NUL-terminate its output. This could possibly cause an application using OpenSSL functions to format fields of X.509 certificates to disclose portions of its memory. \n\nA race condition was found in the way OpenSSL handled ServerHello messages with an included Supported EC Point Format extension. A malicious server could possibly use this flaw to cause a multi-threaded TLS/SSL client using OpenSSL to write into freed memory, causing the client to crash or execute arbitrary code. \n\nThe ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client.\n\n \n**Affected Packages:** \n\n\nopenssl\n\n \n**Issue Correction:** \nRun _yum update openssl_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n openssl-devel-1.0.1i-1.78.amzn1.i686 \n openssl-debuginfo-1.0.1i-1.78.amzn1.i686 \n openssl-perl-1.0.1i-1.78.amzn1.i686 \n openssl-1.0.1i-1.78.amzn1.i686 \n openssl-static-1.0.1i-1.78.amzn1.i686 \n \n src: \n openssl-1.0.1i-1.78.amzn1.src \n \n x86_64: \n openssl-static-1.0.1i-1.78.amzn1.x86_64 \n openssl-debuginfo-1.0.1i-1.78.amzn1.x86_64 \n openssl-devel-1.0.1i-1.78.amzn1.x86_64 \n openssl-1.0.1i-1.78.amzn1.x86_64 \n openssl-perl-1.0.1i-1.78.amzn1.x86_64 \n \n \n", "modified": "2014-09-19T11:59:00", "published": "2014-09-19T11:59:00", "id": "ALAS-2014-391", "href": "https://alas.aws.amazon.com/ALAS-2014-391.html", "title": "Medium: openssl", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2017-10-03T18:25:24", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2014:1052\n\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary.\n\nA race condition was found in the way OpenSSL handled ServerHello messages\nwith an included Supported EC Point Format extension. A malicious server\ncould possibly use this flaw to cause a multi-threaded TLS/SSL client using\nOpenSSL to write into freed memory, causing the client to crash or execute\narbitrary code. (CVE-2014-3509)\n\nIt was discovered that the OBJ_obj2txt() function could fail to properly\nNUL-terminate its output. This could possibly cause an application using\nOpenSSL functions to format fields of X.509 certificates to disclose\nportions of its memory. (CVE-2014-3508)\n\nA flaw was found in the way OpenSSL handled fragmented handshake packets.\nA man-in-the-middle attacker could use this flaw to force a TLS/SSL server\nusing OpenSSL to use TLS 1.0, even if both the client and the server\nsupported newer protocol versions. (CVE-2014-3511)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS packets.\nA remote attacker could use these flaws to cause a DTLS server or client\nusing OpenSSL to crash or use excessive amounts of memory. (CVE-2014-3505,\nCVE-2014-3506, CVE-2014-3507)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a\nhandshake when using the anonymous Diffie-Hellman (DH) key exchange. A\nmalicious server could cause a DTLS client using OpenSSL to crash if that\nclient had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-August/020488.html\nhttp://lists.centos.org/pipermail/centos-announce/2014-August/020489.html\n\n**Affected packages:**\nopenssl\nopenssl-devel\nopenssl-libs\nopenssl-perl\nopenssl-static\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-1052.html", "modified": "2014-08-13T20:25:33", "published": "2014-08-13T20:10:43", "href": "http://lists.centos.org/pipermail/centos-announce/2014-August/020488.html", "id": "CESA-2014:1052", "title": "openssl security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-03T18:25:28", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2014:1053\n\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary.\n\nIt was discovered that the OBJ_obj2txt() function could fail to properly\nNUL-terminate its output. This could possibly cause an application using\nOpenSSL functions to format fields of X.509 certificates to disclose\nportions of its memory. (CVE-2014-3508)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS packets.\nA remote attacker could use these flaws to cause a DTLS server or client\nusing OpenSSL to crash or use excessive amounts of memory. (CVE-2014-0221,\nCVE-2014-3505, CVE-2014-3506)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a\nhandshake when using the anonymous Diffie-Hellman (DH) key exchange. A\nmalicious server could cause a DTLS client using OpenSSL to crash if that\nclient had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2014-0221. Upstream acknowledges Imre Rad of Search-Lab as the original\nreporter of this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-August/020487.html\n\n**Affected packages:**\nopenssl\nopenssl-devel\nopenssl-perl\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-1053.html", "modified": "2014-08-13T19:52:24", "published": "2014-08-13T19:52:24", "href": "http://lists.centos.org/pipermail/centos-announce/2014-August/020487.html", "id": "CESA-2014:1053", "title": "openssl security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:38:47", "bulletinFamily": "unix", "description": "[1.0.1e-34.4]\n- fix CVE-2014-3505 - doublefree in DTLS packet processing\n- fix CVE-2014-3506 - avoid memory exhaustion in DTLS\n- fix CVE-2014-3507 - avoid memory leak in DTLS\n- fix CVE-2014-3508 - fix OID handling to avoid information leak\n- fix CVE-2014-3509 - fix race condition when parsing server hello\n- fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS\n- fix CVE-2014-3511 - disallow protocol downgrade via fragmentation", "modified": "2014-08-13T00:00:00", "published": "2014-08-13T00:00:00", "id": "ELSA-2014-1052", "href": "http://linux.oracle.com/errata/ELSA-2014-1052.html", "title": "openssl security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:40:42", "bulletinFamily": "unix", "description": "[0.9.8e-27.4]\n- fix CVE-2014-0221 - recursion in DTLS code leading to DoS\n- fix CVE-2014-3505 - doublefree in DTLS packet processing\n- fix CVE-2014-3506 - avoid memory exhaustion in DTLS\n- fix CVE-2014-3508 - fix OID handling to avoid information leak\n- fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS\n[0.9.8e-27.3]\n- fix for CVE-2014-0224 - SSL/TLS MITM vulnerability\n[0.9.8e-27.1]\n- replace expired GlobalSign Root CA certificate in ca-bundle.crt", "modified": "2014-08-13T00:00:00", "published": "2014-08-13T00:00:00", "id": "ELSA-2014-1053", "href": "http://linux.oracle.com/errata/ELSA-2014-1053.html", "title": "openssl security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:46:18", "bulletinFamily": "unix", "description": "[0.9.8e-31]\n- add support for fallback SCSV to partially mitigate CVE-2014-3566\n (padding attack on SSL3)\n[0.9.8e-30]\n- fix CVE-2014-0221 - recursion in DTLS code leading to DoS\n- fix CVE-2014-3505 - doublefree in DTLS packet processing\n- fix CVE-2014-3506 - avoid memory exhaustion in DTLS\n- fix CVE-2014-3508 - fix OID handling to avoid information leak\n- fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS\n[0.9.8e-29]\n- fix for CVE-2014-0224 - SSL/TLS MITM vulnerability\n[0.9.8e-28]\n- replace expired GlobalSign Root CA certificate in ca-bundle.crt", "modified": "2014-10-16T00:00:00", "published": "2014-10-16T00:00:00", "id": "ELSA-2014-1653", "href": "http://linux.oracle.com/errata/ELSA-2014-1653.html", "title": "openssl security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-12-11T17:46:05", "bulletinFamily": "unix", "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary.\n\nA race condition was found in the way OpenSSL handled ServerHello messages\nwith an included Supported EC Point Format extension. A malicious server\ncould possibly use this flaw to cause a multi-threaded TLS/SSL client using\nOpenSSL to write into freed memory, causing the client to crash or execute\narbitrary code. (CVE-2014-3509)\n\nIt was discovered that the OBJ_obj2txt() function could fail to properly\nNUL-terminate its output. This could possibly cause an application using\nOpenSSL functions to format fields of X.509 certificates to disclose\nportions of its memory. (CVE-2014-3508)\n\nA flaw was found in the way OpenSSL handled fragmented handshake packets.\nA man-in-the-middle attacker could use this flaw to force a TLS/SSL server\nusing OpenSSL to use TLS 1.0, even if both the client and the server\nsupported newer protocol versions. (CVE-2014-3511)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS packets.\nA remote attacker could use these flaws to cause a DTLS server or client\nusing OpenSSL to crash or use excessive amounts of memory. (CVE-2014-3505,\nCVE-2014-3506, CVE-2014-3507)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a\nhandshake when using the anonymous Diffie-Hellman (DH) key exchange. A\nmalicious server could cause a DTLS client using OpenSSL to crash if that\nclient had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library must be restarted or the\nsystem rebooted.\n", "modified": "2015-04-24T14:17:46", "published": "2014-08-14T04:00:00", "id": "RHSA-2014:1054", "href": "https://access.redhat.com/errata/RHSA-2014:1054", "type": "redhat", "title": "(RHSA-2014:1054) Moderate: openssl security update", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-11T19:41:25", "bulletinFamily": "unix", "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary.\n\nA race condition was found in the way OpenSSL handled ServerHello messages\nwith an included Supported EC Point Format extension. A malicious server\ncould possibly use this flaw to cause a multi-threaded TLS/SSL client using\nOpenSSL to write into freed memory, causing the client to crash or execute\narbitrary code. (CVE-2014-3509)\n\nIt was discovered that the OBJ_obj2txt() function could fail to properly\nNUL-terminate its output. This could possibly cause an application using\nOpenSSL functions to format fields of X.509 certificates to disclose\nportions of its memory. (CVE-2014-3508)\n\nA flaw was found in the way OpenSSL handled fragmented handshake packets.\nA man-in-the-middle attacker could use this flaw to force a TLS/SSL server\nusing OpenSSL to use TLS 1.0, even if both the client and the server\nsupported newer protocol versions. (CVE-2014-3511)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS packets.\nA remote attacker could use these flaws to cause a DTLS server or client\nusing OpenSSL to crash or use excessive amounts of memory. (CVE-2014-3505,\nCVE-2014-3506, CVE-2014-3507)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a\nhandshake when using the anonymous Diffie-Hellman (DH) key exchange. A\nmalicious server could cause a DTLS client using OpenSSL to crash if that\nclient had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n", "modified": "2018-06-06T20:24:27", "published": "2014-08-13T04:00:00", "id": "RHSA-2014:1052", "href": "https://access.redhat.com/errata/RHSA-2014:1052", "type": "redhat", "title": "(RHSA-2014:1052) Moderate: openssl security update", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-11T17:44:15", "bulletinFamily": "unix", "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary.\n\nIt was discovered that the OBJ_obj2txt() function could fail to properly\nNUL-terminate its output. This could possibly cause an application using\nOpenSSL functions to format fields of X.509 certificates to disclose\nportions of its memory. (CVE-2014-3508)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS packets.\nA remote attacker could use these flaws to cause a DTLS server or client\nusing OpenSSL to crash or use excessive amounts of memory. (CVE-2014-0221,\nCVE-2014-3505, CVE-2014-3506)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a\nhandshake when using the anonymous Diffie-Hellman (DH) key exchange. A\nmalicious server could cause a DTLS client using OpenSSL to crash if that\nclient had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2014-0221. Upstream acknowledges Imre Rad of Search-Lab as the original\nreporter of this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n", "modified": "2017-09-08T12:08:28", "published": "2014-08-13T04:00:00", "id": "RHSA-2014:1053", "href": "https://access.redhat.com/errata/RHSA-2014:1053", "type": "redhat", "title": "(RHSA-2014:1053) Moderate: openssl security update", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "cve": [{"lastseen": "2017-04-18T15:55:11", "bulletinFamily": "NVD", "description": "The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client.", "modified": "2017-01-06T22:00:26", "published": "2014-08-13T19:55:07", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5139", "id": "CVE-2014-5139", "title": "CVE-2014-5139", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-08-29T10:48:16", "bulletinFamily": "NVD", "description": "Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid SRP (1) g, (2) A, or (3) B parameter.", "modified": "2017-08-28T21:34:46", "published": "2014-08-13T19:55:07", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3512", "id": "CVE-2014-3512", "title": "CVE-2014-3512", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-18T15:54:54", "bulletinFamily": "NVD", "description": "Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition.", "modified": "2017-01-06T22:00:02", "published": "2014-08-13T19:55:07", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3505", "id": "CVE-2014-3505", "title": "CVE-2014-3505", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-08-29T10:48:16", "bulletinFamily": "NVD", "description": "Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of the return value of a certain insert function.", "modified": "2017-08-28T21:34:46", "published": "2014-08-13T19:55:07", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3507", "id": "CVE-2014-3507", "title": "CVE-2014-3507", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-11-15T11:55:25", "bulletinFamily": "NVD", "description": "The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\\0' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions.", "modified": "2017-11-14T21:29:04", "published": "2014-08-13T19:55:07", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3508", "id": "CVE-2014-3508", "title": "CVE-2014-3508", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-08-29T10:48:16", "bulletinFamily": "NVD", "description": "d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values.", "modified": "2017-08-28T21:34:46", "published": "2014-08-13T19:55:07", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3506", "id": "CVE-2014-3506", "title": "CVE-2014-3506", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-08-29T10:48:16", "bulletinFamily": "NVD", "description": "The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake message in conjunction with a (1) anonymous DH or (2) anonymous ECDH ciphersuite.", "modified": "2017-08-28T21:34:46", "published": "2014-08-13T19:55:07", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3510", "id": "CVE-2014-3510", "title": "CVE-2014-3510", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-11-15T11:55:25", "bulletinFamily": "NVD", "description": "Race condition in the ssl_parse_serverhello_tlsext function in t1_lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL servers to cause a denial of service (memory overwrite and client application crash) or possibly have unspecified other impact by sending Elliptic Curve (EC) Supported Point Formats Extension data.", "modified": "2017-11-14T21:29:04", "published": "2014-08-13T19:55:07", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3509", "id": "CVE-2014-3509", "title": "CVE-2014-3509", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-11-15T11:55:25", "bulletinFamily": "NVD", "description": "The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both support later TLS versions, related to a \"protocol downgrade\" issue.", "modified": "2017-11-14T21:29:04", "published": "2014-08-13T19:55:07", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3511", "id": "CVE-2014-3511", "title": "CVE-2014-3511", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:51", "bulletinFamily": "unix", "description": "### Background\n\nOpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library. \n\n### Description\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker may be able to cause a Denial of Service condition, perform Man-in-the-Middle attacks, obtain sensitive information, or bypass security restrictions. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll OpenSSL 1.0.1 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/openssl-1.0.1j\"\n \n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/openssl-0.9.8z_p2\"\n \n\nPackages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying these packages.", "modified": "2015-06-06T00:00:00", "published": "2014-12-26T00:00:00", "id": "GLSA-201412-39", "href": "https://security.gentoo.org/glsa/201412-39", "type": "gentoo", "title": "OpenSSL: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openssl": [{"lastseen": "2016-09-26T17:22:34", "bulletinFamily": "software", "description": "A crash was found affecting SRP ciphersuites used in a Server Hello message. The issue affects OpenSSL clients and allows a malicious server to crash the client with a null pointer dereference (read) by specifying an SRP ciphersuite even though it was not properly negotiated with the client. This could lead to a Denial of Service. Reported by Joonas Kuorilehto and Riku Hietam\u00e4ki (Codenomicon).", "modified": "2014-08-06T00:00:00", "published": "2014-08-06T00:00:00", "id": "OPENSSL:CVE-2014-5139", "href": "https://www.openssl.org/news/vulnerabilities.html", "type": "openssl", "title": "Vulnerability in OpenSSL (CVE-2014-5139)", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:22:34", "bulletinFamily": "software", "description": "A DTLS memory leak from zero-length fragments was found. By sending carefully crafted DTLS packets an attacker could cause OpenSSL to leak memory. This could lead to a Denial of Service attack. Reported by Adam Langley (Google).", "modified": "2014-08-06T00:00:00", "published": "2014-08-06T00:00:00", "id": "OPENSSL:CVE-2014-3507", "href": "https://www.openssl.org/news/vulnerabilities.html", "type": "openssl", "title": "Vulnerability in OpenSSL (CVE-2014-3507)", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:22:34", "bulletinFamily": "software", "description": "A SRP buffer overrun was found. A malicious client or server can send invalid SRP parameters and overrun an internal buffer. Only applications which are explicitly set up for SRP use are affected. Reported by Sean Devlin and Watson Ladd (Cryptography Services, NCC Group).", "modified": "2014-08-06T00:00:00", "published": "2014-08-06T00:00:00", "id": "OPENSSL:CVE-2014-3512", "href": "https://www.openssl.org/news/vulnerabilities.html", "type": "openssl", "title": "Vulnerability in OpenSSL (CVE-2014-3512)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:22:34", "bulletinFamily": "software", "description": "A Double Free was found when processing DTLS packets. An attacker can force an error condition which causes openssl to crash whilst processing DTLS packets due to memory being freed twice. This could lead to a Denial of Service attack. Reported by Adam Langley and Wan-Teh Chang (Google).", "modified": "2014-08-06T00:00:00", "published": "2014-08-06T00:00:00", "id": "OPENSSL:CVE-2014-3505", "href": "https://www.openssl.org/news/vulnerabilities.html", "type": "openssl", "title": "Vulnerability in OpenSSL (CVE-2014-3505)", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:22:34", "bulletinFamily": "software", "description": "A DTLS flaw leading to memory exhaustion was found. An attacker can force openssl to consume large amounts of memory whilst processing DTLS handshake messages. This could lead to a Denial of Service attack. Reported by Adam Langley (Google).", "modified": "2014-08-06T00:00:00", "published": "2014-08-06T00:00:00", "id": "OPENSSL:CVE-2014-3506", "href": "https://www.openssl.org/news/vulnerabilities.html", "type": "openssl", "title": "Vulnerability in OpenSSL (CVE-2014-3506)", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:22:34", "bulletinFamily": "software", "description": "A flaw in handling DTLS anonymous EC(DH) ciphersuites was found. OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a denial of service attack. A malicious server can crash the client with a null pointer dereference (read) by specifying an anonymous (EC)DH ciphersuite and sending carefully crafted handshake messages. Reported by Felix Gr\u00f6bert (Google).", "modified": "2014-08-06T00:00:00", "published": "2014-08-06T00:00:00", "id": "OPENSSL:CVE-2014-3510", "href": "https://www.openssl.org/news/vulnerabilities.html", "type": "openssl", "title": "Vulnerability in OpenSSL (CVE-2014-3510)", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:22:34", "bulletinFamily": "software", "description": "A race condition was found in ssl_parse_serverhello_tlsext. If a multithreaded client connects to a malicious server using a resumed session and the server sends an ec point format extension, it could write up to 255 bytes to freed memory. Reported by Gabor Tyukasz (LogMeIn Inc).", "modified": "2014-08-06T00:00:00", "published": "2014-08-06T00:00:00", "id": "OPENSSL:CVE-2014-3509", "href": "https://www.openssl.org/news/vulnerabilities.html", "type": "openssl", "title": "Vulnerability in OpenSSL (CVE-2014-3509)", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:22:34", "bulletinFamily": "software", "description": "A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate TLS 1.0 instead of higher protocol versions when the ClientHello message is badly fragmented. This allows a man-in-the-middle attacker to force a downgrade to TLS 1.0 even if both the server and the client support a higher protocol version, by modifying the client's TLS records. Reported by David Benjamin and Adam Langley (Google).", "modified": "2014-08-06T00:00:00", "published": "2014-08-06T00:00:00", "id": "OPENSSL:CVE-2014-3511", "href": "https://www.openssl.org/news/vulnerabilities.html", "type": "openssl", "title": "Vulnerability in OpenSSL (CVE-2014-3511)", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-26T17:22:34", "bulletinFamily": "software", "description": "A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex, to leak some information from the stack. Applications may be affected if they echo pretty printing output to the attacker. OpenSSL SSL/TLS clients and servers themselves are not affected. Reported by Ivan Fratric (Google).", "modified": "2014-08-06T00:00:00", "published": "2014-08-06T00:00:00", "id": "OPENSSL:CVE-2014-3508", "href": "https://www.openssl.org/news/vulnerabilities.html", "type": "openssl", "title": "Vulnerability in OpenSSL (CVE-2014-3508)", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}]}