Mandriva Update for openssl MDVSA-2012:007 (openssl)

Mandriva Update for openssl MDVSA-2012:007 (openssl

Reporter	Title	Published	Views	Family All 319
IBM Security Bulletins	Security Bulletin: IBM Sterling Connect:Express for UNIX is affected by multiple vulnerabilities in OpenSSL	24 Jul 202022:49	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Network Intrusion Prevention System can be affected by vulnerabilities in OpenSSL (CVE-2013-4353, CVE-2013-6450, and CVE-2013-6449)	23 Feb 202217:14	–	ibm
IBM Security Bulletins	Security Bulletin: Tivoli Management Framework affected by vulnerabilities in OpenSSL versions prior to 1.0.0	25 Sep 202223:13	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling Connect:Enterprise for UNIX is affected by multiple vulnerabilities in OpenSSL	25 Sep 202220:45	–	ibm
IBM Security Bulletins	Security Bulletin: IBM XIV Storage System Gen3 (CVE-2011-4619, CVE-2011-4576, CVE-2011-3210, CVE-2012-4829)	26 Sep 202204:23	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are affected by vulnerabilities in OpenSSL Libraries version 1.0.1 (CVE-2013-4353, CVE-2013-6450, CVE-2013-6449)	11 Feb 202018:29	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling Connect:Direct for UNIX is affected by a security vulnerability in OpenSSL (CVE-2011-4576)	25 Sep 202221:06	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Smart Analytics System 7600, 7700, and 7710 are affected by vulnerabilities in OpenSSL	25 Sep 202220:45	–	ibm
IBM Security Bulletins	Security Bulletin: Storage HMC OpenSSL upgrade to address cryptographic vulnerabilities.	18 Jun 201800:07	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are affected by multiple vulnerabilities in OpenSSL	25 Sep 202223:13	–	ibm

Source	Link
mandriva	www.mandriva.com/en/support/security/advisories/

###############################################################################
# OpenVAS Vulnerability Test
#
# Mandriva Update for openssl MDVSA-2012:007 (openssl)
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

include("revisions-lib.inc");
tag_insight = "Multiple vulnerabilities has been found and corrected in openssl:

  The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f
  performs a MAC check only if certain padding is valid, which makes
  it easier for remote attackers to recover plaintext via a padding
  oracle attack (CVE-2011-4108).

  Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when
  X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to
  have an unspecified impact by triggering failure of a policy check
  (CVE-2011-4109).

  The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before
  1.0.0f does not properly initialize data structures for block cipher
  padding, which might allow remote attackers to obtain sensitive
  information by decrypting the padding data sent by an SSL peer
  (CVE-2011-4576).

  The Server Gated Cryptography (SGC) implementation in OpenSSL before
  0.9.8s and 1.x before 1.0.0f does not properly handle handshake
  restarts, which allows remote attackers to cause a denial of service
  via unspecified vectors (CVE-2011-4619).

  The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle
  invalid parameters for the GOST block cipher, which allows remote
  attackers to cause a denial of service (daemon crash) via crafted
  data from a TLS client (CVE-2012-0027).

  The updated packages have been patched to correct these issues.";

tag_affected = "openssl on Mandriva Linux 2011.0";
tag_solution = "Please Install the Updated Packages.";



if(description)
{
  script_xref(name : "URL" , value : "http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:007");
  script_id(831679);
  script_version("$Revision: 8336 $");
  script_tag(name:"last_modification", value:"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $");
  script_tag(name:"creation_date", value:"2012-08-03 10:01:30 +0530 (Fri, 03 Aug 2012)");
  script_cve_id("CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4576",
                "CVE-2011-4619", "CVE-2012-0027");
  script_tag(name:"cvss_base", value:"9.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_xref(name: "MDVSA", value: "2012:007");
  script_name("Mandriva Update for openssl MDVSA-2012:007 (openssl)");

  script_tag(name: "summary" , value: "Check for the Version of openssl");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
  script_family("Mandrake Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/mandriva_mandrake_linux", "ssh/login/release");
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("pkg-lib-rpm.inc");

release = get_kb_item("ssh/login/release");

res = "";
if(release == NULL){
  exit(0);
}

if(release == "MNDK_2011.0")
{

  if ((res = isrpmvuln(pkg:"libopenssl1.0.0", rpm:"libopenssl1.0.0~1.0.0d~2.2", rls:"MNDK_2011.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"libopenssl-devel", rpm:"libopenssl-devel~1.0.0d~2.2", rls:"MNDK_2011.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"libopenssl-engines1.0.0", rpm:"libopenssl-engines1.0.0~1.0.0d~2.2", rls:"MNDK_2011.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"libopenssl-static-devel", rpm:"libopenssl-static-devel~1.0.0d~2.2", rls:"MNDK_2011.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"openssl", rpm:"openssl~1.0.0d~2.2", rls:"MNDK_2011.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"lib64openssl1.0.0", rpm:"lib64openssl1.0.0~1.0.0d~2.2", rls:"MNDK_2011.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"lib64openssl-devel", rpm:"lib64openssl-devel~1.0.0d~2.2", rls:"MNDK_2011.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"lib64openssl-engines1.0.0", rpm:"lib64openssl-engines1.0.0~1.0.0d~2.2", rls:"MNDK_2011.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"lib64openssl-static-devel", rpm:"lib64openssl-static-devel~1.0.0d~2.2", rls:"MNDK_2011.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}

09 Jan 2018 00:00Current

0.1Low risk

Vulners AI Score0.1

EPSS0.03163