ID OPENVAS:855776 Type openvas Reporter Copyright (C) 2009 Greenbone Networks GmbH Modified 2017-02-20T00:00:00
Description
Check for the Version of sshd
###############################################################################
# OpenVAS Vulnerability Test
#
# Solaris Update for sshd 141742-04
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
tag_affected = "sshd on solaris_5.10_sparc";
tag_insight = "The remote host is missing a patch containing a security fix,
which affects the following component(s):
sshd
For more information please visit the below reference link.";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_id(855776);
script_version("$Revision: 5359 $");
script_tag(name:"last_modification", value:"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $");
script_tag(name:"creation_date", value:"2009-10-13 15:16:45 +0200 (Tue, 13 Oct 2009)");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_xref(name: "SUNSolve", value: "141742-04");
script_cve_id("CVE-2009-0590");
script_name("Solaris Update for sshd 141742-04");
script_xref(name : "URL" , value : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141742-04-1");
script_summary("Check for the Version of sshd");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
script_family("Solaris Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/solosversion");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("solaris.inc");
release = get_kb_item("ssh/login/solosversion");
if(release == NULL){
exit(0);
}
if(solaris_check_patch(release:"5.10", arch:"sparc", patch:"141742-04", package:"SUNWcry SUNWopenssl-commands SUNWopenssl-libraries SUNWsshdu SUNWsshdr SUNWsshcu SUNWopenssl-include SUNWsshu") < 0)
{
security_message(0);
exit(0);
}
{"id": "OPENVAS:855776", "type": "openvas", "bulletinFamily": "scanner", "title": "Solaris Update for sshd 141742-04", "description": "Check for the Version of sshd", "published": "2009-10-13T00:00:00", "modified": "2017-02-20T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=855776", "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "references": ["http://sunsolve.sun.com/search/document.do?assetkey=1-21-141742-04-1", "141742-04"], "cvelist": ["CVE-2009-0590"], "lastseen": "2017-07-02T21:14:04", "viewCount": 0, "enchantments": {"score": {"value": 7.2, "vector": "NONE", "modified": "2017-07-02T21:14:04", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-0590"]}, {"type": "f5", "idList": ["SOL15358", "F5:K15358"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2009-0590"]}, {"type": "nessus", "idList": ["SUSE_OPENSSL-6179.NASL", "SUSE_COMPAT-OPENSSL097G-6170.NASL", "GENTOO_GLSA-200904-08.NASL", "MANDRIVA_MDVSA-2009-087.NASL", "SUSE_11_0_COMPAT-OPENSSL097G-090416.NASL", "DEBIAN_DSA-1763.NASL", "UBUNTU_USN-750-1.NASL", "SOLARIS10_141742.NASL", "FREEBSD_PKG_FBC8413F2F7A11DE9A3F001B77D09812.NASL", "SOLARIS10_X86_140119.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:21564", "SECURITYVULNS:VULN:9787", "SECURITYVULNS:DOC:22323"]}, {"type": "gentoo", "idList": ["GLSA-200904-08"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231063802", "OPENVAS:63899", "OPENVAS:63720", "OPENVAS:63790", "OPENVAS:136141256231063899", "OPENVAS:855653", "OPENVAS:136141256231063720", "OPENVAS:136141256231063968", "OPENVAS:63968", "OPENVAS:136141256231063790"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1763-1:45CAE"]}, {"type": "freebsd", "idList": ["FBC8413F-2F7A-11DE-9A3F-001B77D09812"]}, {"type": "ubuntu", "idList": ["USN-750-1"]}, {"type": "slackware", "idList": ["SSA-2009-098-01"]}, {"type": "threatpost", "idList": ["THREATPOST:23E7D03B5F2EC42BD327B51AEE52D550"]}, {"type": "redhat", "idList": ["RHSA-2010:0163"]}, {"type": "oraclelinux", "idList": ["ELSA-2010-0163"]}, {"type": "centos", "idList": ["CESA-2010:0163"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2011:0845-1", "SUSE-SU-2011:0847-1"]}, {"type": "vmware", "idList": ["VMSA-2010-0019"]}], "modified": "2017-07-02T21:14:04", "rev": 2}, "vulnersScore": 7.2}, "pluginID": "855776", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for sshd 141742-04\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"sshd on solaris_5.10_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n sshd\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855776);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 15:16:45 +0200 (Tue, 13 Oct 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"SUNSolve\", value: \"141742-04\");\n script_cve_id(\"CVE-2009-0590\");\n script_name(\"Solaris Update for sshd 141742-04\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-141742-04-1\");\n\n script_summary(\"Check for the Version of sshd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"141742-04\", package:\"SUNWcry SUNWopenssl-commands SUNWopenssl-libraries SUNWsshdu SUNWsshdr SUNWsshcu SUNWopenssl-include SUNWsshu\") < 0)\n{\n security_message(0);\n exit(0);\n}", "naslFamily": "Solaris Local Security Checks"}
{"cve": [{"lastseen": "2020-12-09T19:31:16", "description": "The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.", "edition": 6, "cvss3": {}, "published": "2009-03-27T16:30:00", "title": "CVE-2009-0590", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0590"], "modified": "2020-11-03T17:38:00", "cpe": ["cpe:/o:debian:debian_linux:4.0", "cpe:/o:debian:debian_linux:5.0"], "id": "CVE-2009-0590", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0590", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*"]}], "f5": [{"lastseen": "2017-06-08T10:18:58", "bulletinFamily": "software", "cvelist": ["CVE-2009-0590"], "edition": 1, "description": "\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM | None \n| 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4 \n| None \nBIG-IP AAM | None | 11.4.0 - 11.5.1 \n| None \nBIG-IP AFM | None | 11.3.0 - 11.5.1 \n| None \nBIG-IP Analytics | None | 11.0.0 - 11.5.1 \n| None \nBIG-IP APM | None | 11.0.0 - 11.5.1 \n10.1.0 - 10.2.4 \n| None \nBIG-IP ASM | None | 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4 \n| None \nBIG-IP Edge Gateway \n| None | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 \n| None \nBIG-IP GTM | None | 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4 \n| None \nBIG-IP Link Controller | None \n| 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4 \n| None \nBIG-IP PEM | None \n| 11.3.0 - 11.5.1 \n| None \nBIG-IP PSM | None | 11.0.0 - 11.4.1 \n10.0.0 - 10.2.4 \n| None \nBIG-IP WebAccelerator | None | 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4 \n| None \nBIG-IP WOM | None | 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4 \n| None \nARX | None | 6.0.0 - 6.4.0 \n| None \nEnterprise Manager | None | 3.0.0 - 3.1.1 \n2.1.0 - 2.3.0 \n| None \nFirePass | None | 7.0.0 \n6.0.0 - 6.1.0 \n| None \nBIG-IQ Cloud | None \n| 4.0.0 - 4.3.0 \n| None \nBIG-IQ Device | None \n| 4.2.0 - 4.3.0 \n| None \nBIG-IQ Security | None | 4.0.0 - 4.3.0 | None \nLineRate | None | 2.3.0 - 2.3.1 \n2.2.0 - 2.2.4 \n1.6.0 - 1.6.3 | None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents.](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "modified": "2017-03-14T22:07:00", "published": "2014-06-19T21:49:00", "href": "https://support.f5.com/csp/article/K15358", "id": "F5:K15358", "title": "OpenSSL vulnerability CVE-2009-0590", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:22:53", "bulletinFamily": "software", "cvelist": ["CVE-2009-0590"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents.\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2016-07-25T00:00:00", "published": "2014-06-19T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15358.html", "id": "SOL15358", "title": "SOL15358 - OpenSSL vulnerability CVE-2009-0590", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "openssl": [{"lastseen": "2020-09-14T11:36:50", "bulletinFamily": "software", "cvelist": ["CVE-2009-0590"], "description": " The function ASN1_STRING_print_ex() when used to print a BMPString or UniversalString will crash with an invalid memory access if the encoded length of the string is illegal. Any OpenSSL application which prints out the contents of a certificate could be affected by this bug, including SSL servers, clients and S/MIME software.\n\n * Fixed in OpenSSL 0.9.8k (Affected 0.9.8-0.9.8j)\n", "edition": 1, "modified": "2009-03-25T00:00:00", "published": "2009-03-25T00:00:00", "id": "OPENSSL:CVE-2009-0590", "href": "https://www.openssl.org/news/secadv/20090325.txt", "title": "Vulnerability in OpenSSL CVE-2009-0590", "type": "openssl", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2021-01-06T09:45:20", "description": "It was discovered that insufficient length validations in the ASN.1\nhandling of the OpenSSL crypto library may lead to denial of service\nwhen processing a manipulated certificate.", "edition": 25, "published": "2009-04-07T00:00:00", "title": "Debian DSA-1763-1 : openssl - programming error", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0590"], "modified": "2009-04-07T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:4.0", "cpe:/o:debian:debian_linux:5.0", "p-cpe:/a:debian:debian_linux:openssl"], "id": "DEBIAN_DSA-1763.NASL", "href": "https://www.tenable.com/plugins/nessus/36090", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1763. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36090);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-0590\");\n script_bugtraq_id(34256);\n script_xref(name:\"DSA\", value:\"1763\");\n\n script_name(english:\"Debian DSA-1763-1 : openssl - programming error\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that insufficient length validations in the ASN.1\nhandling of the OpenSSL crypto library may lead to denial of service\nwhen processing a manipulated certificate.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1763\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the openssl packages.\n\nFor the old stable distribution (etch), this problem has been fixed in\nversion 0.9.8c-4etch5 of the openssl package and in version\n0.9.7k-3.1etch3 of the openssl097 package.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 0.9.8g-15+lenny1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"libssl-dev\", reference:\"0.9.8c-4etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libssl0.9.7\", reference:\"0.9.7k-3.1etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libssl0.9.7-dbg\", reference:\"0.9.7k-3.1etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libssl0.9.8\", reference:\"0.9.8c-4etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libssl0.9.8-dbg\", reference:\"0.9.8c-4etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"openssl\", reference:\"0.9.8c-4etch5\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libssl-dev\", reference:\"0.9.8g-15+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libssl0.9.8\", reference:\"0.9.8g-15+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libssl0.9.8-dbg\", reference:\"0.9.8g-15+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"openssl\", reference:\"0.9.8g-15+lenny1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T10:52:30", "description": "The remote host is affected by the vulnerability described in GLSA-200904-08\n(OpenSSL: Denial of Service)\n\n The ASN1_STRING_print_ex() function does not properly check the\n provided length of a BMPString or UniversalString, leading to an\n invalid memory access.\n \nImpact :\n\n A remote attacker could entice a user or automated system to print a\n specially crafted certificate, possibly leading to a Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 24, "published": "2009-04-07T00:00:00", "title": "GLSA-200904-08 : OpenSSL: Denial of Service", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0590"], "modified": "2009-04-07T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:openssl", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200904-08.NASL", "href": "https://www.tenable.com/plugins/nessus/36096", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200904-08.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36096);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-0590\");\n script_bugtraq_id(34256);\n script_xref(name:\"GLSA\", value:\"200904-08\");\n\n script_name(english:\"GLSA-200904-08 : OpenSSL: Denial of Service\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200904-08\n(OpenSSL: Denial of Service)\n\n The ASN1_STRING_print_ex() function does not properly check the\n provided length of a BMPString or UniversalString, leading to an\n invalid memory access.\n \nImpact :\n\n A remote attacker could entice a user or automated system to print a\n specially crafted certificate, possibly leading to a Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200904-08\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All OpenSSL users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/openssl-0.9.8k'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-libs/openssl\", unaffected:make_list(\"ge 0.9.8k\"), vulnerable:make_list(\"lt 0.9.8k\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenSSL\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2018-09-01T23:43:39", "description": "SunOS 5.10_x86: sshd patch.\nDate this patch was last updated by Sun : Aug/14/09", "edition": 5, "published": "2009-05-13T00:00:00", "title": "Solaris 10 (x86) : 140119-11", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0590"], "modified": "2018-08-13T00:00:00", "cpe": [], "id": "SOLARIS10_X86_140119.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=38757", "sourceData": "\n# @DEPRECATED@\n#\n# This script has been deprecated as the associated patch is not\n# currently a recommended security fix.\n#\n# Disabled on 2011/09/17.\n\n#\n# (C) Tenable Network Security, Inc.\n#\n#\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(38757);\n script_version(\"1.17\");\n\n script_name(english: \"Solaris 10 (x86) : 140119-11\");\n script_cve_id(\"CVE-2009-0590\");\n script_set_attribute(attribute: \"synopsis\", value:\n\"The remote host is missing Sun Security Patch number 140119-11\");\n script_set_attribute(attribute: \"description\", value:\n'SunOS 5.10_x86: sshd patch.\nDate this patch was last updated by Sun : Aug/14/09');\n script_set_attribute(attribute: \"solution\", value:\n\"You should install this patch for your system to be up-to-date.\");\n script_set_attribute(attribute: \"see_also\", value:\n\"https://getupdates.oracle.com/readme/140119-11\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(119);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2009/05/13\");\n script_cvs_date(\"Date: 2018/08/13 14:32:38\");\n script_end_attributes();\n\n script_summary(english: \"Check for patch 140119-11\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n family[\"english\"] = \"Solaris Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/Solaris/showrev\");\n exit(0);\n}\n\n\n\n# Deprecated.\nexit(0, \"The associated patch is not currently a recommended security fix.\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2021-01-07T10:51:35", "description": "The following package needs to be updated: FreeBSD", "edition": 15, "published": "2009-05-08T00:00:00", "title": "FreeBSD : FreeBSD -- remotely exploitable crash in OpenSSL (2539)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0590"], "modified": "2009-05-08T00:00:00", "cpe": [], "id": "FREEBSD_PKG_FBC8413F2F7A11DE9A3F001B77D09812.NASL", "href": "https://www.tenable.com/plugins/nessus/38706", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# This script contains information extracted from VuXML :\n#\n# Copyright 2003-2006 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n#\n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n#\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif ( description )\n{\n script_id(38706);\n script_version(\"1.11\");\n script_cve_id(\"CVE-2009-0590\");\n\n script_name(english:\"FreeBSD : FreeBSD -- remotely exploitable crash in OpenSSL (2539)\");\n\nscript_set_attribute(attribute:'synopsis', value: 'The remote host is missing a security update');\nscript_set_attribute(attribute:'description', value:'The following package needs to be updated: FreeBSD');\n script_set_attribute(attribute:'solution', value: 'Update the package on the remote host');\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(119);\nscript_set_attribute(attribute:'see_also', value: 'http://www.FreeBSD.org/ports/portaudit/fbc8413f-2f7a-11de-9a3f-001b77d09812.html');\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2009/05/08\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n script_end_attributes();\n script_summary(english:\"Check for FreeBSD\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n family[\"english\"] = \"FreeBSD Local Security Checks\";\n script_family(english:family[\"english\"]);\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/FreeBSD/pkg_info\");\n exit(0);\n}\n\ninclude('freebsd_package.inc');\ncvss_score=5;\n\n\nholes_nb += pkg_test(pkg:\"FreeBSD>=6.3<6.3_10\");\n\nholes_nb += pkg_test(pkg:\"FreeBSD>=6.4<6.4_4\");\n\nholes_nb += pkg_test(pkg:\"FreeBSD>=7.0<7.0_12\");\n\nholes_nb += pkg_test(pkg:\"FreeBSD>=7.1<7.1_5\");\n\nif (holes_nb == 0) exit(0,\"Host is not affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T11:52:05", "description": "A security vulnerability has been identified and fixed in OpenSSL,\nwhich could crash applications using OpenSSL library when parsing\nmalformed certificates (CVE-2009-0590).\n\nThe updated packages have been patched to prevent this.", "edition": 24, "published": "2009-04-23T00:00:00", "title": "Mandriva Linux Security Advisory : openssl (MDVSA-2009:087)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0590"], "modified": "2009-04-23T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:openssl", "p-cpe:/a:mandriva:linux:lib64openssl0.9.8-static-devel", "cpe:/o:mandriva:linux:2009.0", "cpe:/o:mandriva:linux:2008.1", "p-cpe:/a:mandriva:linux:libopenssl0.9.8-devel", "cpe:/o:mandriva:linux:2008.0", "p-cpe:/a:mandriva:linux:libopenssl0.9.8-static-devel", "p-cpe:/a:mandriva:linux:lib64openssl0.9.8", "p-cpe:/a:mandriva:linux:libopenssl0.9.8", "p-cpe:/a:mandriva:linux:lib64openssl0.9.8-devel"], "id": "MANDRIVA_MDVSA-2009-087.NASL", "href": "https://www.tenable.com/plugins/nessus/37282", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:087. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(37282);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-0590\");\n script_xref(name:\"MDVSA\", value:\"2009:087\");\n\n script_name(english:\"Mandriva Linux Security Advisory : openssl (MDVSA-2009:087)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A security vulnerability has been identified and fixed in OpenSSL,\nwhich could crash applications using OpenSSL library when parsing\nmalformed certificates (CVE-2009-0590).\n\nThe updated packages have been patched to prevent this.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl0.9.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl0.9.8-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl0.9.8-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl0.9.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl0.9.8-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl0.9.8-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64openssl0.9.8-0.9.8e-8.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64openssl0.9.8-devel-0.9.8e-8.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64openssl0.9.8-static-devel-0.9.8e-8.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libopenssl0.9.8-0.9.8e-8.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libopenssl0.9.8-devel-0.9.8e-8.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libopenssl0.9.8-static-devel-0.9.8e-8.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"openssl-0.9.8e-8.3mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64openssl0.9.8-0.9.8g-4.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64openssl0.9.8-devel-0.9.8g-4.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64openssl0.9.8-static-devel-0.9.8g-4.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libopenssl0.9.8-0.9.8g-4.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libopenssl0.9.8-devel-0.9.8g-4.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libopenssl0.9.8-static-devel-0.9.8g-4.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"openssl-0.9.8g-4.3mdv2008.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64openssl0.9.8-0.9.8h-3.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64openssl0.9.8-devel-0.9.8h-3.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64openssl0.9.8-static-devel-0.9.8h-3.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libopenssl0.9.8-0.9.8h-3.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libopenssl0.9.8-devel-0.9.8h-3.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libopenssl0.9.8-static-devel-0.9.8h-3.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"openssl-0.9.8h-3.2mdv2009.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2018-09-01T23:47:05", "description": "SunOS 5.10: sshd patch.\nDate this patch was last updated by Sun : Aug/14/09", "edition": 5, "published": "2009-06-08T00:00:00", "title": "Solaris 10 (sparc) : 141742-04", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0590"], "modified": "2018-08-13T00:00:00", "cpe": [], "id": "SOLARIS10_141742.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=39326", "sourceData": "\n# @DEPRECATED@\n#\n# This script has been deprecated as the associated patch is not\n# currently a recommended security fix.\n#\n# Disabled on 2011/09/17.\n\n#\n# (C) Tenable Network Security, Inc.\n#\n#\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(39326);\n script_version(\"1.14\");\n\n script_name(english: \"Solaris 10 (sparc) : 141742-04\");\n script_cve_id(\"CVE-2009-0590\");\n script_set_attribute(attribute: \"synopsis\", value:\n\"The remote host is missing Sun Security Patch number 141742-04\");\n script_set_attribute(attribute: \"description\", value:\n'SunOS 5.10: sshd patch.\nDate this patch was last updated by Sun : Aug/14/09');\n script_set_attribute(attribute: \"solution\", value:\n\"You should install this patch for your system to be up-to-date.\");\n script_set_attribute(attribute: \"see_also\", value:\n\"https://getupdates.oracle.com/readme/141742-04\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(119);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2009/06/08\");\n script_cvs_date(\"Date: 2018/08/13 14:32:38\");\n script_end_attributes();\n\n script_summary(english: \"Check for patch 141742-04\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n family[\"english\"] = \"Solaris Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/Solaris/showrev\");\n exit(0);\n}\n\n\n\n# Deprecated.\nexit(0, \"The associated patch is not currently a recommended security fix.\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2021-01-20T15:44:29", "description": "It was discovered that OpenSSL did not properly validate the length of\nan encoded BMPString or UniversalString when printing ASN.1 strings.\nIf a user or automated system were tricked into processing a crafted\ncertificate, an attacker could cause a denial of service via\napplication crash in applications linked against OpenSSL.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2009-04-23T00:00:00", "title": "Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : openssl vulnerability (USN-750-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0590"], "modified": "2009-04-23T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:7.10", "p-cpe:/a:canonical:ubuntu_linux:openssl-doc", "p-cpe:/a:canonical:ubuntu_linux:openssl", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libssl-dev", "p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8", "p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8-dbg", "cpe:/o:canonical:ubuntu_linux:8.10", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts"], "id": "UBUNTU_USN-750-1.NASL", "href": "https://www.tenable.com/plugins/nessus/36907", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-750-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36907);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2009-0590\");\n script_bugtraq_id(34256);\n script_xref(name:\"USN\", value:\"750-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : openssl vulnerability (USN-750-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that OpenSSL did not properly validate the length of\nan encoded BMPString or UniversalString when printing ASN.1 strings.\nIf a user or automated system were tricked into processing a crafted\ncertificate, an attacker could cause a denial of service via\napplication crash in applications linked against OpenSSL.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/750-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openssl-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|7\\.10|8\\.04|8\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 7.10 / 8.04 / 8.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libssl-dev\", pkgver:\"0.9.8a-7ubuntu0.7\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libssl0.9.8\", pkgver:\"0.9.8a-7ubuntu0.7\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libssl0.9.8-dbg\", pkgver:\"0.9.8a-7ubuntu0.7\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"openssl\", pkgver:\"0.9.8a-7ubuntu0.7\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libssl-dev\", pkgver:\"0.9.8e-5ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libssl0.9.8\", pkgver:\"0.9.8e-5ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libssl0.9.8-dbg\", pkgver:\"0.9.8e-5ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"openssl\", pkgver:\"0.9.8e-5ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libssl-dev\", pkgver:\"0.9.8g-4ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libssl0.9.8\", pkgver:\"0.9.8g-4ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libssl0.9.8-dbg\", pkgver:\"0.9.8g-4ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"openssl\", pkgver:\"0.9.8g-4ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"openssl-doc\", pkgver:\"0.9.8g-4ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libssl-dev\", pkgver:\"0.9.8g-10.1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libssl0.9.8\", pkgver:\"0.9.8g-10.1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libssl0.9.8-dbg\", pkgver:\"0.9.8g-10.1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"openssl\", pkgver:\"0.9.8g-10.1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"openssl-doc\", pkgver:\"0.9.8g-10.1ubuntu2.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libssl-dev / libssl0.9.8 / libssl0.9.8-dbg / openssl / openssl-doc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T14:03:31", "description": "This update of openssl fixes the following problems :\n\n - CVE-2009-0590: ASN1_STRING_print_ex() function allows\n remote denial of service\n\n - CVE-2009-0789: denial of service due to malformed ASN.1\n structures", "edition": 24, "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : libopenssl-devel (libopenssl-devel-785)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0789", "CVE-2009-0590"], "modified": "2009-07-21T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:openssl", "cpe:/o:novell:opensuse:11.0", "p-cpe:/a:novell:opensuse:libopenssl0_9_8-32bit", "p-cpe:/a:novell:opensuse:libopenssl0_9_8", "p-cpe:/a:novell:opensuse:libopenssl-devel", "p-cpe:/a:novell:opensuse:openssl-certs"], "id": "SUSE_11_0_LIBOPENSSL-DEVEL-090415.NASL", "href": "https://www.tenable.com/plugins/nessus/40033", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libopenssl-devel-785.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40033);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0590\", \"CVE-2009-0789\");\n\n script_name(english:\"openSUSE Security Update : libopenssl-devel (libopenssl-devel-785)\");\n script_summary(english:\"Check for the libopenssl-devel-785 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of openssl fixes the following problems :\n\n - CVE-2009-0590: ASN1_STRING_print_ex() function allows\n remote denial of service\n\n - CVE-2009-0789: denial of service due to malformed ASN.1\n structures\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=489641\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libopenssl-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl0_9_8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl0_9_8-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-certs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"libopenssl-devel-0.9.8g-47.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"libopenssl0_9_8-0.9.8g-47.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"openssl-0.9.8g-47.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"openssl-certs-0.9.8g-47.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8g-47.4\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenssl-devel / libopenssl0_9_8 / libopenssl0_9_8-32bit / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T14:10:01", "description": "This update of openssl fixes the following problems :\n\n - ASN1_STRING_print_ex() function allows remote denial of\n service. (CVE-2009-0590)\n\n - denial of service due to malformed ASN.1 structures.\n (CVE-2009-0789)", "edition": 24, "published": "2009-09-24T00:00:00", "title": "SuSE 11 Security Update : OpenSSL (SAT Patch Number 789)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0789", "CVE-2009-0590"], "modified": "2009-09-24T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:compat-openssl097g-32bit", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:compat-openssl097g"], "id": "SUSE_11_COMPAT-OPENSSL097G-090416.NASL", "href": "https://www.tenable.com/plugins/nessus/41376", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41376);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0590\", \"CVE-2009-0789\");\n\n script_name(english:\"SuSE 11 Security Update : OpenSSL (SAT Patch Number 789)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of openssl fixes the following problems :\n\n - ASN1_STRING_print_ex() function allows remote denial of\n service. (CVE-2009-0590)\n\n - denial of service due to malformed ASN.1 structures.\n (CVE-2009-0789)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=489641\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-0590.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-0789.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 789.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:compat-openssl097g\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:compat-openssl097g-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"compat-openssl097g-0.9.7g-146.15.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"compat-openssl097g-0.9.7g-146.15.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"compat-openssl097g-32bit-0.9.7g-146.15.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T14:46:24", "description": "This update of openssl fixes the following problems :\n\n - CVE-2009-0590: ASN1_STRING_print_ex() function allows\n remote denial of service\n\n - CVE-2009-0789: denial of service due to malformed ASN.1\n structures", "edition": 24, "published": "2009-04-30T00:00:00", "title": "openSUSE 10 Security Update : libopenssl-devel (libopenssl-devel-6173)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0789", "CVE-2009-0590"], "modified": "2009-04-30T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:openssl", "cpe:/o:novell:opensuse:10.3", "p-cpe:/a:novell:opensuse:libopenssl0_9_8-32bit", "p-cpe:/a:novell:opensuse:libopenssl0_9_8", "p-cpe:/a:novell:opensuse:libopenssl-devel", "p-cpe:/a:novell:opensuse:openssl-certs"], "id": "SUSE_LIBOPENSSL-DEVEL-6173.NASL", "href": "https://www.tenable.com/plugins/nessus/38646", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libopenssl-devel-6173.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(38646);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0590\", \"CVE-2009-0789\");\n\n script_name(english:\"openSUSE 10 Security Update : libopenssl-devel (libopenssl-devel-6173)\");\n script_summary(english:\"Check for the libopenssl-devel-6173 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of openssl fixes the following problems :\n\n - CVE-2009-0590: ASN1_STRING_print_ex() function allows\n remote denial of service\n\n - CVE-2009-0789: denial of service due to malformed ASN.1\n structures\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libopenssl-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl0_9_8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl0_9_8-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-certs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"libopenssl-devel-0.9.8e-45.9\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"libopenssl0_9_8-0.9.8e-45.9\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"openssl-0.9.8e-45.9\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"openssl-certs-0.9.8e-45.9\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8e-45.9\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenssl-devel / libopenssl0_9_8 / libopenssl0_9_8-32bit / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2020-11-11T13:28:08", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0590"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1763-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nApril 06, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : openssl\nVulnerability : programming error\nProblem type : local(remote)\nDebian-specific: no\nCVE Id(s) : CVE-2009-0590\n\nIt was discovered that insufficient length validations in the ASN.1\nhandling of the OpenSSL crypto library may lead to denial of service\nwhen processing a manipulated certificate.\n\nFor the old stable distribution (etch), this problem has been fixed in\nversion 0.9.8c-4etch5 of the openssl package and in version\n0.9.7k-3.1etch3 of the openssl097 package.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 0.9.8g-15+lenny1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.9.8g-16.\n\nWe recommend that you upgrade your openssl packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch5.diff.gz\n Size/MD5 checksum: 57522 e91c772dc52507ae188e315d6c23f417\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c.orig.tar.gz\n Size/MD5 checksum: 3313857 78454bec556bcb4c45129428a766c886\n http://security.debian.org/pool/updates/main/o/openssl097/openssl097_0.9.7k-3.1etch3.dsc\n Size/MD5 checksum: 777 334d05a51fff104d153daacbb815cacf\n http://security.debian.org/pool/updates/main/o/openssl097/openssl097_0.9.7k-3.1etch3.diff.gz\n Size/MD5 checksum: 35385 96ab5825d00d34b39d5582a192a164f1\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch5.dsc\n Size/MD5 checksum: 815 94b8be7fe51bf1b44a6139e67794eaaa\n http://security.debian.org/pool/updates/main/o/openssl097/openssl097_0.9.7k.orig.tar.gz\n Size/MD5 checksum: 3292692 be6bba1d67b26eabb48cf1774925416f\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch5_alpha.deb\n Size/MD5 checksum: 2556248 b9e1c614f55f47df00d19a67ea883970\n http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch3_alpha.deb\n Size/MD5 checksum: 2207186 54020d72b2b6bda696b1954f2cee2fe5\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch5_alpha.udeb\n Size/MD5 checksum: 677170 f9b1db70bcabf8791fa5bcfb0d791718\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch5_alpha.deb\n Size/MD5 checksum: 4560596 5ac21cb15e9caa1bff002b265858fe9d\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch5_alpha.deb\n Size/MD5 checksum: 1014956 f92c89b7b15f33f39134cac6951dc6e5\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch5_alpha.deb\n Size/MD5 checksum: 2622860 3fba6ede4fa65b807863659c31ab59f1\n http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch3_alpha.deb\n Size/MD5 checksum: 3821220 7dc619d44f2697cba302bb833b6a76f0\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch3_amd64.deb\n Size/MD5 checksum: 755134 cdebe8fd9ece447cc34f61922adf1654\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch5_amd64.deb\n Size/MD5 checksum: 1017566 c801470c6c894669543a54082146c790\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch5_amd64.deb\n Size/MD5 checksum: 891472 92f047d8e034ab564cea8a60ac1beee7\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch5_amd64.deb\n Size/MD5 checksum: 2187560 15512947ee287be778abde9c58149502\n http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch3_amd64.deb\n Size/MD5 checksum: 1328694 5e59b6cbcbb6a0c99c76de778ad59ef2\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch5_amd64.deb\n Size/MD5 checksum: 1655376 5cb373868504d83f36c8e0b00d326bc4\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch5_amd64.udeb\n Size/MD5 checksum: 580288 784b1606bbfd8578e19aac3176aee48e\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch5_arm.deb\n Size/MD5 checksum: 806170 2f788b112acf9b4278558617beb0fc39\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch5_arm.deb\n Size/MD5 checksum: 2050292 5ad28378161a54418c58dbc91e3ccd68\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch5_arm.deb\n Size/MD5 checksum: 1537684 2cbf49a20901aff3e29a5eeba233c649\n http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch3_arm.deb\n Size/MD5 checksum: 672566 ce12740940622b7bd40e6b1b15b1a23e\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch5_arm.udeb\n Size/MD5 checksum: 516598 5e1dc375946a1118fe7b15a4b5217148\n http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch3_arm.deb\n Size/MD5 checksum: 1230132 32da60e936f1a50032e63912360e8763\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch5_arm.deb\n Size/MD5 checksum: 1011870 fcbe95d5ba0cc8dc799ccc88d1059ca5\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch5_hppa.udeb\n Size/MD5 checksum: 631452 266ec214d92305797dca506a1df25f8e\n http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch3_hppa.deb\n Size/MD5 checksum: 793976 d6da010413cf8e27d36c91e14f055460\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch5_hppa.deb\n Size/MD5 checksum: 945882 b9f0eb4d7dcbc57596d295eb56810625\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch5_hppa.deb\n Size/MD5 checksum: 1585590 44c2ccc1a104a10c4db9644c6f036b9a\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch5_hppa.deb\n Size/MD5 checksum: 1031040 ec9c4869f0a06fe63baa52c054a971a6\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch5_hppa.deb\n Size/MD5 checksum: 2254388 879e2f8baa2747ed8a5d991e5fbec5cc\n http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch3_hppa.deb\n Size/MD5 checksum: 1275668 73252b89ec2a4b5a3f596cbbf9876f16\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch5_i386.udeb\n Size/MD5 checksum: 554790 5c94683e1237dfcbc446773e3d8d0dcc\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch5_i386.deb\n Size/MD5 checksum: 2721394 67f75b950e9b7f8beeff31a23407408f\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch5_i386.deb\n Size/MD5 checksum: 5582922 519341a170b6d7fdf6cb7aac2a072f46\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch5_i386.deb\n Size/MD5 checksum: 1015578 35cb0399c35c86148c33842bfddf3acf\n http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch3_i386.deb\n Size/MD5 checksum: 4646432 d0193de8805c7a1b6f0d4dd31289e8fd\n http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch3_i386.deb\n Size/MD5 checksum: 2285960 0226330eb863fbb94601ffc3d1b86323\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch5_i386.deb\n Size/MD5 checksum: 2094428 50eaf1853c99ffa76849ea4e90559d83\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch5_ia64.deb\n Size/MD5 checksum: 1192404 1a7e58c871bdeca29a46f91b3f16f3d6\n http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch3_ia64.deb\n Size/MD5 checksum: 1010190 e77481271fe8079ed49c767b6445c359\n http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch3_ia64.deb\n Size/MD5 checksum: 1263694 9a03f8a3239870e0e8844b7a8b0bcf3c\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch5_ia64.deb\n Size/MD5 checksum: 1071288 2a36193927c00deea9cdfab7199c9f9e\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch5_ia64.udeb\n Size/MD5 checksum: 801724 86871d922842431af08eaff99b548498\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch5_ia64.deb\n Size/MD5 checksum: 1569640 60ae3928f73f9d324921d9eea34154a0\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch5_ia64.deb\n Size/MD5 checksum: 2593780 c994a75eaf4607db1b1651eef80842c2\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch5_mips.deb\n Size/MD5 checksum: 1693534 8e572db0b02c6b61680c92cfb8709a83\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch5_mips.deb\n Size/MD5 checksum: 1003920 e45135d370638131c9674cedcf58d971\n http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch3_mips.deb\n Size/MD5 checksum: 729276 5146e1b6ed66259f6d58a13d2c6f1756\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch5_mips.udeb\n Size/MD5 checksum: 580260 36ffc36a4ff653edc1663fa613f4c796\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch5_mips.deb\n Size/MD5 checksum: 876020 028abdfb406889409ac716c36867fe23\n http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch3_mips.deb\n Size/MD5 checksum: 1352548 1ecd08359ecabd5b8e04da7f843b71bb\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch5_mips.deb\n Size/MD5 checksum: 2262834 54bb01125e110c2dc4c43c65ce9f9730\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch3_mipsel.deb\n Size/MD5 checksum: 1317298 157a1c31fd183e58f881d4a76797aabc\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch5_mipsel.deb\n Size/MD5 checksum: 1649922 3c21ccd74aa51157f04e85b5a42e23ef\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch5_mipsel.deb\n Size/MD5 checksum: 2255760 97ff8d94e59b42c1391d24703a872a48\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch5_mipsel.deb\n Size/MD5 checksum: 860956 fc5e5c18b3d2fc19755c4f869fb28371\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch5_mipsel.deb\n Size/MD5 checksum: 992952 579d75cba3835ddf575b9d505d74eba1\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch5_mipsel.udeb\n Size/MD5 checksum: 566446 21068e0699884d8fac38312acef33101\n http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch3_mipsel.deb\n Size/MD5 checksum: 719102 d8076095fe524cdcfcc52ecfe0469bb1\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch5_powerpc.udeb\n Size/MD5 checksum: 585362 40cb47951a679ef0ef8f6fccf6107fa2\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch5_powerpc.deb\n Size/MD5 checksum: 1002280 b221369b6a817d4170df25e94b9f8b97\n http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch3_powerpc.deb\n Size/MD5 checksum: 743544 545baa54e6f2f025742a8f7f6fb83367\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch5_powerpc.deb\n Size/MD5 checksum: 895728 2a136581adf8803d14b7d092dfef60e9\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch5_powerpc.deb\n Size/MD5 checksum: 1728854 d9766e89c445b8f1c8ff24c4ee7f6730\n http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch3_powerpc.deb\n Size/MD5 checksum: 1382178 dc4de4c5c9fca0a1e0f2c732fcda487a\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch5_powerpc.deb\n Size/MD5 checksum: 2211208 113ee7c6fcece0da9cf724f5e4b542de\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch5_s390.deb\n Size/MD5 checksum: 2194010 c5bd97f7ca31508bc3e8416b4cf1ce12\n http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch3_s390.deb\n Size/MD5 checksum: 794470 b3d6f8620488a4dc7c3b9205a2b5a934\n http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch3_s390.deb\n Size/MD5 checksum: 1317096 71fa068f773390139df1e17fbf81908e\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch5_s390.deb\n Size/MD5 checksum: 1014588 d0c11ebdba0262d79d04ba9b45128391\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch5_s390.udeb\n Size/MD5 checksum: 643094 1ebab208efb23650f158560367f3f857\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch5_s390.deb\n Size/MD5 checksum: 1633260 96963ea29fc7a80c9924a363910c352a\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch5_s390.deb\n Size/MD5 checksum: 951694 0c813312846afa88bcfc5323263d7722\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch5_sparc.deb\n Size/MD5 checksum: 1010692 3080e989aea2fac3f5edb8c518a8de28\n http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch3_sparc.deb\n Size/MD5 checksum: 3418006 16b39adf96a5b6e563c4d486620aab09\n http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch3_sparc.deb\n Size/MD5 checksum: 1799850 b66756fbeb175735a464ed19478953ac\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch5_sparc.udeb\n Size/MD5 checksum: 538982 8d4253bbea7d9209161a439b4b359e69\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch5_sparc.deb\n Size/MD5 checksum: 2126702 f2785d948367df2f7d9ba6f6e68c4c7a\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch5_sparc.deb\n Size/MD5 checksum: 2108296 0359985d4639e3f5d14365f996dee2af\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch5_sparc.deb\n Size/MD5 checksum: 4092066 b1d52efe93d8a4ccee071ff66fe90e22\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g.orig.tar.gz\n Size/MD5 checksum: 3354792 acf70a16359bf3658bdfb74bda1c4419\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny1.diff.gz\n Size/MD5 checksum: 57021 f1d12733b036d0f1cccdc3f93d89ed91\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny1.dsc\n Size/MD5 checksum: 1332 8b835fbf8b6b295e72c7fcbf389f9e18\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny1_alpha.deb\n Size/MD5 checksum: 2582366 8471b096868a90a22a369cce890b28b0\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny1_alpha.deb\n Size/MD5 checksum: 2813186 180f29fdea61ea7eb142005849ccdb56\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny1_alpha.udeb\n Size/MD5 checksum: 722068 055e6416bf54445d96b6b5e527229c7d\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny1_alpha.deb\n Size/MD5 checksum: 4368686 dd51e693fc2c3e896f458fa2d1c90f36\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny1_alpha.deb\n Size/MD5 checksum: 1028542 f3a6bd323d6f4bfb52503091b4d68a23\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny1_amd64.udeb\n Size/MD5 checksum: 638328 c18a8ef6c17956def6385cb212c6a972\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny1_amd64.deb\n Size/MD5 checksum: 1042826 b0fb4b7d109cd1e1995f030a32081ff7\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny1_amd64.deb\n Size/MD5 checksum: 2241536 ab23949eea6fe15092281dc62a3773eb\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny1_amd64.deb\n Size/MD5 checksum: 975238 5f10d70934dbdde8d1cd2aa57120c456\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny1_amd64.deb\n Size/MD5 checksum: 1627372 3d07a46e1452e94a956b73c3c4358b8d\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny1_arm.udeb\n Size/MD5 checksum: 535876 d7010e474ab2b4bd0a3e6803cf130fda\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny1_arm.deb\n Size/MD5 checksum: 843876 e5720bd90f00510a5a533e6aa1718d5b\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny1_arm.deb\n Size/MD5 checksum: 1028256 da9122aca3ab4d926799f0c0401a2ad1\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny1_arm.deb\n Size/MD5 checksum: 1490016 060dfa0ea2873ad98a3a7e357bfe6e93\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny1_arm.deb\n Size/MD5 checksum: 2086424 3107a73ef5086e1ccab33b22e08a623a\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny1_armel.deb\n Size/MD5 checksum: 2099428 1292d9455993b66544235a84d8e03efe\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny1_armel.deb\n Size/MD5 checksum: 1507624 39012734c1689fd4a09d946fc6a845f2\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny1_armel.udeb\n Size/MD5 checksum: 540674 6837d1e5756120c8eeb6351d3f277c33\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny1_armel.deb\n Size/MD5 checksum: 1030646 ee8a2b5f1a2ea1ef112509ccb65d1faa\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny1_armel.deb\n Size/MD5 checksum: 849982 48c2558d0fe7091fff368f9d743942c0\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny1_hppa.deb\n Size/MD5 checksum: 2268028 3c433efa492b9923a1b930ef4ab19841\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny1_hppa.deb\n Size/MD5 checksum: 968634 c63d67a2b38a30a73545f30e4aa24607\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny1_hppa.deb\n Size/MD5 checksum: 1046490 54d9745e32399860930ca04450b7b39a\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny1_hppa.udeb\n Size/MD5 checksum: 634550 094ba50a7302556bd0618569e17ff9c2\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny1_hppa.deb\n Size/MD5 checksum: 1527030 36c0f7798417675cd7981ddbc9705580\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny1_i386.deb\n Size/MD5 checksum: 2111598 912707c431b2dbf6d4e36c2a31b8b440\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny1_i386.deb\n Size/MD5 checksum: 5388510 42a7a8848e752dde862a20c08176d963\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny1_i386.deb\n Size/MD5 checksum: 2974220 5c87f867f977fd26d77ea7045338dc23\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny1_i386.udeb\n Size/MD5 checksum: 591648 48a7bf4304978c5b277d92f38d0e2379\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny1_i386.deb\n Size/MD5 checksum: 1036056 c35bc61f9c63d1e0733a927fd04c1d98\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny1_ia64.deb\n Size/MD5 checksum: 2658466 41eb62604fb87b7d3d01cda9ef982afd\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny1_ia64.udeb\n Size/MD5 checksum: 865308 70be412d7c2eb2738d480d9b7f6bef4d\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny1_ia64.deb\n Size/MD5 checksum: 1466596 8f2669464bfe853fbfc3daeb2337cd2f\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny1_ia64.deb\n Size/MD5 checksum: 1091224 6e8510b76c579797285c5709ca75736b\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny1_ia64.deb\n Size/MD5 checksum: 1282056 5ee5498cbfe1757eed843703519ecf92\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny1_mips.deb\n Size/MD5 checksum: 1012328 27ceb6f893297e785a9cee531a70e9f0\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny1_mips.deb\n Size/MD5 checksum: 899208 8529cdbb7f9b3385c7eced2af8045bd4\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny1_mips.udeb\n Size/MD5 checksum: 585154 42d41c65623af56f594b1a884d1937d2\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny1_mips.deb\n Size/MD5 checksum: 1622836 9f170a3d98747e9c8a274986be30eb95\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny1_mips.deb\n Size/MD5 checksum: 2300972 237c028b88950a4fdf8a7389d619c59c\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny1_mipsel.deb\n Size/MD5 checksum: 885106 4955b6547941d2572a70b7ae4b762a09\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny1_mipsel.deb\n Size/MD5 checksum: 1587126 924356c66d6e80ba5e99c0f378812160\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny1_mipsel.deb\n Size/MD5 checksum: 2294342 887a4b1d16d0a39ece803b96983f9168\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny1_mipsel.udeb\n Size/MD5 checksum: 572384 1d276af178f53a36c508f5a1788aed75\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny1_mipsel.deb\n Size/MD5 checksum: 1011614 fb95a352932fe84ed55771c2e799c85b\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny1_powerpc.deb\n Size/MD5 checksum: 1642718 05872aec4f0bf71f859784e67a8e7a39\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny1_powerpc.deb\n Size/MD5 checksum: 1034888 e9e792c1970a7cdf0cdf6c09c6bc9914\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny1_powerpc.udeb\n Size/MD5 checksum: 656116 171e30954c62906bc51b0e2de06b13c9\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny1_powerpc.deb\n Size/MD5 checksum: 1000200 4882382ffd9c3887ca60401f7be6240c\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny1_powerpc.deb\n Size/MD5 checksum: 2243790 a9bd06b8a3941a9c5b247c277ddfa5a1\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny1_s390.udeb\n Size/MD5 checksum: 692688 4b0f12a5f403142b2e5ea70503e420ee\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny1_s390.deb\n Size/MD5 checksum: 1025822 2b20597317d9c2f120db0743d8179f23\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny1_s390.deb\n Size/MD5 checksum: 1039274 47607ee00a14eb4f4cf358520ecaf9f3\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny1_s390.deb\n Size/MD5 checksum: 2229544 2d3adc7b210693e2e48c69c9619e04e4\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny1_s390.deb\n Size/MD5 checksum: 1603214 01ca45025dc74eff271bbef66c7fdc20\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny1_sparc.deb\n Size/MD5 checksum: 2138478 d3731773f7b9162db9fc68af6823e656\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny1_sparc.deb\n Size/MD5 checksum: 3870856 ae6cf4d3a846421b201572f1fd6e98c3\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny1_sparc.deb\n Size/MD5 checksum: 2289748 949c202bd149f698e471349c7001ee76\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny1_sparc.udeb\n Size/MD5 checksum: 580368 33c53d94bfef406982a440cf311fc33d\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny1_sparc.deb\n Size/MD5 checksum: 1032562 a25905d632f249dcaf34f3567be1fb5e\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 9, "modified": "2009-04-06T16:26:01", "published": "2009-04-06T16:26:01", "id": "DEBIAN:DSA-1763-1:45CAE", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00073.html", "title": "[SECURITY] [DSA 1763-1] New openssl packages fix denial of service", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:29", "bulletinFamily": "software", "cvelist": ["CVE-2009-0590"], "description": "===========================================================\r\nUbuntu Security Notice USN-750-1 March 30, 2009\r\nopenssl vulnerability\r\nCVE-2009-0590\r\n===========================================================\r\n\r\nA security issue affects the following Ubuntu releases:\r\n\r\nUbuntu 6.06 LTS\r\nUbuntu 7.10\r\nUbuntu 8.04 LTS\r\nUbuntu 8.10\r\n\r\nThis advisory also applies to the corresponding versions of\r\nKubuntu, Edubuntu, and Xubuntu.\r\n\r\nThe problem can be corrected by upgrading your system to the\r\nfollowing package versions:\r\n\r\nUbuntu 6.06 LTS:\r\n libssl0.9.8 0.9.8a-7ubuntu0.7\r\n\r\nUbuntu 7.10:\r\n libssl0.9.8 0.9.8e-5ubuntu3.4\r\n\r\nUbuntu 8.04 LTS:\r\n libssl0.9.8 0.9.8g-4ubuntu3.5\r\n\r\nUbuntu 8.10:\r\n libssl0.9.8 0.9.8g-10.1ubuntu2.2\r\n\r\nAfter a standard system upgrade you need to reboot your computer to\r\neffect the necessary changes.\r\n\r\nDetails follow:\r\n\r\nIt was discovered that OpenSSL did not properly validate the length of an\r\nencoded BMPString or UniversalString when printing ASN.1 strings. If a user\r\nor automated system were tricked into processing a crafted certificate, an\r\nattacker could cause a denial of service via application crash in\r\napplications linked against OpenSSL.\r\n\r\n\r\nUpdated packages for Ubuntu 6.06 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.7.diff.gz\r\n Size/MD5: 51428 50fb8d12cf2b4415839c97dace22b007\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.7.dsc\r\n Size/MD5: 822 6590596c731c73dc67da735e66191479\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a.orig.tar.gz\r\n Size/MD5: 3271435 1d16c727c10185e4d694f87f5e424ee1\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.7_amd64.udeb\r\n Size/MD5: 571944 2f15424474edee77dec078978ba77d2f\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.7_amd64.deb\r\n Size/MD5: 2167810 4df1b6270424f2f037a1c150725f761d\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.7_amd64.deb\r\n Size/MD5: 1682810 f9c0929a3eaead9987b09acc5bb810ca\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.7_amd64.deb\r\n Size/MD5: 875806 c17a675aaba84c554eee40884164c9e4\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.7_amd64.deb\r\n Size/MD5: 984892 2b09a86c80dd7b80e9df8481adb54ffe\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.7_i386.udeb\r\n Size/MD5: 509650 e2164e9a197c857d89c195a58c3e4f29\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.7_i386.deb\r\n Size/MD5: 2024362 1a42827169178912c5e45c280a3ffe5c\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.7_i386.deb\r\n Size/MD5: 5053564 bc2cd6dc321e5ad546db8187838f1aad\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.7_i386.deb\r\n Size/MD5: 2596644 7e693a95c0cc4e60f616f80ffbf75efc\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.7_i386.deb\r\n Size/MD5: 976538 2bebed1c1fa530db5ff5c45b8363cfef\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.7_powerpc.udeb\r\n Size/MD5: 558058 017ddbf5e528688c6de9b4304b50e64d\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.7_powerpc.deb\r\n Size/MD5: 2182032 3ab80d170a913d938cd81ad5f6ee0f75\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.7_powerpc.deb\r\n Size/MD5: 1727652 75f3ef27ef40ca940106ac38365ae198\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.7_powerpc.deb\r\n Size/MD5: 862224 b21f7aa2950a031b44d253c06eeacdc0\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.7_powerpc.deb\r\n Size/MD5: 980742 b7fcb8ea2d1befb0ce1e75b089b8dc5e\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.7_sparc.udeb\r\n Size/MD5: 531018 f5de513501ad0abe3701a7d1f0278fda\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.7_sparc.deb\r\n Size/MD5: 2093410 007f205cb4d3bdb0bbd58ba3611fd3b0\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.7_sparc.deb\r\n Size/MD5: 3943284 673d9f66f5bcc7b36b27bae5c802f4b5\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.7_sparc.deb\r\n Size/MD5: 2092080 88a6ea5db6b54dd210df86dd049ccd8f\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.7_sparc.deb\r\n Size/MD5: 988852 057c0802488ebfa9751dc8f5b0e07452\r\n\r\nUpdated packages for Ubuntu 7.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.4.diff.gz\r\n Size/MD5: 60153 0832a9f7f498eb779a6169b4c16e4a04\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.4.dsc\r\n Size/MD5: 958 24d310eceafcfab5c2ba64a594c0bb53\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e.orig.tar.gz\r\n Size/MD5: 3341665 3a7ff24f6ea5cd711984722ad654b927\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8e-5ubuntu3.4_amd64.udeb\r\n Size/MD5: 608766 d273f8a007354facad98fa27afffe1f2\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8e-5ubuntu3.4_amd64.deb\r\n Size/MD5: 2065402 620e215050266013b93b9efac8b5c81f\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8e-5ubuntu3.4_amd64.deb\r\n Size/MD5: 1644362 805f1866ee2218c23894061f881e5090\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8e-5ubuntu3.4_amd64.deb\r\n Size/MD5: 929358 e4189d037040762f5e3fdcb341696550\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.4_amd64.deb\r\n Size/MD5: 877790 d1b19d634c53b288c2b43795c348b551\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8e-5ubuntu3.4_i386.udeb\r\n Size/MD5: 571760 998db14a2c9f5cd52e735517591e24d3\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8e-5ubuntu3.4_i386.deb\r\n Size/MD5: 1943428 e3f6b1f36a8c1b2e50975fec06e98b1d\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8e-5ubuntu3.4_i386.deb\r\n Size/MD5: 5520920 536de07bb5fb28451eb7aee287aaf095\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8e-5ubuntu3.4_i386.deb\r\n Size/MD5: 2826130 78d61126e395d95d4b109781f10a5916\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.4_i386.deb\r\n Size/MD5: 872056 02f914db2ba9bdf6612b42aa78ee1397\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8e-5ubuntu3.4_lpia.udeb\r\n Size/MD5: 537252 386f364e6530eac0389afd9d15797f02\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8e-5ubuntu3.4_lpia.deb\r\n Size/MD5: 1922148 fc1eb2e8a3cb492f3e87b11df21b38ce\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8e-5ubuntu3.4_lpia.deb\r\n Size/MD5: 1557510 8dcad6e009a1391af0f3f08ed0d1b216\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8e-5ubuntu3.4_lpia.deb\r\n Size/MD5: 836900 9c8d1643d32ce7ae2af38eb87f1a7d03\r\n http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.4_lpia.deb\r\n Size/MD5: 876576 8bef123f5c00887858ccab410a1d0733\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8e-5ubuntu3.4_powerpc.udeb\r\n Size/MD5: 618064 0aabeac8f4547a6d3703aaf420336193\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8e-5ubuntu3.4_powerpc.deb\r\n Size/MD5: 2093230 e3d1712c23fb2c15452e154085def1f2\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8e-5ubuntu3.4_powerpc.deb\r\n Size/MD5: 1705518 35bd049df8918f47b7ae1313585c6647\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8e-5ubuntu3.4_powerpc.deb\r\n Size/MD5: 946174 b6b4d92ed09ef125998d673f621ce85f\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.4_powerpc.deb\r\n Size/MD5: 886172 c70442f70d8369a35b228cde970e2c6b\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8e-5ubuntu3.4_sparc.udeb\r\n Size/MD5: 565296 8689c8e4416b213d90a71b33a5a402b0\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8e-5ubuntu3.4_sparc.deb\r\n Size/MD5: 1987420 e028291eaa37389f0cb2413907faa104\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8e-5ubuntu3.4_sparc.deb\r\n Size/MD5: 4050590 de4395775e90bbadd95394be0f52422f\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8e-5ubuntu3.4_sparc.deb\r\n Size/MD5: 2221488 1d0594c2818c5d98b526a1abf1affc3b\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.4_sparc.deb\r\n Size/MD5: 887286 63c0f5682869328f6a5073da5a231c97\r\n\r\nUpdated packages for Ubuntu 8.04 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.5.diff.gz\r\n Size/MD5: 55462 65c8b896c58083816ceee8c8e94e5918\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.5.dsc\r\n Size/MD5: 920 ff04ed952816bb43e7e883cf05ff8130\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g.orig.tar.gz\r\n Size/MD5: 3354792 acf70a16359bf3658bdfb74bda1c4419\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8g-4ubuntu3.5_all.deb\r\n Size/MD5: 629072 61961a28b3d0c10f62ca97a57c6adaa5\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.5_amd64.udeb\r\n Size/MD5: 603800 c1e5b92094731c45f01cc33f0fee6630\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.5_amd64.deb\r\n Size/MD5: 2064854 482820f878f5d333d65d557319a9ab5f\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.5_amd64.deb\r\n Size/MD5: 1604962 c19b77a8f0c953924538732aa5171ee6\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.5_amd64.deb\r\n Size/MD5: 931634 6a7b46a1a64be9d12e4dfcaa5b1acce7\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.5_amd64.deb\r\n Size/MD5: 390578 c01c25e6264366349d60fb6ace21bce5\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.5_i386.udeb\r\n Size/MD5: 564938 51cac50604334163982c6e1397895c1b\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.5_i386.deb\r\n Size/MD5: 1942008 b3526c8ac54dc67d6daf630d67c40a47\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.5_i386.deb\r\n Size/MD5: 5341906 2461b9fed14a6199aa7d4bd6b7b9a652\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.5_i386.deb\r\n Size/MD5: 2829630 eaa05f870fa2f9c57d7176f4e91a1b4a\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.5_i386.deb\r\n Size/MD5: 385420 5af0e4c39cd52ceaafcd0a5125103902\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.5_lpia.udeb\r\n Size/MD5: 535556 8c83eedc2a4cb3d59cb1b1f9877d7943\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.5_lpia.deb\r\n Size/MD5: 1922562 db52bfdf000ab2671161284b9c6e63a2\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.5_lpia.deb\r\n Size/MD5: 1512814 4b39a74067fba83240eb82b8e108cff7\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.5_lpia.deb\r\n Size/MD5: 843380 424d2b1867409166bde88fc1d44a6d36\r\n http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.5_lpia.deb\r\n Size/MD5: 390004 5ed6989f97db5c4be56bef992d835347\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.5_powerpc.udeb\r\n Size/MD5: 610444 7a580326007e5b4d91b0706e67c48a37\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.5_powerpc.deb\r\n Size/MD5: 2078092 8ab29575374fa3fa2ccf629e6073b693\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.5_powerpc.deb\r\n Size/MD5: 1639930 f2a1b83f7bea750bfbf580a736a47c93\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.5_powerpc.deb\r\n Size/MD5: 945252 d20f005d5eb785f566c8324eddb48e7a\r\n http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.5_powerpc.deb\r\n Size/MD5: 399186 fc18b331e3bd595f133d520883c51504\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.5_sparc.udeb\r\n Size/MD5: 559756 09bd953d0198b715033e08010ace983f\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.5_sparc.deb\r\n Size/MD5: 1984804 9fd8d32c6b19687e372e8796b3aa6d6b\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.5_sparc.deb\r\n Size/MD5: 3874478 d1c50d445b3e64398f18f47ae1dc1d62\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.5_sparc.deb\r\n Size/MD5: 2242128 20efe5a5cc265c63cac32cc3b8f0f0ad\r\n http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.5_sparc.deb\r\n Size/MD5: 397844 9bfb9864b3359116cba62d8b7446d570\r\n\r\nUpdated packages for Ubuntu 8.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-10.1ubuntu2.2.diff.gz\r\n Size/MD5: 56003 54b38c83a8c3887b28f2d9ad4b6ce450\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-10.1ubuntu2.2.dsc\r\n Size/MD5: 1334 55087f573e1e5ae7a8b90e9d185c0ff1\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g.orig.tar.gz\r\n Size/MD5: 3354792 acf70a16359bf3658bdfb74bda1c4419\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8g-10.1ubuntu2.2_all.deb\r\n Size/MD5: 628782 ae12bdd831506905603b8e039882b1d9\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-10.1ubuntu2.2_amd64.udeb\r\n Size/MD5: 622134 5109e4ced8be0ca198056413f78c4bae\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-10.1ubuntu2.2_amd64.deb\r\n Size/MD5: 2109822 779446d4d0db4385ab308d6a2256b649\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-10.1ubuntu2.2_amd64.deb\r\n Size/MD5: 1685276 f366c23239d25ebc3e642376ef2b4ceb\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-10.1ubuntu2.2_amd64.deb\r\n Size/MD5: 958010 5942c4d4c93420c44a90491d90f7efc3\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-10.1ubuntu2.2_amd64.deb\r\n Size/MD5: 404000 3c4f3c2df2ae1f4e45b9abcd2e11db09\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-10.1ubuntu2.2_i386.udeb\r\n Size/MD5: 578768 3f5ff22020c48524b16950b3a9d1abd9\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-10.1ubuntu2.2_i386.deb\r\n Size/MD5: 1980772 dae54b8759e4c020a33b6833b6ce00ce\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-10.1ubuntu2.2_i386.deb\r\n Size/MD5: 5605444 b0e7c675994623328937478100c5542f\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-10.1ubuntu2.2_i386.deb\r\n Size/MD5: 2920398 40e825a72aa66c9926df39f5c50fb935\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-10.1ubuntu2.2_i386.deb\r\n Size/MD5: 398634 92d9a4454f168534f2a8d97af276f100\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-10.1ubuntu2.2_lpia.udeb\r\n Size/MD5: 547432 2f5e8f60d9ef314881098161c87ad4bb\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-10.1ubuntu2.2_lpia.deb\r\n Size/MD5: 1958206 1ef7f269d10ced84323eb788af421da7\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-10.1ubuntu2.2_lpia.deb\r\n Size/MD5: 1579156 5a899c61f8dfda67d788207586cc0ff1\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-10.1ubuntu2.2_lpia.deb\r\n Size/MD5: 862872 cdd6b8f8d2349c64ce76d905108ad535\r\n http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-10.1ubuntu2.2_lpia.deb\r\n Size/MD5: 400634 5e91b33947e6a761a5aac52f00625bf3\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n \r\nhttp://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-10.1ubuntu2.2_powerpc.udeb\r\n Size/MD5: 623248 f8b1b1ef6b8048d7d5553c1ff23f74a6\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-10.1ubuntu2.2_powerpc.deb\r\n Size/MD5: 2120300 df1f0689d35eafd92189589d8164d7b9\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-10.1ubuntu2.2_powerpc.deb\r\n Size/MD5: 1704640 44af459f92233942ff324f2eabde8149\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-10.1ubuntu2.2_powerpc.deb\r\n Size/MD5: 964806 8a0fdf26d12e5d7cd7b35cf3e5643d15\r\n http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-10.1ubuntu2.2_powerpc.deb\r\n Size/MD5: 402658 270040801e34138072585c8e3dfbdc02\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-10.1ubuntu2.2_sparc.udeb\r\n Size/MD5: 567636 277a7ff784ba38b7079135881c5371ed\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-10.1ubuntu2.2_sparc.deb\r\n Size/MD5: 2013556 239e8f8d942ece17ed1ddb34a648a861\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-10.1ubuntu2.2_sparc.deb\r\n Size/MD5: 4038398 1abc5165b8c6a518a85c032ec74d748a\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-10.1ubuntu2.2_sparc.deb\r\n Size/MD5: 2284986 0e6a5b2a8e27458ba35d7be276eb561a\r\n http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-10.1ubuntu2.2_sparc.deb\r\n Size/MD5: 406772 28877b3fa3413e18f8e0433efcd98cc8\r\n\r\n", "edition": 1, "modified": "2009-04-01T00:00:00", "published": "2009-04-01T00:00:00", "id": "SECURITYVULNS:DOC:21564", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21564", "title": "[USN-750-1] OpenSSL vulnerability", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:32", "bulletinFamily": "software", "cvelist": ["CVE-2009-0590"], "description": "Crash on UniversalString and BMPString parsing.", "edition": 1, "modified": "2009-04-01T00:00:00", "published": "2009-04-01T00:00:00", "id": "SECURITYVULNS:VULN:9787", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9787", "title": "OpenSSL library BMPString DoS", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:31", "bulletinFamily": "software", "cvelist": ["CVE-2009-2677", "CVE-2008-1720", "CVE-2009-1272", "CVE-2009-0590", "CVE-2008-4309", "CVE-2008-5161"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c01820968\r\nVersion: 1\r\n\r\nHPSBMA02447 SSRT090062 rev.1 - Insight Control Suite For Linux (ICE-LX) Cross Site Request Forgery (CSRF) , Remote\r\nExecution of Arbitrary Code, Denial of Service (DoS), and Other Vulnerabilities\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible.\r\n\r\nRelease Date: 2009-08-12\r\nLast Updated: 2009-08-12\r\n\r\nPotential Security Impact: Cross Site Request Forgery (CSRF) , Remote Execution of Arbitrary Code, Denial of Service (DoS),\r\nand Other Vulnerabilities.\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nPotential security vulnerabilities have been identified with Insight Control Suite For Linux (ICE-LX). The vulnerabilities\r\ncould be remotely exploited to allow Cross Site Request Forgery (CSRF) , Remote Execution of Arbitrary Code, Denial of\r\nService (DoS) and other vulnerabilities.\r\n\r\nReferences: CVE-2009-2677, CVE-2009-0590, CVE-2009-1272, CVE-2008-5161, CVE-2008-4309, CVE-2008-1720\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nInsight Control Suite For Linux (ICE-LX) v2.10 or earlier\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2009-2677 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.4\r\nCVE-2009-0590 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\r\nCVE-2009-1272 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\r\nCVE-2008-5161 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6\r\nCVE-2008-4309 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\r\nCVE-2008-1720 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP has made the following updated product kit available to resolve the vulnerabilities. The HP ICE-LX v2.11 kit is\r\navailable as described below.\r\n\r\nThe update file is HP_ICE_LX_V2.11_511708_004.iso which can be downloaded from here:\r\nhttps://h20392.www2.hp.com/portal/swdepot/try.do?productNumber=HPICELX\r\n\r\nThe kit can also be obtained by going to http://www.hp.com/go/ice-lx\r\n\r\nOpen Source packages updated in this version (v2.11) of ICE-LX\r\n\r\nnet-snmp-5.4.2.1\r\n\r\nphp 5.2.9\r\n\r\nrsync 3.0.5\r\n\r\nopenssh 5.2 p1\r\n\r\nopenssl-0.9.8k\r\n\r\nPRODUCT SPECIFIC INFORMATION\r\nNone\r\n\r\nHISTORY\r\nVersion:1 (rev.1) 12 August 2009 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products\r\nshould be applied in accordance with the customer's patch management policy.\r\n\r\nSupport: For further information, contact normal HP Services support channel.\r\n\r\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\r\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially\r\nexploit information.\r\nTo get the security-alert PGP key, please send an e-mail message as follows:\r\n To: security-alert@hp.com\r\n Subject: get key\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\r\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC\r\nOn the web page: ITRC security bulletins and patch sign-up\r\nUnder Step1: your ITRC security bulletins and patches\r\n -check ALL categories for which alerts are required and continue.\r\nUnder Step2: your ITRC operating systems\r\n -verify your operating system selections are checked and save.\r\n\r\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\r\nLog in on the web page: Subscriber's choice for Business: sign-in.\r\nOn the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.\r\n\r\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\r\n\r\n* The Software Product Category that this Security Bulletin\r\nrelates to is represented by the 5th and 6th characters\r\nof the Bulletin number in the title:\r\n\r\nGN = HP General SW\r\nMA = HP Management Agents\r\nMI = Misc. 3rd Party SW\r\nMP = HP MPE/iX\r\nNS = HP NonStop Servers\r\nOV = HP OpenVMS\r\nPI = HP Printing & Imaging\r\nST = HP Storage SW\r\nTL = HP Trusted Linux\r\nTU = HP Tru64 UNIX\r\nUX = HP-UX\r\nVV = HP VirtualVault\r\n\r\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually\r\nreviewing and enhancing the security features of software products to provide customers with current secure solutions.\r\n\r\n"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products\r\nthe important security information contained in this Bulletin. HP recommends that all users determine the applicability of\r\nthis information to their individual situations and take appropriate action. HP does not warrant that this information is\r\nnecessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages\r\nresulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP\r\ndisclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a\r\nparticular purpose, title and non-infringement."\r\n\r\nCopyright 2009 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The\r\ninformation provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its\r\naffiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime\r\ncost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or\r\nsoftware restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the\r\nnames of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other\r\ncountries. Other product and company names mentioned herein may be trademarks of their respective owners.\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (HP-UX)\r\n\r\niEYEARECAAYFAkqDHSwACgkQ4B86/C0qfVmS0QCg0h5MSGfJD8lU0FMxByIbcrjY\r\nKQIAn1cPRhsjlq9Ilp0pQvrO7uPbyMVH\r\n=zsBZ\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2009-08-14T00:00:00", "published": "2009-08-14T00:00:00", "id": "SECURITYVULNS:DOC:22323", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22323", "title": "[security bulletin] HPSBMA02447 SSRT090062 rev.1 - Insight Control Suite For Linux (ICE-LX) Cross Site Request Forgery (CSRF) , Remote Execution of Arbitrary Code, Denial of Service (DoS), and Other Vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:15", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0590"], "description": "\nProblem Description\nThe function ASN1_STRING_print_ex does not properly validate\n\t the lengths of BMPString or UniversalString objects before\n\t attempting to print them.\nImpact\nAn application which attempts to print a BMPString or\n\t UniversalString which has an invalid length will crash as a\n\t result of OpenSSL accessing invalid memory locations. This\n\t could be used by an attacker to crash a remote application.\nWorkaround\nNo workaround is available, but applications which do not use\n\t the ASN1_STRING_print_ex function (either directly or indirectly)\n\t are not affected.\n", "edition": 4, "modified": "2009-05-13T00:00:00", "published": "2009-03-25T00:00:00", "id": "FBC8413F-2F7A-11DE-9A3F-001B77D09812", "href": "https://vuxml.freebsd.org/freebsd/fbc8413f-2f7a-11de-9a3f-001b77d09812.html", "title": "FreeBSD -- remotely exploitable crash in OpenSSL", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntu": [{"lastseen": "2020-07-09T00:25:56", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0590"], "description": "It was discovered that OpenSSL did not properly validate the length of an \nencoded BMPString or UniversalString when printing ASN.1 strings. If a user \nor automated system were tricked into processing a crafted certificate, an \nattacker could cause a denial of service via application crash in \napplications linked against OpenSSL.", "edition": 5, "modified": "2009-03-30T00:00:00", "published": "2009-03-30T00:00:00", "id": "USN-750-1", "href": "https://ubuntu.com/security/notices/USN-750-1", "title": "OpenSSL vulnerability", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2018-04-09T11:40:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0590"], "description": "Check for the Version of sshd", "modified": "2018-04-06T00:00:00", "published": "2009-10-13T00:00:00", "id": "OPENVAS:1361412562310855776", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855776", "type": "openvas", "title": "Solaris Update for sshd 141742-04", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for sshd 141742-04\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"sshd on solaris_5.10_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n sshd\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855776\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 15:16:45 +0200 (Tue, 13 Oct 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"SUNSolve\", value: \"141742-04\");\n script_cve_id(\"CVE-2009-0590\");\n script_name(\"Solaris Update for sshd 141742-04\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-141742-04-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of sshd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"141742-04\", package:\"SUNWcry SUNWopenssl-commands SUNWopenssl-libraries SUNWsshdu SUNWsshdr SUNWsshcu SUNWopenssl-include SUNWsshu\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:39:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0590"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory FreeBSD-SA-09:08.openssl.asc", "modified": "2018-04-06T00:00:00", "published": "2009-04-28T00:00:00", "id": "OPENVAS:136141256231063899", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063899", "type": "openvas", "title": "FreeBSD Security Advisory (FreeBSD-SA-09:08.openssl.asc)", "sourceData": "#\n#ADV FreeBSD-SA-09:08.openssl.asc\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from ADV FreeBSD-SA-09:08.openssl.asc\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_insight = \"FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured\nOpen Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library.\n\nThe function ASN1_STRING_print_ex is often used to print the contents of\nan SSL certificate.\n\nThe function ASN1_STRING_print_ex does not properly validate the lengths\nof BMPString or UniversalString objects before attempting to print them.\";\ntag_solution = \"Upgrade your system to the appropriate stable release\nor security branch dated after the correction date\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FreeBSD-SA-09:08.openssl.asc\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory FreeBSD-SA-09:08.openssl.asc\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63899\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-28 20:40:12 +0200 (Tue, 28 Apr 2009)\");\n script_cve_id(\"CVE-2009-0590\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n name = \"FreeBSD Security Advisory (FreeBSD-SA-09:08.openssl.asc)\";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n family = \"FreeBSD Local Security Checks\";\n script_family(family);\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdpatchlevel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\nvuln = 0;\nif(patchlevelcmp(rel:\"7.1\", patchlevel:\"5\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"7.0\", patchlevel:\"12\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"6.4\", patchlevel:\"4\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"6.3\", patchlevel:\"10\")<0) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0590"], "description": "The remote host is missing an update to openssl\nannounced via advisory DSA 1763-1.", "modified": "2017-07-07T00:00:00", "published": "2009-04-15T00:00:00", "id": "OPENVAS:63790", "href": "http://plugins.openvas.org/nasl.php?oid=63790", "type": "openvas", "title": "Debian Security Advisory DSA 1763-1 (openssl)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1763_1.nasl 6615 2017-07-07 12:09:52Z cfischer $\n# Description: Auto-generated from advisory DSA 1763-1 (openssl)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that insufficient length validations in the ASN.1\nhandling of the OpenSSL crypto library may lead to denial of service\nwhen processing a manipulated certificate.\n\nFor the old stable distribution (etch), this problem has been fixed in\nversion 0.9.8c-4etch5 of the openssl package and in version\n0.9.7k-3.1etch3 of the openssl097 package.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 0.9.8g-15+lenny1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.9.8g-16.\n\nWe recommend that you upgrade your openssl packages.\";\ntag_summary = \"The remote host is missing an update to openssl\nannounced via advisory DSA 1763-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201763-1\";\n\n\nif(description)\n{\n script_id(63790);\n script_version(\"$Revision: 6615 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:52 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-15 22:11:00 +0200 (Wed, 15 Apr 2009)\");\n script_cve_id(\"CVE-2009-0590\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Debian Security Advisory DSA 1763-1 (openssl)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"0.9.8c-4etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl0.9.7\", ver:\"0.9.7k-3.1etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl0.9.8-dbg\", ver:\"0.9.8c-4etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.8c-4etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8c-4etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl0.9.7-dbg\", ver:\"0.9.7k-3.1etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"0.9.8g-15+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8g-15+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl0.9.8-dbg\", ver:\"0.9.8g-15+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.8g-15+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:13:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0590"], "description": "Check for the Version of sshd", "modified": "2017-02-20T00:00:00", "published": "2009-09-23T00:00:00", "id": "OPENVAS:855653", "href": "http://plugins.openvas.org/nasl.php?oid=855653", "type": "openvas", "title": "Solaris Update for sshd 141742-02", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for sshd 141742-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"sshd on solaris_5.10_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n sshd\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855653);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-23 10:48:35 +0200 (Wed, 23 Sep 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"SUNSolve\", value: \"141742-02\");\n script_cve_id(\"CVE-2009-0590\");\n script_name(\"Solaris Update for sshd 141742-02\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-141742-02-1\");\n\n script_summary(\"Check for the Version of sshd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"141742-02\", package:\"SUNWcry SUNWopenssl-commands SUNWopenssl-libraries SUNWsshdu SUNWsshdr SUNWsshcu SUNWopenssl-include SUNWsshu\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0590"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200904-08.", "modified": "2017-07-07T00:00:00", "published": "2009-04-15T00:00:00", "id": "OPENVAS:63802", "href": "http://plugins.openvas.org/nasl.php?oid=63802", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200904-08 (openssl)", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"An error in OpenSSL might allow for a Denial of Service when printing\ncertificate details.\";\ntag_solution = \"All OpenSSL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/openssl-0.9.8k'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200904-08\nhttp://bugs.gentoo.org/show_bug.cgi?id=263751\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200904-08.\";\n\n \n \n\nif(description)\n{\n script_id(63802);\n script_version(\"$Revision: 6595 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:19:55 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-15 22:11:00 +0200 (Wed, 15 Apr 2009)\");\n script_cve_id(\"CVE-2009-0590\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200904-08 (openssl)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8k\"), vulnerable: make_list(\"lt 0.9.8k\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:39:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0590"], "description": "The remote host is missing an update to openssl\nannounced via advisory DSA 1763-1.", "modified": "2018-04-06T00:00:00", "published": "2009-04-15T00:00:00", "id": "OPENVAS:136141256231063790", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063790", "type": "openvas", "title": "Debian Security Advisory DSA 1763-1 (openssl)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1763_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1763-1 (openssl)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that insufficient length validations in the ASN.1\nhandling of the OpenSSL crypto library may lead to denial of service\nwhen processing a manipulated certificate.\n\nFor the old stable distribution (etch), this problem has been fixed in\nversion 0.9.8c-4etch5 of the openssl package and in version\n0.9.7k-3.1etch3 of the openssl097 package.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 0.9.8g-15+lenny1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.9.8g-16.\n\nWe recommend that you upgrade your openssl packages.\";\ntag_summary = \"The remote host is missing an update to openssl\nannounced via advisory DSA 1763-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201763-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63790\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-15 22:11:00 +0200 (Wed, 15 Apr 2009)\");\n script_cve_id(\"CVE-2009-0590\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Debian Security Advisory DSA 1763-1 (openssl)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"0.9.8c-4etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl0.9.7\", ver:\"0.9.7k-3.1etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl0.9.8-dbg\", ver:\"0.9.8c-4etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.8c-4etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8c-4etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl0.9.7-dbg\", ver:\"0.9.7k-3.1etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"0.9.8g-15+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8g-15+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl0.9.8-dbg\", ver:\"0.9.8g-15+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.8g-15+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:39:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0590"], "description": "Check for the Version of sshd", "modified": "2018-04-06T00:00:00", "published": "2009-09-23T00:00:00", "id": "OPENVAS:1361412562310855653", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855653", "type": "openvas", "title": "Solaris Update for sshd 141742-02", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for sshd 141742-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"sshd on solaris_5.10_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n sshd\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855653\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-23 10:48:35 +0200 (Wed, 23 Sep 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"SUNSolve\", value: \"141742-02\");\n script_cve_id(\"CVE-2009-0590\");\n script_name(\"Solaris Update for sshd 141742-02\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-141742-02-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of sshd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"141742-02\", package:\"SUNWcry SUNWopenssl-commands SUNWopenssl-libraries SUNWsshdu SUNWsshdr SUNWsshcu SUNWopenssl-include SUNWsshu\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-02-02T13:16:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0590"], "description": "The remote host is missing an update to openssl\nannounced via advisory USN-750-1.", "modified": "2018-02-01T00:00:00", "published": "2009-04-06T00:00:00", "id": "OPENVAS:63751", "href": "http://plugins.openvas.org/nasl.php?oid=63751", "type": "openvas", "title": "Ubuntu USN-750-1 (openssl)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_750_1.nasl 8616 2018-02-01 08:24:13Z cfischer $\n# $Id: ubuntu_750_1.nasl 8616 2018-02-01 08:24:13Z cfischer $\n# Description: Auto-generated from advisory USN-750-1 (openssl)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 6.06 LTS:\n libssl0.9.8 0.9.8a-7ubuntu0.7\n\nUbuntu 7.10:\n libssl0.9.8 0.9.8e-5ubuntu3.4\n\nUbuntu 8.04 LTS:\n libssl0.9.8 0.9.8g-4ubuntu3.5\n\nUbuntu 8.10:\n libssl0.9.8 0.9.8g-10.1ubuntu2.2\n\nAfter a standard system upgrade you need to reboot your computer to\neffect the necessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-750-1\";\n\ntag_insight = \"It was discovered that OpenSSL did not properly validate the length of an\nencoded BMPString or UniversalString when printing ASN.1 strings. If a user\nor automated system were tricked into processing a crafted certificate, an\nattacker could cause a denial of service via application crash in\napplications linked against OpenSSL.\";\ntag_summary = \"The remote host is missing an update to openssl\nannounced via advisory USN-750-1.\";\n\n \n\n\nif(description)\n{\n script_id(63751);\n script_version(\"$Revision: 8616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-01 09:24:13 +0100 (Thu, 01 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-06 20:58:11 +0200 (Mon, 06 Apr 2009)\");\n script_cve_id(\"CVE-2009-0590\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Ubuntu USN-750-1 (openssl)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-750-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"0.9.8a-7ubuntu0.7\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl0.9.8-dbg\", ver:\"0.9.8a-7ubuntu0.7\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8a-7ubuntu0.7\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.8a-7ubuntu0.7\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"0.9.8e-5ubuntu3.4\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl0.9.8-dbg\", ver:\"0.9.8e-5ubuntu3.4\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8e-5ubuntu3.4\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.8e-5ubuntu3.4\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl-doc\", ver:\"0.9.8g-4ubuntu3.5\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"0.9.8g-4ubuntu3.5\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl0.9.8-dbg\", ver:\"0.9.8g-4ubuntu3.5\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8g-4ubuntu3.5\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.8g-4ubuntu3.5\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl-doc\", ver:\"0.9.8g-10.1ubuntu2.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"0.9.8g-10.1ubuntu2.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl0.9.8-dbg\", ver:\"0.9.8g-10.1ubuntu2.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8g-10.1ubuntu2.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.8g-10.1ubuntu2.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(port:0, data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:14:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0590"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-12-21T00:00:00", "published": "2009-05-11T00:00:00", "id": "OPENVAS:63968", "href": "http://plugins.openvas.org/nasl.php?oid=63968", "type": "openvas", "title": "FreeBSD Ports: FreeBSD", "sourceData": "#\n#VID fbc8413f-2f7a-11de-9a3f-001b77d09812\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID fbc8413f-2f7a-11de-9a3f-001b77d09812\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: FreeBSD\n\nCVE-2009-0590\nThe ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows\nremote attackers to cause a denial of service (invalid memory access\nand application crash) via vectors that trigger printing of a (1)\nBMPString or (2) UniversalString with an invalid encoded length.\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\";\n\nif(description)\n{\n script_id(63968);\n script_version(\"$Revision: 4824 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-21 09:49:38 +0100 (Wed, 21 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-11 20:24:31 +0200 (Mon, 11 May 2009)\");\n script_cve_id(\"CVE-2009-0590\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"FreeBSD Ports: FreeBSD\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"FreeBSD\");\nif(!isnull(bver) && revcomp(a:bver, b:\"6.3\")>=0 && revcomp(a:bver, b:\"6.3_10\")<0) {\n txt += 'Package FreeBSD version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"6.4\")>=0 && revcomp(a:bver, b:\"6.4_4\")<0) {\n txt += 'Package FreeBSD version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"7.0\")>=0 && revcomp(a:bver, b:\"7.0_12\")<0) {\n txt += 'Package FreeBSD version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"7.1\")>=0 && revcomp(a:bver, b:\"7.1_5\")<0) {\n txt += 'Package FreeBSD version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-12-08T11:55:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0590"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory FreeBSD-SA-09:08.openssl.asc", "modified": "2017-12-07T00:00:00", "published": "2009-04-28T00:00:00", "id": "OPENVAS:63899", "href": "http://plugins.openvas.org/nasl.php?oid=63899", "type": "openvas", "title": "FreeBSD Security Advisory (FreeBSD-SA-09:08.openssl.asc)", "sourceData": "#\n#ADV FreeBSD-SA-09:08.openssl.asc\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from ADV FreeBSD-SA-09:08.openssl.asc\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_insight = \"FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured\nOpen Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library.\n\nThe function ASN1_STRING_print_ex is often used to print the contents of\nan SSL certificate.\n\nThe function ASN1_STRING_print_ex does not properly validate the lengths\nof BMPString or UniversalString objects before attempting to print them.\";\ntag_solution = \"Upgrade your system to the appropriate stable release\nor security branch dated after the correction date\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FreeBSD-SA-09:08.openssl.asc\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory FreeBSD-SA-09:08.openssl.asc\";\n\n\nif(description)\n{\n script_id(63899);\n script_version(\"$Revision: 8023 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-07 09:36:26 +0100 (Thu, 07 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-28 20:40:12 +0200 (Tue, 28 Apr 2009)\");\n script_cve_id(\"CVE-2009-0590\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n name = \"FreeBSD Security Advisory (FreeBSD-SA-09:08.openssl.asc)\";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n family = \"FreeBSD Local Security Checks\";\n script_family(family);\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdpatchlevel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\nvuln = 0;\nif(patchlevelcmp(rel:\"7.1\", patchlevel:\"5\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"7.0\", patchlevel:\"12\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"6.4\", patchlevel:\"4\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"6.3\", patchlevel:\"10\")<0) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:26", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0590"], "edition": 1, "description": "### Background\n\nOpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library. \n\n### Description\n\nThe ASN1_STRING_print_ex() function does not properly check the provided length of a BMPString or UniversalString, leading to an invalid memory access. \n\n### Impact\n\nA remote attacker could entice a user or automated system to print a specially crafted certificate, possibly leading to a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll OpenSSL users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/openssl-0.9.8k\"", "modified": "2009-04-07T00:00:00", "published": "2009-04-07T00:00:00", "id": "GLSA-200904-08", "href": "https://security.gentoo.org/glsa/200904-08", "type": "gentoo", "title": "OpenSSL: Denial of Service", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "slackware": [{"lastseen": "2019-05-30T07:36:48", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0789", "CVE-2009-0590", "CVE-2009-0591"], "description": "New openssl packages are available for Slackware 11.0, 12.0, 12.1, 12.2,\nand -current to fix security issues.\n\nMore details about the issues may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0789\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0591\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590\n\n\nHere are the details from the Slackware 12.2 ChangeLog:\n\npatches/packages/openssl-0.9.8h-i486-3_slack12.0.tgz: Patched (see below).\npatches/packages/openssl-solibs-0.9.8h-i486-3_slack12.0.tgz:\n Patched to fix possible crashes as well as a (fairly unlikely) case\n where an invalid signature might verify as valid.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0789\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0591\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590\n (* Security fix *)\n\nWhere to find the new packages:\n\nUpdated package for Slackware 11.0:\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/openssl-0.9.8h-i486-3_slack11.0.tgz openssl-solibs-0.9.8h-i486-3_slack11.0.tgz\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/openssl-0.9.8h-i486-3_slack12.0.tgz openssl-solibs-0.9.8h-i486-3_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/openssl-0.9.8h-i486-3_slack12.1.tgz openssl-solibs-0.9.8h-i486-3_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/openssl-0.9.8i-i486-3_slack12.2.tgz openssl-solibs-0.9.8i-i486-3_slack12.2.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-0.9.8k-i486-1.tgz n/openssl-0.9.8k-i486-1.tgz\n\n\nMD5 signatures:\n\nSlackware 11.0 packages:\ne44ec3cba02b75d0a9a2eaa3497cacdd openssl-0.9.8h-i486-3_slack11.0.tgz\n58d2055da525dbce5b311c2b40fad7dc openssl-solibs-0.9.8h-i486-3_slack11.0.tgz\n\nSlackware 12.0 packages:\n5784077250604b326baa2a34f6ead905 openssl-0.9.8h-i486-3_slack12.0.tgz\n60b6ed4db2f76634abeab1a99b90cd87 openssl-solibs-0.9.8h-i486-3_slack12.0.tgz\n\nSlackware 12.1 packages:\nc83b32d650ade46c3fd162c11fa749fb openssl-0.9.8h-i486-3_slack12.1.tgz\nabda6caa9130093004dd87e093d4a93f openssl-solibs-0.9.8h-i486-3_slack12.1.tgz\n\nSlackware 12.2 packages:\nc910652909f75aa654dfb2835e474edf openssl-0.9.8i-i486-3_slack12.2.tgz\n1acff931e71bddeed83a7ee4726286fa openssl-solibs-0.9.8i-i486-3_slack12.2.tgz\n\nSlackware -current packages:\nb90377904539671507c04168172c4c6c openssl-solibs-0.9.8k-i486-1.tgz\na43244be109e42168f251f04cef10dd6 openssl-0.9.8k-i486-1.tgz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg openssl-0.9.8i-i486-3_slack12.2.tgz openssl-solibs-0.9.8i-i486-3_slack12.2.tgz", "modified": "2009-04-07T23:29:36", "published": "2009-04-07T23:29:36", "id": "SSA-2009-098-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.439047", "type": "slackware", "title": "openssl", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "threatpost": [{"lastseen": "2018-10-06T23:10:24", "bulletinFamily": "info", "cvelist": ["CVE-2009-0590", "CVE-2009-0591", "CVE-2009-0789"], "description": "[](<https://threatpost.com/multiple-vulnerabilities-found-fixed-openssl-032609/>)The [OpenSSL Project](<http://www.openssl.org/>) has released new versions of its popular implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols to fix multiple security vulnerabilities.\n\nAccording to [an advisory](<http://www.openssl.org/news/secadv_20090325.txt>) [openssl.org], the update fixes three security flaws that carry \u201cmoderate severity\u201d ratings. The raw details:\n\n * **ASN1 printing crash:** The function ASN1_STRING_print_ex() when used to print a BMPString or UniversalString will crash with an invalid memory access if the encoded length of the string is illegal. (CVE-2009-0590. \n * Any OpenSSL application which prints out the contents of a certificate could be affected by this bug, including SSL servers, clients and S/MIME software.\n * **Incorrect Error Checking During CMS verification:** The function CMS_verify() does not correctly handle an error condition involving malformed signed attributes. This will cause an invalid set of signed attributes to appear valid and content digests will not be checked. (CVE-2009-0591) \n * These malformed attributes cannot be generated without access to he signer\u2019s private key so an attacker cannot forge signatures. A valid signer could however generate an invalid signature which appears valid and later repudiate the signature.\n * **Invalid ASN1 clearing check:** When a malformed ASN1 structure is received it\u2019s contents are freed up and zeroed and an error condition returned. On a small number of platforms where sizeof(long) < sizeof(void *) (for example WIN64) this can cause an invalid memory access later resulting in a crash when some invalid structures are read, for example RSA public keys (CVE-2009-0789). \n * Any OpenSSL application which uses the public key of an untrusted certificate could be crashed by a malformed structure. Including SSL servers, clients, CA and S/MIME software.\n\nRead [the full advisory](<http://www.openssl.org/news/secadv_20090325.txt>) [openssl.org]\n\nI strongly recommend that OpenSSL users follow [the advice from US-CERT](<http://www.us-cert.gov/current/index.html#openssl_releases_security_advisory1>):\n\nBecause OpenSSL is widely redistributed, users should check for updates from their operating system vendors and vendors of other products using OpenSSL. Users of OpenSSL from the original source distribution should upgrade to [OpenSSL 0.9.8k](<http://www.openssl.org/source/>) [openssl.org].\n", "modified": "2013-04-17T16:39:25", "published": "2009-03-26T23:43:56", "id": "THREATPOST:23E7D03B5F2EC42BD327B51AEE52D550", "href": "https://threatpost.com/multiple-vulnerabilities-found-fixed-openssl-032609/72539/", "type": "threatpost", "title": "Multiple vulnerabilities found, fixed in OpenSSL", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "redhat": [{"lastseen": "2019-08-13T18:45:35", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0590", "CVE-2009-2409", "CVE-2009-3555"], "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nA flaw was found in the way the TLS/SSL (Transport Layer Security/Secure\nSockets Layer) protocols handled session renegotiation. A man-in-the-middle\nattacker could use this flaw to prefix arbitrary plain text to a client's\nsession (for example, an HTTPS connection to a website). This could force\nthe server to process an attacker's request as if authenticated using the\nvictim's credentials. This update addresses this flaw by implementing the\nTLS Renegotiation Indication Extension, as defined in RFC 5746.\n(CVE-2009-3555)\n\nRefer to the following Knowledgebase article for additional details about\nthe CVE-2009-3555 flaw: http://kbase.redhat.com/faq/docs/DOC-20491\n\nDan Kaminsky found that browsers could accept certificates with MD2 hash\nsignatures, even though MD2 is no longer considered a cryptographically\nstrong algorithm. This could make it easier for an attacker to create a\nmalicious certificate that would be treated as trusted by a browser.\nOpenSSL now disables the use of the MD2 algorithm inside signatures by\ndefault. (CVE-2009-2409)\n\nAn input validation flaw was found in the handling of the BMPString and\nUniversalString ASN1 string types in OpenSSL's ASN1_STRING_print_ex()\nfunction. An attacker could use this flaw to create a specially-crafted\nX.509 certificate that could cause applications using the affected function\nto crash when printing certificate contents. (CVE-2009-0590)\n\nNote: The affected function is rarely used. No application shipped with Red\nHat Enterprise Linux calls this function, for example.\n\nAll OpenSSL users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. For the update to take effect,\nall services linked to the OpenSSL library must be restarted, or the system\nrebooted.", "modified": "2018-05-26T04:26:18", "published": "2010-03-25T04:00:00", "id": "RHSA-2010:0163", "href": "https://access.redhat.com/errata/RHSA-2010:0163", "type": "redhat", "title": "(RHSA-2010:0163) Moderate: openssl security update", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:43", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2409", "CVE-2009-0590", "CVE-2009-3555"], "description": "[0.9.7a-43.17.5]\n- do not disable SSLv2 in the renegotiation patch - SSLv2 does\n not support renegotiation\n- allow unsafe renegotiation on clients with SSL_OP_LEGACY_SERVER_CONNECT\n[0.9.7a-43.17.4]\n- mention the RFC5746 in the renegotiation fix doc\n[0.9.7a-43.17.3]\n- CVE-2009-3555 - support the secure renegotiation RFC (#533125)\n- CVE-2009-2409 - drop MD2 from the default algorithm list (#510197)\n- CVE-2009-0590 - crash when printing incorrect asn1 strings (#492304) ", "edition": 4, "modified": "2010-03-25T00:00:00", "published": "2010-03-25T00:00:00", "id": "ELSA-2010-0163", "href": "http://linux.oracle.com/errata/ELSA-2010-0163.html", "title": "openssl security update", "type": "oraclelinux", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:25:42", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2409", "CVE-2009-0590", "CVE-2009-3555"], "description": "**CentOS Errata and Security Advisory** CESA-2010:0163\n\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nA flaw was found in the way the TLS/SSL (Transport Layer Security/Secure\nSockets Layer) protocols handled session renegotiation. A man-in-the-middle\nattacker could use this flaw to prefix arbitrary plain text to a client's\nsession (for example, an HTTPS connection to a website). This could force\nthe server to process an attacker's request as if authenticated using the\nvictim's credentials. This update addresses this flaw by implementing the\nTLS Renegotiation Indication Extension, as defined in RFC 5746.\n(CVE-2009-3555)\n\nRefer to the following Knowledgebase article for additional details about\nthe CVE-2009-3555 flaw: http://kbase.redhat.com/faq/docs/DOC-20491\n\nDan Kaminsky found that browsers could accept certificates with MD2 hash\nsignatures, even though MD2 is no longer considered a cryptographically\nstrong algorithm. This could make it easier for an attacker to create a\nmalicious certificate that would be treated as trusted by a browser.\nOpenSSL now disables the use of the MD2 algorithm inside signatures by\ndefault. (CVE-2009-2409)\n\nAn input validation flaw was found in the handling of the BMPString and\nUniversalString ASN1 string types in OpenSSL's ASN1_STRING_print_ex()\nfunction. An attacker could use this flaw to create a specially-crafted\nX.509 certificate that could cause applications using the affected function\nto crash when printing certificate contents. (CVE-2009-0590)\n\nNote: The affected function is rarely used. No application shipped with Red\nHat Enterprise Linux calls this function, for example.\n\nAll OpenSSL users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. For the update to take effect,\nall services linked to the OpenSSL library must be restarted, or the system\nrebooted.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/028618.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/028619.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/028647.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/028648.html\n\n**Affected packages:**\nopenssl\nopenssl-devel\nopenssl-perl\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0163.html", "edition": 4, "modified": "2010-03-28T20:44:54", "published": "2010-03-25T22:38:39", "href": "http://lists.centos.org/pipermail/centos-announce/2010-March/028618.html", "id": "CESA-2010:0163", "title": "openssl security update", "type": "centos", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "suse": [{"lastseen": "2016-09-04T12:46:50", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0789", "CVE-2010-4180", "CVE-2008-5077", "CVE-2009-0590", "CVE-2009-3555"], "description": "This update adds openssl patches since 2007 for:\n\n * CVE-2009-0590\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590</a>\n >\n * CVE-2008-5077\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077</a>\n >\n * CVE-2009-0789\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0789\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0789</a>\n >\n * CVE-2009-3555\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555</a>\n >\n * CVE-2010-4180\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4180\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4180</a>\n >\n", "edition": 1, "modified": "2011-07-27T17:08:16", "published": "2011-07-27T17:08:16", "id": "SUSE-SU-2011:0847-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html", "title": "Security update for compat-openssl097g (important)", "type": "suse", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:29:26", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0789", "CVE-2010-4180", "CVE-2008-5077", "CVE-2009-0590", "CVE-2009-3555"], "description": "This update adds openssl patches since 2007 for:\n - CVE-2008-5077\n - CVE-2009-0590\n - CVE-2009-0789\n - CVE-2009-3555\n - CVE-2010-4180\n\n", "edition": 1, "modified": "2011-07-27T16:08:25", "published": "2011-07-27T16:08:25", "id": "OPENSUSE-SU-2011:0845-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html", "type": "suse", "title": "compat-openssl097g (important)", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "vmware": [{"lastseen": "2019-11-06T16:05:43", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2409", "CVE-2009-0590", "CVE-2009-3555", "CVE-2010-0405", "CVE-2010-3069"], "description": "a. Service Console update for samba \n\n\nThe service console package samba is updated to version 3.0.9-1.3E.18. \n \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-3069 to this issue. \n \nColumn 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. \n \n\n", "edition": 4, "modified": "2011-04-28T00:00:00", "published": "2010-12-07T00:00:00", "id": "VMSA-2010-0019", "href": "https://www.vmware.com/security/advisories/VMSA-2010-0019.html", "title": "VMware ESX third party updates for Service Console", "type": "vmware", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
