In order to achieve remote code execution against the vulnerabilities
that we recently discovered in OpenSMTPD (CVE-2015-7687), a memory leak
is needed. Because we could not find one in OpenSMTPD itself, we started
to review the malloc()s and free()s of its libraries, and eventually
found a memory leak in LibreSSL's OBJ_obj2txt() function; we then
realized that this function also contains a buffer overflow (an
off-by-one, usually stack-based).
The vulnerable function OBJ_obj2txt() is reachable through
X509_NAME_oneline() and d2i_X509(), which is called automatically to
decode the X.509 certificates exchanged during an SSL handshake (both
client-side, unless an anonymous mode is used, and server-side, if
client authentication is requested).
These vulnerabilities affect all LibreSSL versions, including LibreSSL
2.0.0 (the first public release) and LibreSSL 2.3.0 (the latest release
at the time of writing). OpenSSL is not affected.
OBJ_obj2txt() converts an ASN.1 object identifier (the ASN1_OBJECT a)
into a null-terminated string of numerical subidentifiers separated by
dots (at most buf_len bytes are written to buf).
Large subidentifiers are temporarily stored in a BIGNUM (bl) and
converted by BN_bn2dec() into a printable string of decimal characters
(bndec). Many such bndec strings can be malloc()ated and memory-leaked
in a loop, because only the last one will be free()d, after the end of
the loop:
489 int
490 OBJ_obj2txt(char buf, int buf_len, const ASN1_OBJECT a, int no_name)
491 {
...
494 char *bndec = NULL;
...
516 len = a->length;
...
519 while (len > 0) {
...
570 bndec = BN_bn2dec(bl);
571 if (!bndec)
572 goto err;
573 i = snprintf(buf, buf_len, ".%s", bndec);
...
598 }
...
601 free(bndec);
...
609 }
This memory leak allows remote attackers to cause a denial of service
(memory exhaustion) or trigger the buffer overflow described below.
As a result of CVE-2014-3508, OBJ_obj2txt() was modified to "Ensure
that, at every state, |buf| is NUL-terminated." However, in LibreSSL,
the error-handling code at the end of the function may write this
null-terminator out-of-bounds:
489 int
490 OBJ_obj2txt(char buf, int buf_len, const ASN1_OBJECT a, int no_name)
491 {
...
516 len = a->length;
517 p = a->data;
518
519 while (len > 0) {
...
522 for (;;) {
523 unsigned char c = p++;
524 len--;
525 if ((len == 0) && (c & 0x80))
526 goto err;
...
528 if (!BN_add_word(bl, c & 0x7f))
529 goto err;
...
535 if (!bl && !(bl = BN_new()))
536 goto err;
537 if (!BN_set_word(bl, l))
538 goto err;
...
542 if (!BN_lshift(bl, bl, 7))
543 goto err;
...
546 }
...
553 if (!BN_sub_word(bl, 80))
554 goto err;
...
561 if (buf_len > 1) {
562 buf++ = i + '0';
563 *buf = '\0';
564 buf_len--;
565 }
...
569 if (use_bn) {
570 bndec = BN_bn2dec(bl);
571 if (!bndec)
572 goto err;
573 i = snprintf(buf, buf_len, ".%s", bndec);
574 if (i == -1)
575 goto err;
576 if (i >= buf_len) {
577 buf += buf_len;
578 buf_len = 0;
579 } else {
580 buf += i;
581 buf_len -= i;
582 }
...
584 } else {
585 i = snprintf(buf, buf_len, ".%lu", l);
586 if (i == -1)
587 goto err;
588 if (i >= buf_len) {
589 buf += buf_len;
590 buf_len = 0;
591 } else {
592 buf += i;
593 buf_len -= i;
594 }
...
597 }
598 }
599
600 out:
...
603 return ret;
604
605 err:
606 ret = 0;
607 buf[0] = '\0';
608 goto out;
609 }
First, in order to trigger this off-by-one buffer overflow, buf must be
increased until it points to the first out-of-bounds character (i.e.,
until buf_len becomes zero):
on the one hand, this is impossible with the code blocks at lines
561-564, 579-581, and 591-593;
on the other hand, this is very easy with the code blocks at lines
576-578 and 588-590 (the destination buffer is usually quite small;
for example, it is only 80 bytes long in X509_NAME_oneline()).
Second, the code must branch to the err label:
the "goto err"s at lines 574-575 and 586-587 are unreachable, because
snprintf() cannot possibly return -1 here;
the "goto err" at lines 525-526 is:
. very easy to reach in LibreSSL <= 2.0.4;
. impossible to reach in LibreSSL >= 2.0.5, because of the "MSB must
be clear in the last octet" sanity check that was added to
c2i_ASN1_OBJECT():
286 /
287 * Sanity check OID encoding:
288 * - need at least one content octet
289 * - MSB must be clear in the last octet
290 * - can't have leading 0x80 in subidentifiers, see: X.690 8.19.2
291 /
292 if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL ||
293 p[len - 1] & 0x80) {
294 ASN1err(ASN1_F_C2I_ASN1_OBJECT, ASN1_R_INVALID_OBJECT_ENCODING);
295 return (NULL);
296 }
the remaining "goto err"s are triggered by error conditions in various
BIGNUM functions:
. either because of a very large BIGNUM (approximately 64 megabytes,
which is impossible in the context of an SSL handshake, where X.509
certificates are limited to 100 kilobytes);
. or because of an out-of-memory condition (which can be reached
through the memory leak described above).
This off-by-one buffer overflow allows remote attackers to cause a
denial of service (crash) or possibly execute arbitrary code. However,
when triggered through X509_NAME_oneline() (and therefore d2i_X509()),
this buffer overflow is stack-based and probably not exploitable on
OpenBSD x86, where it appears to always smash the stack canary.
We would like to thank the LibreSSL team for their great work and their
incredibly quick response, and Red Hat Product Security for promptly
assigning CVE-IDs to these issues.
{"id": "SECURITYVULNS:DOC:32559", "bulletinFamily": "software", "title": "Qualys Security Advisory - LibreSSL (CVE-2015-5333 and CVE-2015-5334)", "description": "\r\n\r\n\r\nQualys Security Advisory\r\n\r\nLibreSSL (CVE-2015-5333 and CVE-2015-5334)\r\n\r\n\r\n========================================================================\r\nContents\r\n========================================================================\r\n\r\nSummary\r\nMemory Leak (CVE-2015-5333)\r\nBuffer Overflow (CVE-2015-5334)\r\nAcknowledgments\r\n\r\n\r\n========================================================================\r\nSummary\r\n========================================================================\r\n\r\nIn order to achieve remote code execution against the vulnerabilities\r\nthat we recently discovered in OpenSMTPD (CVE-2015-7687), a memory leak\r\nis needed. Because we could not find one in OpenSMTPD itself, we started\r\nto review the malloc()s and free()s of its libraries, and eventually\r\nfound a memory leak in LibreSSL's OBJ_obj2txt() function; we then\r\nrealized that this function also contains a buffer overflow (an\r\noff-by-one, usually stack-based).\r\n\r\nThe vulnerable function OBJ_obj2txt() is reachable through\r\nX509_NAME_oneline() and d2i_X509(), which is called automatically to\r\ndecode the X.509 certificates exchanged during an SSL handshake (both\r\nclient-side, unless an anonymous mode is used, and server-side, if\r\nclient authentication is requested).\r\n\r\nThese vulnerabilities affect all LibreSSL versions, including LibreSSL\r\n2.0.0 (the first public release) and LibreSSL 2.3.0 (the latest release\r\nat the time of writing). OpenSSL is not affected.\r\n\r\n\r\n========================================================================\r\nMemory Leak (CVE-2015-5333)\r\n========================================================================\r\n\r\nOBJ_obj2txt() converts an ASN.1 object identifier (the ASN1_OBJECT a)\r\ninto a null-terminated string of numerical subidentifiers separated by\r\ndots (at most buf_len bytes are written to buf).\r\n\r\nLarge subidentifiers are temporarily stored in a BIGNUM (bl) and\r\nconverted by BN_bn2dec() into a printable string of decimal characters\r\n(bndec). Many such bndec strings can be malloc()ated and memory-leaked\r\nin a loop, because only the last one will be free()d, after the end of\r\nthe loop:\r\n\r\n489 int\r\n490 OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)\r\n491 {\r\n...\r\n494 char *bndec = NULL;\r\n...\r\n516 len = a->length;\r\n...\r\n519 while (len > 0) {\r\n...\r\n570 bndec = BN_bn2dec(bl);\r\n571 if (!bndec)\r\n572 goto err;\r\n573 i = snprintf(buf, buf_len, ".%s", bndec);\r\n...\r\n598 }\r\n...\r\n601 free(bndec);\r\n...\r\n609 }\r\n\r\nThis memory leak allows remote attackers to cause a denial of service\r\n(memory exhaustion) or trigger the buffer overflow described below.\r\n\r\n\r\n========================================================================\r\nBuffer Overflow (CVE-2015-5334)\r\n========================================================================\r\n\r\nAs a result of CVE-2014-3508, OBJ_obj2txt() was modified to "Ensure\r\nthat, at every state, |buf| is NUL-terminated." However, in LibreSSL,\r\nthe error-handling code at the end of the function may write this\r\nnull-terminator out-of-bounds:\r\n\r\n489 int\r\n490 OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)\r\n491 {\r\n...\r\n516 len = a->length;\r\n517 p = a->data;\r\n518\r\n519 while (len > 0) {\r\n...\r\n522 for (;;) {\r\n523 unsigned char c = *p++;\r\n524 len--;\r\n525 if ((len == 0) && (c & 0x80))\r\n526 goto err;\r\n...\r\n528 if (!BN_add_word(bl, c & 0x7f))\r\n529 goto err;\r\n...\r\n535 if (!bl && !(bl = BN_new()))\r\n536 goto err;\r\n537 if (!BN_set_word(bl, l))\r\n538 goto err;\r\n...\r\n542 if (!BN_lshift(bl, bl, 7))\r\n543 goto err;\r\n...\r\n546 }\r\n...\r\n553 if (!BN_sub_word(bl, 80))\r\n554 goto err;\r\n...\r\n561 if (buf_len > 1) {\r\n562 *buf++ = i + '0';\r\n563 *buf = '\0';\r\n564 buf_len--;\r\n565 }\r\n...\r\n569 if (use_bn) {\r\n570 bndec = BN_bn2dec(bl);\r\n571 if (!bndec)\r\n572 goto err;\r\n573 i = snprintf(buf, buf_len, ".%s", bndec);\r\n574 if (i == -1)\r\n575 goto err;\r\n576 if (i >= buf_len) {\r\n577 buf += buf_len;\r\n578 buf_len = 0;\r\n579 } else {\r\n580 buf += i;\r\n581 buf_len -= i;\r\n582 }\r\n...\r\n584 } else {\r\n585 i = snprintf(buf, buf_len, ".%lu", l);\r\n586 if (i == -1)\r\n587 goto err;\r\n588 if (i >= buf_len) {\r\n589 buf += buf_len;\r\n590 buf_len = 0;\r\n591 } else {\r\n592 buf += i;\r\n593 buf_len -= i;\r\n594 }\r\n...\r\n597 }\r\n598 }\r\n599\r\n600 out:\r\n...\r\n603 return ret;\r\n604\r\n605 err:\r\n606 ret = 0;\r\n607 buf[0] = '\0';\r\n608 goto out;\r\n609 }\r\n\r\nFirst, in order to trigger this off-by-one buffer overflow, buf must be\r\nincreased until it points to the first out-of-bounds character (i.e.,\r\nuntil buf_len becomes zero):\r\n\r\n- on the one hand, this is impossible with the code blocks at lines\r\n 561-564, 579-581, and 591-593;\r\n\r\n- on the other hand, this is very easy with the code blocks at lines\r\n 576-578 and 588-590 (the destination buffer is usually quite small;\r\n for example, it is only 80 bytes long in X509_NAME_oneline()).\r\n\r\nSecond, the code must branch to the err label:\r\n\r\n- the "goto err"s at lines 574-575 and 586-587 are unreachable, because\r\n snprintf() cannot possibly return -1 here;\r\n\r\n- the "goto err" at lines 525-526 is:\r\n\r\n . very easy to reach in LibreSSL <= 2.0.4;\r\n\r\n . impossible to reach in LibreSSL >= 2.0.5, because of the "MSB must\r\n be clear in the last octet" sanity check that was added to\r\n c2i_ASN1_OBJECT():\r\n\r\n286 /*\r\n287 * Sanity check OID encoding:\r\n288 * - need at least one content octet\r\n289 * - MSB must be clear in the last octet\r\n290 * - can't have leading 0x80 in subidentifiers, see: X.690 8.19.2\r\n291 */\r\n292 if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL ||\r\n293 p[len - 1] & 0x80) {\r\n294 ASN1err(ASN1_F_C2I_ASN1_OBJECT, ASN1_R_INVALID_OBJECT_ENCODING);\r\n295 return (NULL);\r\n296 }\r\n\r\n- the remaining "goto err"s are triggered by error conditions in various\r\n BIGNUM functions:\r\n\r\n . either because of a very large BIGNUM (approximately 64 megabytes,\r\n which is impossible in the context of an SSL handshake, where X.509\r\n certificates are limited to 100 kilobytes);\r\n\r\n . or because of an out-of-memory condition (which can be reached\r\n through the memory leak described above).\r\n\r\nThis off-by-one buffer overflow allows remote attackers to cause a\r\ndenial of service (crash) or possibly execute arbitrary code. However,\r\nwhen triggered through X509_NAME_oneline() (and therefore d2i_X509()),\r\nthis buffer overflow is stack-based and probably not exploitable on\r\nOpenBSD x86, where it appears to always smash the stack canary.\r\n\r\n\r\n========================================================================\r\nAcknowledgments\r\n========================================================================\r\n\r\nWe would like to thank the LibreSSL team for their great work and their\r\nincredibly quick response, and Red Hat Product Security for promptly\r\nassigning CVE-IDs to these issues.\r\n\r\n", "published": "2015-10-19T00:00:00", "modified": "2015-10-19T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32559", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2014-3508", "CVE-2015-5334", "CVE-2015-7687", "CVE-2015-5333"], "type": "securityvulns", "lastseen": "2018-08-31T11:11:02", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "e523e5f0862da8effc97eb0d6281d350"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "c82876a51a82857c185b04a1eafe853d"}, {"key": "href", "hash": "9184045798c0d115ffeb528c333a3b4a"}, {"key": "modified", "hash": "9a00910eeedb8c835c4637a953896665"}, {"key": "published", "hash": "9a00910eeedb8c835c4637a953896665"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "fb1cd29533dd27ecc6028d3c09a6ce02"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "5850d22f389c5fcfadb9b3def5a341b1584582ef642653cfe2d3555660291920", "viewCount": 6, "enchantments": {"score": {"value": 7.4, "vector": "NONE", "modified": "2018-08-31T11:11:02"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-7687", "CVE-2014-3508"]}, {"type": "f5", "idList": ["F5:K15571", "SOL15571"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2014-3508"]}, {"type": "freebsd", "idList": ["E75A96DF-73CA-11E5-9B45-B499BAEBFEAF", "EE7BDF7F-11BB-4EEA-B054-C692AB848C20", "8AFF07EB-1DBD-11E4-B6BA-3C970E169BC2"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14732", "SECURITYVULNS:VULN:13908"]}, {"type": "nessus", "idList": ["OPENSUSE-2015-681.NASL", "FREEBSD_PKG_E75A96DF73CA11E59B45B499BAEBFEAF.NASL", "FEDORA_2015-FD133D52CC.NASL", "FEDORA_2015-ED1C673F09.NASL", "FREEBSD_PKG_EE7BDF7F11BB4EEAB054C692AB848C20.NASL", "OPENSUSE-2016-604.NASL", "SOLARIS11_OPENSSL_20141014_2.NASL", "SUSE_11_LIBOPENSSL-DEVEL-140812.NASL", "ORACLELINUX_ELSA-2014-1053.NASL", "DEBIAN_DLA-33.NASL"]}, {"type": "archlinux", "idList": ["ASA-201510-5"]}, {"type": "redhat", "idList": ["RHSA-2014:1053", "RHSA-2014:1052", "RHSA-2014:1054"]}, {"type": "debian", "idList": ["DEBIAN:DLA-33-1:85002", "DEBIAN:DSA-2998-1:7D1C0"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310871226", "OPENVAS:1361412562310881987", "OPENVAS:1361412562310123332", "OPENVAS:1361412562310123331", "OPENVAS:702998", "OPENVAS:1361412562310882005", "OPENVAS:1361412562310123278", "OPENVAS:1361412562310881988", "OPENVAS:1361412562310120249", "OPENVAS:1361412562310841924"]}, {"type": "centos", "idList": ["CESA-2014:1053", "CESA-2014:1052"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-1053", "ELSA-2014-1653", "ELSA-2014-1052", "ELSA-2014-1652"]}, {"type": "kaspersky", "idList": ["KLA10343"]}, {"type": "aix", "idList": ["OPENSSL_ADVISORY10.ASC"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20141008-OPENSSL"]}, {"type": "ubuntu", "idList": ["USN-2308-1"]}, {"type": "slackware", "idList": ["SSA-2014-220-01"]}, {"type": "amazon", "idList": ["ALAS-2014-391"]}, {"type": "suse", "idList": ["SUSE-SU-2015:0578-1"]}], "modified": "2018-08-31T11:11:02"}, "vulnersScore": 7.4}, "objectVersion": "1.3", "affectedSoftware": []}
{"cve": [{"lastseen": "2019-05-29T18:14:44", "bulletinFamily": "NVD", "description": "Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving req_ca_vrfy_smtp and req_ca_vrfy_mta.", "modified": "2017-11-01T11:50:00", "id": "CVE-2015-7687", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7687", "published": "2017-10-16T18:29:00", "title": "CVE-2015-7687", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:13:45", "bulletinFamily": "NVD", "description": "The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\\0' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions.", "modified": "2017-11-15T02:29:00", "id": "CVE-2014-3508", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3508", "published": "2014-08-13T23:55:00", "title": "CVE-2014-3508", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "f5": [{"lastseen": "2017-10-12T02:11:19", "bulletinFamily": "software", "description": "Description \n\n\nThe OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\\0' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions. ([CVE-2014-3508](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508>)) \n\n\nImpact \n\n\nApplications may be affected if they use pretty printing to echo output to the attacker. OpenSSL SSL/TLS clients and servers themselves are not affected. \n\n\nStatus\n\nF5 Product Development has assigned ID 474757 (LineRate) and ID 410742 (ARX) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM | None \n| 11.0.0 - 11.6.0 \n10.0.0 - 10.2.4 \n| None \nBIG-IP AAM | None | 11.4.0 - 11.6.0 | None \nBIG-IP AFM | None | 11.3.0 - 11.6.0 | None \nBIG-IP Analytics | None | 11.0.0 - 11.6.0 | None \nBIG-IP APM | None | 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 | None \nBIG-IP ASM | None | 11.0.0 - 11.6.0 \n10.0.0 - 10.2.4 | None \nBIG-IP Edge Gateway \n| None | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | None \nBIG-IP GTM | None | 11.0.0 - 11.6.0 \n10.0.0 - 10.2.4 | None \nBIG-IP Link Controller | None \n| 11.0.0 - 11.6.0 \n10.0.0 - 10.2.4 \n| None \nBIG-IP PEM | None \n| 11.3.0 - 11.6.0 \n| None \nBIG-IP PSM | None | 11.0.0 - 11.4.1 \n10.0.0 - 10.2.4 | None \nBIG-IP WebAccelerator | None | 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4 | None \nBIG-IP WOM | None | 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4 | None \nARX | 6.0.0 - 6.4.0 | None \n| Configuration utility \n \nEnterprise Manager | None | 3.0.0 - 3.1.1 \n2.1.0 - 2.3.0 | None \nFirePass | None | 7.0.0 \n6.0.0 - 6.1.0 | None \nBIG-IQ Cloud | None \n| 4.0.0 - 4.5.0 \n| None \nBIG-IQ Device | None \n| 4.2.0 - 4.5.0 \n| None \nBIG-IQ Security | None \n| 4.0.0 - 4.5.0 \n| None \nBIG-IQ ADC | None | 4.5.0 | None \nLineRate | 2.4.0 \n2.3.0 - 2.3.1 \n2.2.0 - 2.2.4 | 2.4.1 \n2.3.2 \n2.2.5 | Command-line interface \nBIG-IP Edge Clients for Android | None \n| 2.0.0 - 2.0.5 | None \n \nBIG-IP Edge Clients for Apple iOS | None \n| 2.0.0 - 2.0.2 \n1.0.5 - 1.0.6 | None \nBIG-IP Edge Clients for Linux | None \n| 6035.* - 7110.* | None \n \nBIG-IP Edge Clients for MAC OS X | None \n| 6035.* - 7110.* \n| None \nBIG-IP Edge Clients for Windows | None | 6035.* - 7110.* \n| None \n \nBIG-IP Edge Portal for Android | None | 1.0.0 - 1.0.2 | None \nBIG-IP Edge Portal for Apple iOS | None | 1.0.0 - 1.0.3 | None \n \nRecommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 is responding to this vulnerability as determined by the parameters defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nSupplemental Information\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)[](<https://support.f5.com/csp/article/K4918>)\n", "modified": "2016-01-09T02:20:00", "published": "2014-09-06T02:46:00", "href": "https://support.f5.com/csp/article/K15571", "id": "F5:K15571", "title": "OpenSSL vulnerability CVE-2014-3508", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2016-09-26T17:22:55", "bulletinFamily": "software", "description": "Recommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 is responding to this vulnerability as determined by the parameters defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2014-09-05T00:00:00", "published": "2014-09-05T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15571.html", "id": "SOL15571", "title": "SOL15571 - OpenSSL vulnerability CVE-2014-3508", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "openssl": [{"lastseen": "2016-09-26T17:22:34", "bulletinFamily": "software", "description": "A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex, to leak some information from the stack. Applications may be affected if they echo pretty printing output to the attacker. OpenSSL SSL/TLS clients and servers themselves are not affected. Reported by Ivan Fratric (Google).", "modified": "2014-08-06T00:00:00", "published": "2014-08-06T00:00:00", "id": "OPENSSL:CVE-2014-3508", "href": "https://www.openssl.org/news/vulnerabilities.html", "type": "openssl", "title": "Vulnerability in OpenSSL (CVE-2014-3508)", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "nessus": [{"lastseen": "2019-02-21T01:25:18", "bulletinFamily": "scanner", "description": "libressl was updated to fix two security issues.\n\nThese security issues were fixed :\n\n - CVE-2015-5333: Memory leak when decoding X.509 certificates (boo#950707)\n\n - CVE-2015-5334: Buffer overflow when decoding X.509 certificates (boo#950708)", "modified": "2015-11-20T00:00:00", "id": "OPENSUSE-2015-681.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=86622", "published": "2015-10-28T00:00:00", "title": "openSUSE Security Update : libressl (openSUSE-2015-681)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-681.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86622);\n script_version(\"$Revision: 2.2 $\");\n script_cvs_date(\"$Date: 2015/11/20 15:06:53 $\");\n\n script_cve_id(\"CVE-2015-5333\", \"CVE-2015-5334\");\n\n script_name(english:\"openSUSE Security Update : libressl (openSUSE-2015-681)\");\n script_summary(english:\"Check for the openSUSE-2015-681 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"libressl was updated to fix two security issues.\n\nThese security issues were fixed :\n\n - CVE-2015-5333: Memory leak when decoding X.509\n certificates (boo#950707)\n\n - CVE-2015-5334: Buffer overflow when decoding X.509\n certificates (boo#950708)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=950707\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=950708\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libressl packages.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"Medium\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcrypto34\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcrypto34-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcrypto34-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcrypto34-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcrypto36\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcrypto36-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcrypto36-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcrypto36-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libressl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libressl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libressl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libressl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libressl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libssl33\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libssl33-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libssl33-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libssl33-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libssl37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libssl37-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libssl37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libssl37-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtls4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtls4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtls4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtls4-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtls9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtls9-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtls9-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtls9-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2|SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2 / 42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libcrypto34-2.2.1-2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libcrypto34-debuginfo-2.2.1-2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libressl-2.2.1-2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libressl-debuginfo-2.2.1-2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libressl-debugsource-2.2.1-2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libressl-devel-2.2.1-2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libssl33-2.2.1-2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libssl33-debuginfo-2.2.1-2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libtls4-2.2.1-2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libtls4-debuginfo-2.2.1-2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libcrypto34-32bit-2.2.1-2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libcrypto34-debuginfo-32bit-2.2.1-2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libressl-devel-32bit-2.2.1-2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libssl33-32bit-2.2.1-2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libssl33-debuginfo-32bit-2.2.1-2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libtls4-32bit-2.2.1-2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libtls4-debuginfo-32bit-2.2.1-2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libcrypto36-2.3.0-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libcrypto36-debuginfo-2.3.0-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libressl-2.3.0-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libressl-debuginfo-2.3.0-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libressl-debugsource-2.3.0-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libressl-devel-2.3.0-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libssl37-2.3.0-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libssl37-debuginfo-2.3.0-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libtls9-2.3.0-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libtls9-debuginfo-2.3.0-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libcrypto36-32bit-2.3.0-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libcrypto36-debuginfo-32bit-2.3.0-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libressl-devel-32bit-2.3.0-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libssl37-32bit-2.3.0-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libssl37-debuginfo-32bit-2.3.0-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libtls9-32bit-2.3.0-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libtls9-debuginfo-32bit-2.3.0-3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libcrypto34 / libcrypto34-32bit / libcrypto34-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-02-21T01:25:13", "bulletinFamily": "scanner", "description": "Qualys reports :\n\nDuring the code review of OpenSMTPD a memory leak and buffer overflow (an off-by-one, usually stack-based) were discovered in LibreSSL's OBJ_obj2txt() function. This function is called automatically during a TLS handshake (both client-side, unless an anonymous mode is used, and server-side, if client authentication is requested).", "modified": "2018-11-23T00:00:00", "id": "FREEBSD_PKG_E75A96DF73CA11E59B45B499BAEBFEAF.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=86434", "published": "2015-10-19T00:00:00", "title": "FreeBSD : LibreSSL -- Memory leak and buffer overflow (e75a96df-73ca-11e5-9b45-b499baebfeaf)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86434);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2018/11/23 12:49:57\");\n\n script_cve_id(\"CVE-2015-5333\", \"CVE-2015-5334\");\n\n script_name(english:\"FreeBSD : LibreSSL -- Memory leak and buffer overflow (e75a96df-73ca-11e5-9b45-b499baebfeaf)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Qualys reports :\n\nDuring the code review of OpenSMTPD a memory leak and buffer overflow\n(an off-by-one, usually stack-based) were discovered in LibreSSL's\nOBJ_obj2txt() function. This function is called automatically during a\nTLS handshake (both client-side, unless an anonymous mode is used, and\nserver-side, if client authentication is requested).\"\n );\n # http://marc.info/?l=openbsd-announce&m=144495690528446\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://marc.info/?l=openbsd-announce&m=144495690528446\"\n );\n # https://vuxml.freebsd.org/freebsd/e75a96df-73ca-11e5-9b45-b499baebfeaf.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c110994e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libressl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"libressl<2.2.4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-02-21T01:26:16", "bulletinFamily": "scanner", "description": "Issues fixed in this release (since 5.7.2): - fix an mda buffer truncation bug which allows a user to create forward files that pass session checks but fail delivery later down the chain, within the user mda; - fix remote buffer overflow in unprivileged pony process; - reworked offline enqueue to better protect against hardlink attacks.\n---- Several vulnerabilities have been fixed in OpenSMTPD 5.7.2: - an oversight in the portable version of fgetln() that allows attackers to read and write out-of-bounds memory; - multiple denial-of- service vulnerabilities that allow local users to kill or hang OpenSMTPD; - a stack-based buffer overflow that allows local users to crash OpenSMTPD, or execute arbitrary code as the non-chrooted _smtpd user;\n- a hardlink attack (or race-conditioned symlink attack) that allows local users to unset the chflags() of arbitrary files; - a hardlink attack that allows local users to read the first line of arbitrary files (for example, root's hash from /etc/master.passwd); - a denial-of-service vulnerability that allows remote attackers to fill OpenSMTPD's queue or mailbox hard-disk partition; - an out- of-bounds memory read that allows remote attackers to crash OpenSMTPD, or leak information and defeat the ASLR protection; - a use-after-free vulnerability that allows remote attackers to crash OpenSMTPD, or execute arbitrary code as the non-chrooted _smtpd user; Further details can be found in Qualys' audit report:\nhttp://seclists.org/oss-sec/2015/q4/17 MITRE has assigned one CVE for the use-after-free vulnerability; additional CVEs may be assigned:\nhttp://seclists.org/oss-sec/2015/q4/23 External References:\nhttps://www.opensmtpd.org/announces/release-5.7.2.txt http://seclists.org/oss- sec/2015/q4/17\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-20T00:00:00", "id": "FEDORA_2015-ED1C673F09.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=89451", "published": "2016-03-04T00:00:00", "title": "Fedora 23 : opensmtpd-5.7.3p1-1.fc23 (2015-ed1c673f09)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-ed1c673f09.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(89451);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/11/20 11:04:17\");\n\n script_cve_id(\"CVE-2015-7687\");\n script_xref(name:\"FEDORA\", value:\"2015-ed1c673f09\");\n\n script_name(english:\"Fedora 23 : opensmtpd-5.7.3p1-1.fc23 (2015-ed1c673f09)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Issues fixed in this release (since 5.7.2): - fix an mda buffer\ntruncation bug which allows a user to create forward files that pass\nsession checks but fail delivery later down the chain, within the user\nmda; - fix remote buffer overflow in unprivileged pony process; -\nreworked offline enqueue to better protect against hardlink attacks.\n---- Several vulnerabilities have been fixed in OpenSMTPD 5.7.2: - an\noversight in the portable version of fgetln() that allows attackers to\nread and write out-of-bounds memory; - multiple denial-of- service\nvulnerabilities that allow local users to kill or hang OpenSMTPD; - a\nstack-based buffer overflow that allows local users to crash\nOpenSMTPD, or execute arbitrary code as the non-chrooted _smtpd user;\n- a hardlink attack (or race-conditioned symlink attack) that allows\nlocal users to unset the chflags() of arbitrary files; - a hardlink\nattack that allows local users to read the first line of arbitrary\nfiles (for example, root's hash from /etc/master.passwd); - a\ndenial-of-service vulnerability that allows remote attackers to fill\nOpenSMTPD's queue or mailbox hard-disk partition; - an out- of-bounds\nmemory read that allows remote attackers to crash OpenSMTPD, or leak\ninformation and defeat the ASLR protection; - a use-after-free\nvulnerability that allows remote attackers to crash OpenSMTPD, or\nexecute arbitrary code as the non-chrooted _smtpd user; Further\ndetails can be found in Qualys' audit report:\nhttp://seclists.org/oss-sec/2015/q4/17 MITRE has assigned one CVE for\nthe use-after-free vulnerability; additional CVEs may be assigned:\nhttp://seclists.org/oss-sec/2015/q4/23 External References:\nhttps://www.opensmtpd.org/announces/release-5.7.2.txt\nhttp://seclists.org/oss- sec/2015/q4/17\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://seclists.org/oss-\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://seclists.org/oss-\"\n );\n # http://seclists.org/oss-sec/2015/q4/17\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://seclists.org/oss-sec/2015/q4/17\"\n );\n # http://seclists.org/oss-sec/2015/q4/23\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://seclists.org/oss-sec/2015/q4/23\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1268509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1268794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1268837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1268857\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-November/170448.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2ffa2c51\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.opensmtpd.org/announces/release-5.7.2.txt\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected opensmtpd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:opensmtpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"opensmtpd-5.7.3p1-1.fc23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"opensmtpd\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:26:16", "bulletinFamily": "scanner", "description": "Issues fixed in this release (since 5.7.2): - fix an mda buffer truncation bug which allows a user to create forward files that pass session checks but fail delivery later down the chain, within the user mda; - fix remote buffer overflow in unprivileged pony process; - reworked offline enqueue to better protect against hardlink attacks.\n---- Several vulnerabilities have been fixed in OpenSMTPD 5.7.2: - an oversight in the portable version of fgetln() that allows attackers to read and write out-of-bounds memory; - multiple denial-of- service vulnerabilities that allow local users to kill or hang OpenSMTPD; - a stack-based buffer overflow that allows local users to crash OpenSMTPD, or execute arbitrary code as the non-chrooted _smtpd user;\n- a hardlink attack (or race-conditioned symlink attack) that allows local users to unset the chflags() of arbitrary files; - a hardlink attack that allows local users to read the first line of arbitrary files (for example, root's hash from /etc/master.passwd); - a denial-of-service vulnerability that allows remote attackers to fill OpenSMTPD's queue or mailbox hard-disk partition; - an out- of-bounds memory read that allows remote attackers to crash OpenSMTPD, or leak information and defeat the ASLR protection; - a use-after-free vulnerability that allows remote attackers to crash OpenSMTPD, or execute arbitrary code as the non-chrooted _smtpd user; Further details can be found in Qualys' audit report:\nhttp://seclists.org/oss-sec/2015/q4/17 MITRE has assigned one CVE for the use-after-free vulnerability; additional CVEs may be assigned:\nhttp://seclists.org/oss-sec/2015/q4/23 External References:\nhttps://www.opensmtpd.org/announces/release-5.7.2.txt http://seclists.org/oss- sec/2015/q4/17\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-20T00:00:00", "id": "FEDORA_2015-FD133D52CC.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=89469", "published": "2016-03-04T00:00:00", "title": "Fedora 22 : opensmtpd-5.7.3p1-1.fc22 (2015-fd133d52cc)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-fd133d52cc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(89469);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/11/20 11:04:17\");\n\n script_cve_id(\"CVE-2015-7687\");\n script_xref(name:\"FEDORA\", value:\"2015-fd133d52cc\");\n\n script_name(english:\"Fedora 22 : opensmtpd-5.7.3p1-1.fc22 (2015-fd133d52cc)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Issues fixed in this release (since 5.7.2): - fix an mda buffer\ntruncation bug which allows a user to create forward files that pass\nsession checks but fail delivery later down the chain, within the user\nmda; - fix remote buffer overflow in unprivileged pony process; -\nreworked offline enqueue to better protect against hardlink attacks.\n---- Several vulnerabilities have been fixed in OpenSMTPD 5.7.2: - an\noversight in the portable version of fgetln() that allows attackers to\nread and write out-of-bounds memory; - multiple denial-of- service\nvulnerabilities that allow local users to kill or hang OpenSMTPD; - a\nstack-based buffer overflow that allows local users to crash\nOpenSMTPD, or execute arbitrary code as the non-chrooted _smtpd user;\n- a hardlink attack (or race-conditioned symlink attack) that allows\nlocal users to unset the chflags() of arbitrary files; - a hardlink\nattack that allows local users to read the first line of arbitrary\nfiles (for example, root's hash from /etc/master.passwd); - a\ndenial-of-service vulnerability that allows remote attackers to fill\nOpenSMTPD's queue or mailbox hard-disk partition; - an out- of-bounds\nmemory read that allows remote attackers to crash OpenSMTPD, or leak\ninformation and defeat the ASLR protection; - a use-after-free\nvulnerability that allows remote attackers to crash OpenSMTPD, or\nexecute arbitrary code as the non-chrooted _smtpd user; Further\ndetails can be found in Qualys' audit report:\nhttp://seclists.org/oss-sec/2015/q4/17 MITRE has assigned one CVE for\nthe use-after-free vulnerability; additional CVEs may be assigned:\nhttp://seclists.org/oss-sec/2015/q4/23 External References:\nhttps://www.opensmtpd.org/announces/release-5.7.2.txt\nhttp://seclists.org/oss- sec/2015/q4/17\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://seclists.org/oss-\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://seclists.org/oss-\"\n );\n # http://seclists.org/oss-sec/2015/q4/17\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://seclists.org/oss-sec/2015/q4/17\"\n );\n # http://seclists.org/oss-sec/2015/q4/23\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://seclists.org/oss-sec/2015/q4/23\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1268509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1268794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1268837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1268857\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-October/169600.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?652a6f03\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.opensmtpd.org/announces/release-5.7.2.txt\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected opensmtpd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:opensmtpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"opensmtpd-5.7.3p1-1.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"opensmtpd\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:25:09", "bulletinFamily": "scanner", "description": "OpenSMTPD developers report :\n\nan oversight in the portable version of fgetln() that allows attackers to read and write out-of-bounds memory\n\nmultiple denial-of-service vulnerabilities that allow local users to kill or hang OpenSMTPD\n\na stack-based buffer overflow that allows local users to crash OpenSMTPD, or execute arbitrary code as the non-chrooted _smtpd user\n\na hardlink attack (or race-conditioned symlink attack) that allows local users to unset the chflags() of arbitrary files\n\na hardlink attack that allows local users to read the first line of arbitrary files (for example, root's hash from /etc/master.passwd)\n\na denial-of-service vulnerability that allows remote attackers to fill OpenSMTPD's queue or mailbox hard-disk partition\n\nan out-of-bounds memory read that allows remote attackers to crash OpenSMTPD, or leak information and defeat the ASLR protection\n\na use-after-free vulnerability that allows remote attackers to crash OpenSMTPD, or execute arbitrary code as the non-chrooted _smtpd user", "modified": "2018-11-10T00:00:00", "id": "FREEBSD_PKG_EE7BDF7F11BB4EEAB054C692AB848C20.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=86268", "published": "2015-10-05T00:00:00", "title": "FreeBSD : OpenSMTPD -- multiple vulnerabilities (ee7bdf7f-11bb-4eea-b054-c692ab848c20)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86268);\n script_version(\"2.5\");\n script_cvs_date(\"Date: 2018/11/10 11:49:44\");\n\n script_cve_id(\"CVE-2015-7687\");\n\n script_name(english:\"FreeBSD : OpenSMTPD -- multiple vulnerabilities (ee7bdf7f-11bb-4eea-b054-c692ab848c20)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"OpenSMTPD developers report :\n\nan oversight in the portable version of fgetln() that allows attackers\nto read and write out-of-bounds memory\n\nmultiple denial-of-service vulnerabilities that allow local users to\nkill or hang OpenSMTPD\n\na stack-based buffer overflow that allows local users to crash\nOpenSMTPD, or execute arbitrary code as the non-chrooted _smtpd user\n\na hardlink attack (or race-conditioned symlink attack) that allows\nlocal users to unset the chflags() of arbitrary files\n\na hardlink attack that allows local users to read the first line of\narbitrary files (for example, root's hash from /etc/master.passwd)\n\na denial-of-service vulnerability that allows remote attackers to fill\nOpenSMTPD's queue or mailbox hard-disk partition\n\nan out-of-bounds memory read that allows remote attackers to crash\nOpenSMTPD, or leak information and defeat the ASLR protection\n\na use-after-free vulnerability that allows remote attackers to crash\nOpenSMTPD, or execute arbitrary code as the non-chrooted _smtpd user\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.opensmtpd.org/announces/release-5.7.2.txt\"\n );\n # https://vuxml.freebsd.org/freebsd/ee7bdf7f-11bb-4eea-b054-c692ab848c20.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cb4657a7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:opensmtpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"opensmtpd<5.7.2,1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:27:01", "bulletinFamily": "scanner", "description": "This libressl update to version 2.2.7 fixes the following issues :\n\nSecurity issues fixed :\n\n - Fix multiple vulnerabilities in libcrypto relating to ASN.1 and encoding. [boo#978492, boo#977584]\n\n - CVE-2015-3194: Certificate verify crash with missing PSS parameter (boo#957815)\n\n - CVE-2015-3195: X509_ATTRIBUTE memory leak (boo#957812)\n\n - CVE-2015-5333: Memory Leak (boo#950707)\n\n - CVE-2015-5334: Buffer Overflow (boo#950708)", "modified": "2016-10-13T00:00:00", "id": "OPENSUSE-2016-604.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=91274", "published": "2016-05-20T00:00:00", "title": "openSUSE Security Update : libressl (openSUSE-2016-604)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-604.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91274);\n script_version(\"$Revision: 2.2 $\");\n script_cvs_date(\"$Date: 2016/10/13 14:37:11 $\");\n\n script_cve_id(\"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-5333\", \"CVE-2015-5334\");\n\n script_name(english:\"openSUSE Security Update : libressl (openSUSE-2016-604)\");\n script_summary(english:\"Check for the openSUSE-2016-604 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This libressl update to version 2.2.7 fixes the following issues :\n\nSecurity issues fixed :\n\n - Fix multiple vulnerabilities in libcrypto relating to\n ASN.1 and encoding. [boo#978492, boo#977584]\n\n - CVE-2015-3194: Certificate verify crash with missing PSS\n parameter (boo#957815)\n\n - CVE-2015-3195: X509_ATTRIBUTE memory leak (boo#957812)\n\n - CVE-2015-5333: Memory Leak (boo#950707)\n\n - CVE-2015-5334: Buffer Overflow (boo#950708)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=950707\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=950708\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=957812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=957815\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=977584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=978492\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libressl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcrypto34\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcrypto34-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcrypto34-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcrypto34-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libressl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libressl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libressl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libressl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libressl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libssl33\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libssl33-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libssl33-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libssl33-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtls4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtls4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtls4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtls4-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libcrypto34-2.2.7-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libcrypto34-debuginfo-2.2.7-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libressl-2.2.7-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libressl-debuginfo-2.2.7-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libressl-debugsource-2.2.7-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libressl-devel-2.2.7-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libssl33-2.2.7-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libssl33-debuginfo-2.2.7-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libtls4-2.2.7-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libtls4-debuginfo-2.2.7-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libcrypto34-32bit-2.2.7-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libcrypto34-debuginfo-32bit-2.2.7-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libressl-devel-32bit-2.2.7-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libssl33-32bit-2.2.7-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libssl33-debuginfo-32bit-2.2.7-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libtls4-32bit-2.2.7-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libtls4-debuginfo-32bit-2.2.7-2.13.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libcrypto34 / libcrypto34-32bit / libcrypto34-debuginfo / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:23:16", "bulletinFamily": "scanner", "description": "The remote Solaris system is missing necessary patches to address security updates :\n\n - The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\\0' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions. (CVE-2014-3508)\n\n - The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both support later TLS versions, related to a 'protocol downgrade' issue.\n (CVE-2014-3511)", "modified": "2018-11-15T00:00:00", "id": "SOLARIS11_OPENSSL_20141014_2.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80724", "published": "2015-01-19T00:00:00", "title": "Oracle Solaris Third-Party Patch Update : openssl (cve_2014_3508_information_disclosure)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80724);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/11/15 20:50:25\");\n\n script_cve_id(\"CVE-2014-3508\", \"CVE-2014-3511\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : openssl (cve_2014_3508_information_disclosure)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - The OBJ_obj2txt function in crypto/objects/obj_dat.c in\n OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and\n 1.0.1 before 1.0.1i, when pretty printing is used, does\n not ensure the presence of '\\0' characters, which allows\n context-dependent attackers to obtain sensitive\n information from process stack memory by reading output\n from X509_name_oneline, X509_name_print_ex, and\n unspecified other functions. (CVE-2014-3508)\n\n - The ssl23_get_client_hello function in s23_srvr.c in\n OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle\n attackers to force the use of TLS 1.0 by triggering\n ClientHello message fragmentation in communication\n between a client and server that both support later TLS\n versions, related to a 'protocol downgrade' issue.\n (CVE-2014-3511)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n # https://blogs.oracle.com/sunsecurity/cve-2014-3508-information-disclosure-vulnerability-in-openssl\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7fe0d4ea\"\n );\n # https://blogs.oracle.com/sunsecurity/cve-2014-3511-cryptographic-vulnerability-in-openssl\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cbc003eb\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11.2.2.5.0.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:openssl\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^openssl$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.2.2.0.5.0\", sru:\"SRU 11.2.2.5.0\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : openssl\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_warning(port:0, extra:error_extra);\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"openssl\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:22:17", "bulletinFamily": "scanner", "description": "Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library.\n\nIt was discovered that the OBJ_obj2txt() function could fail to properly NUL-terminate its output. This could possibly cause an application using OpenSSL functions to format fields of X.509 certificates to disclose portions of its memory. (CVE-2014-3508)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS packets. A remote attacker could use these flaws to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory. (CVE-2014-0221, CVE-2014-3505, CVE-2014-3506)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a handshake when using the anonymous Diffie-Hellman (DH) key exchange.\nA malicious server could cause a DTLS client using OpenSSL to crash if that client had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2014-0221. Upstream acknowledges Imre Rad of Search-Lab as the original reporter of this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.", "modified": "2018-11-10T00:00:00", "id": "REDHAT-RHSA-2014-1053.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=77195", "published": "2014-08-14T00:00:00", "title": "RHEL 5 : openssl (RHSA-2014:1053)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1053. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77195);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/11/10 11:49:53\");\n\n script_cve_id(\"CVE-2014-0221\", \"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3508\", \"CVE-2014-3510\");\n script_xref(name:\"RHSA\", value:\"2014:1053\");\n\n script_name(english:\"RHEL 5 : openssl (RHSA-2014:1053)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose\ncryptography library.\n\nIt was discovered that the OBJ_obj2txt() function could fail to\nproperly NUL-terminate its output. This could possibly cause an\napplication using OpenSSL functions to format fields of X.509\ncertificates to disclose portions of its memory. (CVE-2014-3508)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS\npackets. A remote attacker could use these flaws to cause a DTLS\nserver or client using OpenSSL to crash or use excessive amounts of\nmemory. (CVE-2014-0221, CVE-2014-3505, CVE-2014-3506)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed\na handshake when using the anonymous Diffie-Hellman (DH) key exchange.\nA malicious server could cause a DTLS client using OpenSSL to crash if\nthat client had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2014-0221. Upstream acknowledges Imre Rad of Search-Lab as the\noriginal reporter of this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. For the\nupdate to take effect, all services linked to the OpenSSL library\n(such as httpd and other SSL-enabled services) must be restarted or\nthe system rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20140605.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20140806.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:1053\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0221\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3506\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3508\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3505\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:1053\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"openssl-0.9.8e-27.el5_10.4\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"openssl-debuginfo-0.9.8e-27.el5_10.4\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"openssl-devel-0.9.8e-27.el5_10.4\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"openssl-perl-0.9.8e-27.el5_10.4\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"openssl-perl-0.9.8e-27.el5_10.4\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"openssl-perl-0.9.8e-27.el5_10.4\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:22:15", "bulletinFamily": "scanner", "description": "According to its banner, the remote web server uses a version of OpenSSL 0.9.8 prior to 0.9.8zb. The OpenSSL library is, therefore, affected by the following vulnerabilities :\n\n - A memory double-free error exists related to handling DTLS packets that allows denial of service attacks.\n (CVE-2014-3505)\n\n - An unspecified error exists related to handling DTLS handshake messages that allows denial of service attacks due to large amounts of memory being consumed.\n (CVE-2014-3506)\n\n - A memory leak error exists related to handling specially crafted DTLS packets that allows denial of service attacks. (CVE-2014-3507)\n\n - An error exists related to 'OBJ_obj2txt' and the pretty printing 'X509_name_*' functions which leak stack data, resulting in an information disclosure. (CVE-2014-3508)\n\n - A NULL pointer dereference error exists related to handling anonymous ECDH cipher suites and crafted handshake messages that allow denial of service attacks against clients. (CVE-2014-3510)", "modified": "2018-07-16T00:00:00", "id": "OPENSSL_0_9_8ZB.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=77086", "published": "2014-08-08T00:00:00", "title": "OpenSSL 0.9.8 < 0.9.8zb Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77086);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/07/16 14:09:14\");\n\n script_cve_id(\n \"CVE-2014-3505\",\n \"CVE-2014-3506\",\n \"CVE-2014-3507\",\n \"CVE-2014-3508\",\n \"CVE-2014-3510\"\n );\n script_bugtraq_id(\n 69075,\n 69076,\n 69078,\n 69081,\n 69082\n );\n\n script_name(english:\"OpenSSL 0.9.8 < 0.9.8zb Multiple Vulnerabilities\");\n script_summary(english:\"Performs a banner check.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote service is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote web server uses a version of\nOpenSSL 0.9.8 prior to 0.9.8zb. The OpenSSL library is, therefore,\naffected by the following vulnerabilities :\n\n - A memory double-free error exists related to handling\n DTLS packets that allows denial of service attacks.\n (CVE-2014-3505)\n\n - An unspecified error exists related to handling DTLS\n handshake messages that allows denial of service attacks\n due to large amounts of memory being consumed.\n (CVE-2014-3506)\n\n - A memory leak error exists related to handling\n specially crafted DTLS packets that allows denial of\n service attacks. (CVE-2014-3507)\n\n - An error exists related to 'OBJ_obj2txt' and the pretty\n printing 'X509_name_*' functions which leak stack data,\n resulting in an information disclosure. (CVE-2014-3508)\n\n - A NULL pointer dereference error exists related to\n handling anonymous ECDH cipher suites and crafted\n handshake messages that allow denial of service attacks\n against clients. (CVE-2014-3510)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/openssl-0.9.8-notes.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140806.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/vulnerabilities.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to OpenSSL 0.9.8zb or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:'0.9.8zb', min:\"0.9.8\", severity:SECURITY_HOLE);\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:22:17", "bulletinFamily": "scanner", "description": "Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library.\n\nIt was discovered that the OBJ_obj2txt() function could fail to properly NUL-terminate its output. This could possibly cause an application using OpenSSL functions to format fields of X.509 certificates to disclose portions of its memory. (CVE-2014-3508)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS packets. A remote attacker could use these flaws to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory. (CVE-2014-0221, CVE-2014-3505, CVE-2014-3506)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a handshake when using the anonymous Diffie-Hellman (DH) key exchange.\nA malicious server could cause a DTLS client using OpenSSL to crash if that client had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2014-0221. Upstream acknowledges Imre Rad of Search-Lab as the original reporter of this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2014-1053.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=77188", "published": "2014-08-14T00:00:00", "title": "CentOS 5 : openssl (CESA-2014:1053)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1053 and \n# CentOS Errata and Security Advisory 2014:1053 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77188);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/11/10 11:49:31\");\n\n script_cve_id(\"CVE-2014-0221\", \"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3508\", \"CVE-2014-3510\");\n script_bugtraq_id(67899, 67901, 69075, 69076, 69081, 69082);\n script_xref(name:\"RHSA\", value:\"2014:1053\");\n\n script_name(english:\"CentOS 5 : openssl (CESA-2014:1053)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose\ncryptography library.\n\nIt was discovered that the OBJ_obj2txt() function could fail to\nproperly NUL-terminate its output. This could possibly cause an\napplication using OpenSSL functions to format fields of X.509\ncertificates to disclose portions of its memory. (CVE-2014-3508)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS\npackets. A remote attacker could use these flaws to cause a DTLS\nserver or client using OpenSSL to crash or use excessive amounts of\nmemory. (CVE-2014-0221, CVE-2014-3505, CVE-2014-3506)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed\na handshake when using the anonymous Diffie-Hellman (DH) key exchange.\nA malicious server could cause a DTLS client using OpenSSL to crash if\nthat client had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2014-0221. Upstream acknowledges Imre Rad of Search-Lab as the\noriginal reporter of this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. For the\nupdate to take effect, all services linked to the OpenSSL library\n(such as httpd and other SSL-enabled services) must be restarted or\nthe system rebooted.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-August/020487.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a4a7f3d9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"openssl-0.9.8e-27.el5_10.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openssl-devel-0.9.8e-27.el5_10.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openssl-perl-0.9.8e-27.el5_10.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2016-09-26T17:24:14", "bulletinFamily": "unix", "description": "\nQualys reports:\n\nDuring the code review of OpenSMTPD a memory leak and buffer overflow\n\t (an off-by-one, usually stack-based) were discovered in LibreSSL's\n\t OBJ_obj2txt() function. This function is called automatically during\n\t a TLS handshake (both client-side, unless an anonymous mode is used,\n\t and server-side, if client authentication is requested).\n\n", "modified": "2015-10-26T00:00:00", "published": "2015-10-15T00:00:00", "href": "https://vuxml.freebsd.org/freebsd/e75a96df-73ca-11e5-9b45-b499baebfeaf.html", "id": "E75A96DF-73CA-11E5-9B45-B499BAEBFEAF", "title": "LibreSSL -- Memory leak and buffer overflow", "type": "freebsd", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-05-29T18:33:02", "bulletinFamily": "unix", "description": "\nOpenSMTPD developers report:\n\nan oversight in the portable version of fgetln() that allows\n\t attackers to read and write out-of-bounds memory\nmultiple denial-of-service vulnerabilities that allow local users\n\t to kill or hang OpenSMTPD\na stack-based buffer overflow that allows local users to crash\n\t OpenSMTPD, or execute arbitrary code as the non-chrooted _smtpd\n\t user\na hardlink attack (or race-conditioned symlink attack) that allows\n\t local users to unset the chflags() of arbitrary files\na hardlink attack that allows local users to read the first line of\n\t arbitrary files (for example, root's hash from /etc/master.passwd)\n\t \na denial-of-service vulnerability that allows remote attackers to\n\t fill OpenSMTPD's queue or mailbox hard-disk partition\nan out-of-bounds memory read that allows remote attackers to crash\n\t OpenSMTPD, or leak information and defeat the ASLR protection\na use-after-free vulnerability that allows remote attackers to\n\t crash OpenSMTPD, or execute arbitrary code as the non-chrooted\n\t _smtpd user\n\n", "modified": "2015-10-06T00:00:00", "published": "2015-10-02T00:00:00", "id": "EE7BDF7F-11BB-4EEA-B054-C692AB848C20", "href": "https://vuxml.freebsd.org/freebsd/ee7bdf7f-11bb-4eea-b054-c692ab848c20.html", "title": "OpenSMTPD -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:25", "bulletinFamily": "unix", "description": "\nThe OpenSSL Project reports:\n\nA flaw in OBJ_obj2txt may cause pretty printing functions\n\t such as X509_name_oneline, X509_name_print_ex et al. to leak\n\t some information from the stack. [CVE-2014-3508]\nThe issue affects OpenSSL clients and allows a malicious\n\t server to crash the client with a null pointer dereference\n\t (read) by specifying an SRP ciphersuite even though it was\n\t not properly negotiated with the client. [CVE-2014-5139]\nIf a multithreaded client connects to a malicious server\n\t using a resumed session and the server sends an ec point\n\t format extension it could write up to 255 bytes to freed\n\t memory. [CVE-2014-3509]\nAn attacker can force an error condition which causes\n\t openssl to crash whilst processing DTLS packets due to\n\t memory being freed twice. This can be exploited through\n\t a Denial of Service attack. [CVE-2014-3505]\nAn attacker can force openssl to consume large amounts\n\t of memory whilst processing DTLS handshake messages.\n\t This can be exploited through a Denial of Service\n\t attack. [CVE-2014-3506]\nBy sending carefully crafted DTLS packets an attacker\n\t could cause openssl to leak memory. This can be exploited\n\t through a Denial of Service attack. [CVE-2014-3507]\nOpenSSL DTLS clients enabling anonymous (EC)DH\n\t ciphersuites are subject to a denial of service attack.\n\t A malicious server can crash the client with a null pointer\n\t dereference (read) by specifying an anonymous (EC)DH\n\t ciphersuite and sending carefully crafted handshake\n\t messages. [CVE-2014-3510]\nA flaw in the OpenSSL SSL/TLS server code causes the\n\t server to negotiate TLS 1.0 instead of higher protocol\n\t versions when the ClientHello message is badly\n\t fragmented. This allows a man-in-the-middle attacker\n\t to force a downgrade to TLS 1.0 even if both the server\n\t and the client support a higher protocol version, by\n\t modifying the client's TLS records. [CVE-2014-3511]\nA malicious client or server can send invalid SRP\n\t parameters and overrun an internal buffer. Only\n\t applications which are explicitly set up for SRP\n\t use are affected. [CVE-2014-3512]\n\n", "modified": "2016-08-09T00:00:00", "published": "2014-08-06T00:00:00", "id": "8AFF07EB-1DBD-11E4-B6BA-3C970E169BC2", "href": "https://vuxml.freebsd.org/freebsd/8aff07eb-1dbd-11e4-b6ba-3c970e169bc2.html", "title": "OpenSSL -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:02", "bulletinFamily": "software", "description": "DoS, buffer overflow.", "modified": "2015-10-19T00:00:00", "published": "2015-10-19T00:00:00", "id": "SECURITYVULNS:VULN:14732", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14732", "title": "LibreSSL security vulnerabilities", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-08-31T11:09:56", "bulletinFamily": "software", "description": "DoS and protocol version downgrades in client and server code, memory corruptions and information leaks in client code.", "modified": "2014-08-07T00:00:00", "published": "2014-08-07T00:00:00", "id": "SECURITYVULNS:VULN:13908", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13908", "title": "OpenSSL multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:36", "bulletinFamily": "unix", "description": "- an oversight in the portable version of fgetln() that allows attackers\n to read and write out-of-bounds memory\n\n- multiple denial-of-service vulnerabilities that allow local users to\n kill or hang OpenSMTPD\n\n- a stack-based buffer overflow that allows local users to crash\n OpenSMTPD, or execute arbitrary code as the non-chrooted _smtpd user\n\n- a hardlink attack (or race-conditioned symlink attack) that allows\n local users to unset the chflags() of arbitrary files\n\n- a hardlink attack that allows local users to read the first line of\n arbitrary files (for example, root's hash from /etc/master.passwd)\n\n- a denial-of-service vulnerability that allows remote attackers to fill\n OpenSMTPD's queue or mailbox hard-disk partition\n\n- an out-of-bounds memory read that allows remote attackers to crash\n OpenSMTPD, or leak information and defeat the ASLR protection\n\n- a use-after-free vulnerability that allows remote attackers to crash\n OpenSMTPD, or execute arbitrary code as the non-chrooted _smtpd user\n\n- fix an mda buffer truncation bug which allows a user to create forward\n files that pass session checks but fail delivery later down the chain,\n within the user mda\n\n- fix remote buffer overflow in unprivileged pony process\n\n- reworked offline enqueue to better protect against hardlink attacks", "modified": "2015-10-08T00:00:00", "published": "2015-10-08T00:00:00", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-October/000407.html", "id": "ASA-201510-5", "title": "opensmtpd: multiple issues", "type": "archlinux", "cvss": {"score": 0.0, "vector": "NONE"}}], "debian": [{"lastseen": "2019-05-30T02:21:35", "bulletinFamily": "unix", "description": "Package : openssl\nVersion : 0.9.8o-4squeeze17\nCVE ID : CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 \n CVE-2014-3510\n\nDetailed descriptions of the vulnerabilities can be found at:\nhttps://www.openssl.org/news/secadv_20140806.txt\n\nIt's important that you upgrade the libssl0.9.8 package and not just\nthe openssl package.\n\nAll applications linked to openssl need to be restarted. You can use\nthe "checkrestart" tool from the debian-goodies package to detect\naffected programs. Alternatively, you may reboot your system.\n\n", "modified": "2014-08-07T20:36:26", "published": "2014-08-07T20:36:26", "id": "DEBIAN:DLA-33-1:85002", "href": "https://lists.debian.org/debian-lts-announce/2014/debian-lts-announce-201408/msg00007.html", "title": "[DLA 33-1] openssl security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-30T02:22:12", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2998-1 security@debian.org\nhttp://www.debian.org/security/ Raphael Geissert\nAugust 07, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openssl\nCVE ID : CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 \n CVE-2014-3509 CVE-2014-3510 CVE-2014-3511 CVE-2014-3512 \n CVE-2014-5139\n\nMultiple vulnerabilities have been identified in OpenSSL, a Secure\nSockets Layer toolkit, that may result in denial of service\n(application crash, large memory consumption), information leak,\nprotocol downgrade. Additionally, a buffer overrun affecting only\napplications explicitly set up for SRP has been fixed (CVE-2014-3512).\n\nDetailed descriptions of the vulnerabilities can be found at:\nhttps://www.openssl.org/news/secadv_20140806.txt\n\nIt's important that you upgrade the libssl1.0.0 package and not just\nthe openssl package.\n\nAll applications linked to openssl need to be restarted. You can use\nthe "checkrestart" tool from the debian-goodies package to detect\naffected programs. Alternatively, you may reboot your system.\n\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.0.1e-2+deb7u12.\n\nFor the testing distribution (jessie), these problems will be fixed\nsoon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.1i-1.\n\nWe recommend that you upgrade your openssl packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2014-08-06T23:45:18", "published": "2014-08-06T23:45:18", "id": "DEBIAN:DSA-2998-1:7D1C0", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00180.html", "title": "[SECURITY] [DSA 2998-1] openssl security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:37:14", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-08-14T00:00:00", "id": "OPENVAS:1361412562310881987", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881987", "title": "CentOS Update for openssl CESA-2014:1053 centos5", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for openssl CESA-2014:1053 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881987\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-08-14 05:54:51 +0200 (Thu, 14 Aug 2014)\");\n script_cve_id(\"CVE-2014-0221\", \"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3508\",\n \"CVE-2014-3510\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"CentOS Update for openssl CESA-2014:1053 centos5\");\n\n script_tag(name:\"affected\", value:\"openssl on CentOS 5\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implemnts the Secure Sockets Layer\n(SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary.\n\nIt was discovered that the OBJ_obj2txt() function could fail to properly\nNUL-terminate its output. This could possibly cause an application using\nOpenSSL functions to format fields of X.509 certificates to disclose\nportions of its memory. (CVE-2014-3508)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS packets.\nA remote attacker could use these flaws to cause a DTLS server or client\nusing OpenSSL to crash or use excessive amounts of memory. (CVE-2014-0221,\nCVE-2014-3505, CVE-2014-3506)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a\nhandshake when using the anonymous Diffie-Hellman (DH) key exchange. A\nmalicious server could cause a DTLS client using OpenSSL to crash if that\nclient had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2014-0221. Upstream acknowledges Imre Rad of Search-Lab as the original\nreporter of this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"CESA\", value:\"2014:1053\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2014-August/020487.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8e~27.el5_10.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~0.9.8e~27.el5_10.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~0.9.8e~27.el5_10.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:37:34", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2014-08-14T00:00:00", "id": "OPENVAS:1361412562310871226", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871226", "title": "RedHat Update for openssl RHSA-2014:1053-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for openssl RHSA-2014:1053-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871226\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-08-14 05:54:26 +0200 (Thu, 14 Aug 2014)\");\n script_cve_id(\"CVE-2014-0221\", \"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3508\", \"CVE-2014-3510\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"RedHat Update for openssl RHSA-2014:1053-01\");\n\n\n script_tag(name:\"affected\", value:\"openssl on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary.\n\nIt was discovered that the OBJ_obj2txt() function could fail to properly\nNUL-terminate its output. This could possibly cause an application using\nOpenSSL functions to format fields of X.509 certificates to disclose\nportions of its memory. (CVE-2014-3508)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS packets.\nA remote attacker could use these flaws to cause a DTLS server or client\nusing OpenSSL to crash or use excessive amounts of memory. (CVE-2014-0221,\nCVE-2014-3505, CVE-2014-3506)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a\nhandshake when using the anonymous Diffie-Hellman (DH) key exchange. A\nmalicious server could cause a DTLS client using OpenSSL to crash if that\nclient had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2014-0221. Upstream acknowledges Imre Rad of Search-Lab as the original\nreporter of this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:1053-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-August/msg00027.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8e~27.el5_10.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~0.9.8e~27.el5_10.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~0.9.8e~27.el5_10.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~0.9.8e~27.el5_10.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:21", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2014-1053", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123332", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123332", "title": "Oracle Linux Local Check: ELSA-2014-1053", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-1053.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123332\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:02:23 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-1053\");\n script_tag(name:\"insight\", value:\"ELSA-2014-1053 - openssl security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-1053\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-1053.html\");\n script_cve_id(\"CVE-2014-0221\", \"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3508\", \"CVE-2014-3510\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8e~27.el5_10.4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~0.9.8e~27.el5_10.4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~0.9.8e~27.el5_10.4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:37:36", "bulletinFamily": "scanner", "description": "Amazon Linux Local Security Checks", "modified": "2018-10-01T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120249", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120249", "title": "Amazon Linux Local Check: ALAS-2014-391", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2014-391.nasl 6715 2017-07-13 09:57:40Z teissa$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120249\");\n script_version(\"$Revision: 11711 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:21:23 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 14:30:57 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: ALAS-2014-391\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in OpenSSL. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update openssl to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2014-391.html\");\n script_cve_id(\"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3512\", \"CVE-2014-3511\", \"CVE-2014-3510\", \"CVE-2014-3508\", \"CVE-2014-3509\", \"CVE-2014-5139\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1i~1.78.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1i~1.78.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1i~1.78.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1i~1.78.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1i~1.78.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:11", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2014-08-08T00:00:00", "id": "OPENVAS:1361412562310841924", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841924", "title": "Ubuntu Update for openssl USN-2308-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2308_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for openssl USN-2308-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841924\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-08-08 06:02:31 +0200 (Fri, 08 Aug 2014)\");\n script_cve_id(\"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3508\",\n \"CVE-2014-3509\", \"CVE-2014-3510\", \"CVE-2014-3511\", \"CVE-2014-3512\",\n \"CVE-2014-5139\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Ubuntu Update for openssl USN-2308-1\");\n\n script_tag(name:\"affected\", value:\"openssl on Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"insight\", value:\"Adam Langley and Wan-Teh Chang discovered that OpenSSL\nincorrectly handled certain DTLS packets. A remote attacker could use this issue\nto cause OpenSSL to crash, resulting in a denial of service. (CVE-2014-3505)\n\nAdam Langley discovered that OpenSSL incorrectly handled memory when\nprocessing DTLS handshake messages. A remote attacker could use this issue\nto cause OpenSSL to consume memory, resulting in a denial of service.\n(CVE-2014-3506)\n\nAdam Langley discovered that OpenSSL incorrectly handled memory when\nprocessing DTLS fragments. A remote attacker could use this issue to cause\nOpenSSL to leak memory, resulting in a denial of service. This issue\nonly affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3507)\n\nIvan Fratric discovered that OpenSSL incorrectly leaked information in\nthe pretty printing functions. When OpenSSL is used with certain\napplications, an attacker may use this issue to possibly gain access to\nsensitive information. (CVE-2014-3508)\n\nGabor Tyukasz discovered that OpenSSL contained a race condition when\nprocessing serverhello messages. A malicious server could use this issue\nto cause clients to crash, resulting in a denial of service. This issue\nonly affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3509)\n\nFelix Grö bert discovered that OpenSSL incorrectly handled certain DTLS\nhandshake messages. A malicious server could use this issue to cause\nclients to crash, resulting in a denial of service. (CVE-2014-3510)\n\nDavid Benjamin and Adam Langley discovered that OpenSSL incorrectly\nhandled fragmented ClientHello messages. If a remote attacker were able to\nperform a man-in-the-middle attack, this flaw could be used to force a\nprotocol downgrade to TLS 1.0. This issue only affected Ubuntu 12.04 LTS\nand Ubuntu 14.04 LTS. (CVE-2014-3511)\n\nSean Devlin and Watson Ladd discovered that OpenSSL incorrectly handled\ncertain SRP parameters. A remote attacker could use this with applications\nthat use SRP to cause a denial of service, or possibly execute arbitrary\ncode. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.\n(CVE-2014-3512)\n\nJoonas Kuorilehto and Riku Hietamä ki discovered that OpenSSL incorrectly\nhandled certain Server Hello messages that specify an SRP ciphersuite. A\nmalicious server could use this issue to cause clients to crash, resulting\nin a denial of service. This issue only affected Ubuntu 12.04 LTS and\nUbuntu 14.04 LTS. (CVE-2014-5139)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2308-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2308-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|10\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:i386\", ver:\"1.0.1f-1ubuntu2.5\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1-4ubuntu5.17\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8k-7ubuntu8.20\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:44", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities have been identified in OpenSSL, a Secure\nSockets Layer toolkit, that may result in denial of service\n(application crash, large memory consumption), information leak,\nprotocol downgrade. Additionally, a buffer overrun affecting only\napplications explicitly set up for SRP has been fixed (CVE-2014-3512).\n\nIt", "modified": "2019-03-19T00:00:00", "published": "2014-08-07T00:00:00", "id": "OPENVAS:1361412562310702998", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702998", "title": "Debian Security Advisory DSA 2998-1 (openssl - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2998.nasl 14302 2019-03-19 08:28:48Z cfischer $\n# Auto-generated from advisory DSA 2998-1 using nvtgen 1.0\n# Script version: 1.1\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702998\");\n script_version(\"$Revision: 14302 $\");\n script_cve_id(\"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3508\", \"CVE-2014-3509\", \"CVE-2014-3510\", \"CVE-2014-3511\", \"CVE-2014-3512\", \"CVE-2014-5139\");\n script_name(\"Debian Security Advisory DSA 2998-1 (openssl - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 09:28:48 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-08-07 00:00:00 +0200 (Thu, 07 Aug 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-2998.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"openssl on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy), these problems have been fixed in\nversion 1.0.1e-2+deb7u12.\n\nFor the testing distribution (jessie), these problems will be fixed\nsoon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.1i-1.\n\nWe recommend that you upgrade your openssl packages.\");\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities have been identified in OpenSSL, a Secure\nSockets Layer toolkit, that may result in denial of service\n(application crash, large memory consumption), information leak,\nprotocol downgrade. Additionally, a buffer overrun affecting only\napplications explicitly set up for SRP has been fixed (CVE-2014-3512).\n\nIt's important that you upgrade the libssl1.0.0 package and not just\nthe openssl package.\n\nAll applications linked to openssl need to be restarted. You can use\nthe checkrestart\ntool from the debian-goodies package to detect\naffected programs. Alternatively, you may reboot your system.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:09", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2014-08-14T00:00:00", "id": "OPENVAS:1361412562310871227", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871227", "title": "RedHat Update for openssl RHSA-2014:1052-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for openssl RHSA-2014:1052-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871227\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-08-14 05:54:31 +0200 (Thu, 14 Aug 2014)\");\n script_cve_id(\"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3508\",\n \"CVE-2014-3509\", \"CVE-2014-3510\", \"CVE-2014-3511\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Update for openssl RHSA-2014:1052-01\");\n\n\n script_tag(name:\"affected\", value:\"openssl on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Server (v. 7),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary.\n\nA race condition was found in the way OpenSSL handled ServerHello messages\nwith an included Supported EC Point Format extension. A malicious server\ncould possibly use this flaw to cause a multi-threaded TLS/SSL client using\nOpenSSL to write into freed memory, causing the client to crash or execute\narbitrary code. (CVE-2014-3509)\n\nIt was discovered that the OBJ_obj2txt() function could fail to properly\nNUL-terminate its output. This could possibly cause an application using\nOpenSSL functions to format fields of X.509 certificates to disclose\nportions of its memory. (CVE-2014-3508)\n\nA flaw was found in the way OpenSSL handled fragmented handshake packets.\nA man-in-the-middle attacker could use this flaw to force a TLS/SSL server\nusing OpenSSL to use TLS 1.0, even if both the client and the server\nsupported newer protocol versions. (CVE-2014-3511)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS packets.\nA remote attacker could use these flaws to cause a DTLS server or client\nusing OpenSSL to crash or use excessive amounts of memory. (CVE-2014-3505,\nCVE-2014-3506, CVE-2014-3507)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a\nhandshake when using the anonymous Diffie-Hellman (DH) key exchange. A\nmalicious server could cause a DTLS client using OpenSSL to crash if that\nclient had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:1052-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-August/msg00026.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(7|6)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~34.el7_0.4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1e~34.el7_0.4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~34.el7_0.4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-libs\", rpm:\"openssl-libs~1.0.1e~34.el7_0.4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~16.el6_5.15\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1e~16.el6_5.15\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~16.el6_5.15\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:36", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-08-14T00:00:00", "id": "OPENVAS:1361412562310881988", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881988", "title": "CentOS Update for openssl CESA-2014:1052 centos6", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for openssl CESA-2014:1052 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881988\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-08-14 05:54:57 +0200 (Thu, 14 Aug 2014)\");\n script_cve_id(\"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3508\",\n \"CVE-2014-3509\", \"CVE-2014-3510\", \"CVE-2014-3511\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Update for openssl CESA-2014:1052 centos6\");\n\n script_tag(name:\"affected\", value:\"openssl on CentOS 6\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the Secure Sockets Layer\n(SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary.\n\nA race condition was found in the way OpenSSL handled ServerHello messages\nwith an included Supported EC Point Format extension. A malicious server\ncould possibly use this flaw to cause a multi-threaded TLS/SSL client using\nOpenSSL to write into freed memory, causing the client to crash or execute\narbitrary code. (CVE-2014-3509)\n\nIt was discovered that the OBJ_obj2txt() function could fail to properly\nNUL-terminate its output. This could possibly cause an application using\nOpenSSL functions to format fields of X.509 certificates to disclose\nportions of its memory. (CVE-2014-3508)\n\nA flaw was found in the way OpenSSL handled fragmented handshake packets.\nA man-in-the-middle attacker could use this flaw to force a TLS/SSL server\nusing OpenSSL to use TLS 1.0, even if both the client and the server\nsupported newer protocol versions. (CVE-2014-3511)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS packets.\nA remote attacker could use these flaws to cause a DTLS server or client\nusing OpenSSL to crash or use excessive amounts of memory. (CVE-2014-3505,\nCVE-2014-3506, CVE-2014-3507)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a\nhandshake when using the anonymous Diffie-Hellman (DH) key exchange. A\nmalicious server could cause a DTLS client using OpenSSL to crash if that\nclient had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"CESA\", value:\"2014:1052\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2014-August/020488.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~16.el6_5.15\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~16.el6_5.15\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1e~16.el6_5.15\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1e~16.el6_5.15\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:24", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2014-1653", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123278", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123278", "title": "Oracle Linux Local Check: ELSA-2014-1653", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-1653.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123278\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:01:40 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-1653\");\n script_tag(name:\"insight\", value:\"ELSA-2014-1653 - openssl security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-1653\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-1653.html\");\n script_cve_id(\"CVE-2014-3566\", \"CVE-2014-0221\", \"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3508\", \"CVE-2014-3510\", \"CVE-2014-0224\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8e~31.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~0.9.8e~31.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~0.9.8e~31.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:46", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-09-10T00:00:00", "id": "OPENVAS:1361412562310882005", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882005", "title": "CentOS Update for openssl CESA-2014:1052 centos7", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for openssl CESA-2014:1052 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882005\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-09-10 06:20:03 +0200 (Wed, 10 Sep 2014)\");\n script_cve_id(\"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3508\",\n \"CVE-2014-3509\", \"CVE-2014-3510\", \"CVE-2014-3511\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Update for openssl CESA-2014:1052 centos7\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the\nSecure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram\nTransport Layer Security (DTLS) protocols, as well as a full-strength, general\npurpose cryptography library.\n\nA race condition was found in the way OpenSSL handled ServerHello messages\nwith an included Supported EC Point Format extension. A malicious server\ncould possibly use this flaw to cause a multi-threaded TLS/SSL client using\nOpenSSL to write into freed memory, causing the client to crash or execute\narbitrary code. (CVE-2014-3509)\n\nIt was discovered that the OBJ_obj2txt() function could fail to properly\nNUL-terminate its output. This could possibly cause an application using\nOpenSSL functions to format fields of X.509 certificates to disclose\nportions of its memory. (CVE-2014-3508)\n\nA flaw was found in the way OpenSSL handled fragmented handshake packets.\nA man-in-the-middle attacker could use this flaw to force a TLS/SSL server\nusing OpenSSL to use TLS 1.0, even if both the client and the server\nsupported newer protocol versions. (CVE-2014-3511)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS packets.\nA remote attacker could use these flaws to cause a DTLS server or client\nusing OpenSSL to crash or use excessive amounts of memory. (CVE-2014-3505,\nCVE-2014-3506, CVE-2014-3507)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a\nhandshake when using the anonymous Diffie-Hellman (DH) key exchange. A\nmalicious server could cause a DTLS client using OpenSSL to crash if that\nclient had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\");\n script_tag(name:\"affected\", value:\"openssl on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"CESA\", value:\"2014:1052\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2014-August/020489.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~34.el7_0.4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~34.el7_0.4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-libs\", rpm:\"openssl-libs~1.0.1e~34.el7_0.4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1e~34.el7_0.4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1e~34.el7_0.4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-05-29T18:34:25", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2014:1053\n\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary.\n\nIt was discovered that the OBJ_obj2txt() function could fail to properly\nNUL-terminate its output. This could possibly cause an application using\nOpenSSL functions to format fields of X.509 certificates to disclose\nportions of its memory. (CVE-2014-3508)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS packets.\nA remote attacker could use these flaws to cause a DTLS server or client\nusing OpenSSL to crash or use excessive amounts of memory. (CVE-2014-0221,\nCVE-2014-3505, CVE-2014-3506)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a\nhandshake when using the anonymous Diffie-Hellman (DH) key exchange. A\nmalicious server could cause a DTLS client using OpenSSL to crash if that\nclient had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2014-0221. Upstream acknowledges Imre Rad of Search-Lab as the original\nreporter of this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-August/020487.html\n\n**Affected packages:**\nopenssl\nopenssl-devel\nopenssl-perl\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-1053.html", "modified": "2014-08-13T19:52:24", "published": "2014-08-13T19:52:24", "href": "http://lists.centos.org/pipermail/centos-announce/2014-August/020487.html", "id": "CESA-2014:1053", "title": "openssl security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:34:58", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2014:1052\n\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary.\n\nA race condition was found in the way OpenSSL handled ServerHello messages\nwith an included Supported EC Point Format extension. A malicious server\ncould possibly use this flaw to cause a multi-threaded TLS/SSL client using\nOpenSSL to write into freed memory, causing the client to crash or execute\narbitrary code. (CVE-2014-3509)\n\nIt was discovered that the OBJ_obj2txt() function could fail to properly\nNUL-terminate its output. This could possibly cause an application using\nOpenSSL functions to format fields of X.509 certificates to disclose\nportions of its memory. (CVE-2014-3508)\n\nA flaw was found in the way OpenSSL handled fragmented handshake packets.\nA man-in-the-middle attacker could use this flaw to force a TLS/SSL server\nusing OpenSSL to use TLS 1.0, even if both the client and the server\nsupported newer protocol versions. (CVE-2014-3511)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS packets.\nA remote attacker could use these flaws to cause a DTLS server or client\nusing OpenSSL to crash or use excessive amounts of memory. (CVE-2014-3505,\nCVE-2014-3506, CVE-2014-3507)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a\nhandshake when using the anonymous Diffie-Hellman (DH) key exchange. A\nmalicious server could cause a DTLS client using OpenSSL to crash if that\nclient had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-August/020488.html\nhttp://lists.centos.org/pipermail/centos-announce/2014-August/020489.html\n\n**Affected packages:**\nopenssl\nopenssl-devel\nopenssl-libs\nopenssl-perl\nopenssl-static\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-1052.html", "modified": "2014-08-13T20:25:33", "published": "2014-08-13T20:10:43", "href": "http://lists.centos.org/pipermail/centos-announce/2014-August/020488.html", "id": "CESA-2014:1052", "title": "openssl security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-05-29T14:34:24", "bulletinFamily": "unix", "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary.\n\nIt was discovered that the OBJ_obj2txt() function could fail to properly\nNUL-terminate its output. This could possibly cause an application using\nOpenSSL functions to format fields of X.509 certificates to disclose\nportions of its memory. (CVE-2014-3508)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS packets.\nA remote attacker could use these flaws to cause a DTLS server or client\nusing OpenSSL to crash or use excessive amounts of memory. (CVE-2014-0221,\nCVE-2014-3505, CVE-2014-3506)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a\nhandshake when using the anonymous Diffie-Hellman (DH) key exchange. A\nmalicious server could cause a DTLS client using OpenSSL to crash if that\nclient had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2014-0221. Upstream acknowledges Imre Rad of Search-Lab as the original\nreporter of this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n", "modified": "2017-09-08T12:08:28", "published": "2014-08-13T04:00:00", "id": "RHSA-2014:1053", "href": "https://access.redhat.com/errata/RHSA-2014:1053", "type": "redhat", "title": "(RHSA-2014:1053) Moderate: openssl security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T14:35:16", "bulletinFamily": "unix", "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary.\n\nA race condition was found in the way OpenSSL handled ServerHello messages\nwith an included Supported EC Point Format extension. A malicious server\ncould possibly use this flaw to cause a multi-threaded TLS/SSL client using\nOpenSSL to write into freed memory, causing the client to crash or execute\narbitrary code. (CVE-2014-3509)\n\nIt was discovered that the OBJ_obj2txt() function could fail to properly\nNUL-terminate its output. This could possibly cause an application using\nOpenSSL functions to format fields of X.509 certificates to disclose\nportions of its memory. (CVE-2014-3508)\n\nA flaw was found in the way OpenSSL handled fragmented handshake packets.\nA man-in-the-middle attacker could use this flaw to force a TLS/SSL server\nusing OpenSSL to use TLS 1.0, even if both the client and the server\nsupported newer protocol versions. (CVE-2014-3511)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS packets.\nA remote attacker could use these flaws to cause a DTLS server or client\nusing OpenSSL to crash or use excessive amounts of memory. (CVE-2014-3505,\nCVE-2014-3506, CVE-2014-3507)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a\nhandshake when using the anonymous Diffie-Hellman (DH) key exchange. A\nmalicious server could cause a DTLS client using OpenSSL to crash if that\nclient had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library must be restarted or the\nsystem rebooted.\n", "modified": "2015-04-24T14:17:46", "published": "2014-08-14T04:00:00", "id": "RHSA-2014:1054", "href": "https://access.redhat.com/errata/RHSA-2014:1054", "type": "redhat", "title": "(RHSA-2014:1054) Moderate: openssl security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T14:35:23", "bulletinFamily": "unix", "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary.\n\nA race condition was found in the way OpenSSL handled ServerHello messages\nwith an included Supported EC Point Format extension. A malicious server\ncould possibly use this flaw to cause a multi-threaded TLS/SSL client using\nOpenSSL to write into freed memory, causing the client to crash or execute\narbitrary code. (CVE-2014-3509)\n\nIt was discovered that the OBJ_obj2txt() function could fail to properly\nNUL-terminate its output. This could possibly cause an application using\nOpenSSL functions to format fields of X.509 certificates to disclose\nportions of its memory. (CVE-2014-3508)\n\nA flaw was found in the way OpenSSL handled fragmented handshake packets.\nA man-in-the-middle attacker could use this flaw to force a TLS/SSL server\nusing OpenSSL to use TLS 1.0, even if both the client and the server\nsupported newer protocol versions. (CVE-2014-3511)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS packets.\nA remote attacker could use these flaws to cause a DTLS server or client\nusing OpenSSL to crash or use excessive amounts of memory. (CVE-2014-3505,\nCVE-2014-3506, CVE-2014-3507)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a\nhandshake when using the anonymous Diffie-Hellman (DH) key exchange. A\nmalicious server could cause a DTLS client using OpenSSL to crash if that\nclient had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n", "modified": "2018-06-06T20:24:27", "published": "2014-08-13T04:00:00", "id": "RHSA-2014:1052", "href": "https://access.redhat.com/errata/RHSA-2014:1052", "type": "redhat", "title": "(RHSA-2014:1052) Moderate: openssl security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:31", "bulletinFamily": "unix", "description": "[0.9.8e-27.4]\n- fix CVE-2014-0221 - recursion in DTLS code leading to DoS\n- fix CVE-2014-3505 - doublefree in DTLS packet processing\n- fix CVE-2014-3506 - avoid memory exhaustion in DTLS\n- fix CVE-2014-3508 - fix OID handling to avoid information leak\n- fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS\n[0.9.8e-27.3]\n- fix for CVE-2014-0224 - SSL/TLS MITM vulnerability\n[0.9.8e-27.1]\n- replace expired GlobalSign Root CA certificate in ca-bundle.crt", "modified": "2014-08-13T00:00:00", "published": "2014-08-13T00:00:00", "id": "ELSA-2014-1053", "href": "http://linux.oracle.com/errata/ELSA-2014-1053.html", "title": "openssl security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:18", "bulletinFamily": "unix", "description": "[1.0.1e-34.4]\n- fix CVE-2014-3505 - doublefree in DTLS packet processing\n- fix CVE-2014-3506 - avoid memory exhaustion in DTLS\n- fix CVE-2014-3507 - avoid memory leak in DTLS\n- fix CVE-2014-3508 - fix OID handling to avoid information leak\n- fix CVE-2014-3509 - fix race condition when parsing server hello\n- fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS\n- fix CVE-2014-3511 - disallow protocol downgrade via fragmentation", "modified": "2014-08-13T00:00:00", "published": "2014-08-13T00:00:00", "id": "ELSA-2014-1052", "href": "http://linux.oracle.com/errata/ELSA-2014-1052.html", "title": "openssl security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:54", "bulletinFamily": "unix", "description": "[0.9.8e-31]\n- add support for fallback SCSV to partially mitigate CVE-2014-3566\n (padding attack on SSL3)\n[0.9.8e-30]\n- fix CVE-2014-0221 - recursion in DTLS code leading to DoS\n- fix CVE-2014-3505 - doublefree in DTLS packet processing\n- fix CVE-2014-3506 - avoid memory exhaustion in DTLS\n- fix CVE-2014-3508 - fix OID handling to avoid information leak\n- fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS\n[0.9.8e-29]\n- fix for CVE-2014-0224 - SSL/TLS MITM vulnerability\n[0.9.8e-28]\n- replace expired GlobalSign Root CA certificate in ca-bundle.crt", "modified": "2014-10-16T00:00:00", "published": "2014-10-16T00:00:00", "id": "ELSA-2014-1653", "href": "http://linux.oracle.com/errata/ELSA-2014-1653.html", "title": "openssl security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:21", "bulletinFamily": "unix", "description": "[1.0.1e-30.2]\n- fix CVE-2014-3567 - memory leak when handling session tickets\n- fix CVE-2014-3513 - memory leak in srtp support\n- add support for fallback SCSV to partially mitigate CVE-2014-3566\n (padding attack on SSL3)\n[1.0.1e-30]\n- add ECC TLS extensions to DTLS (#1119800)\n[1.0.1e-29]\n- fix CVE-2014-3505 - doublefree in DTLS packet processing\n- fix CVE-2014-3506 - avoid memory exhaustion in DTLS\n- fix CVE-2014-3507 - avoid memory leak in DTLS\n- fix CVE-2014-3508 - fix OID handling to avoid information leak\n- fix CVE-2014-3509 - fix race condition when parsing server hello\n- fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS\n- fix CVE-2014-3511 - disallow protocol downgrade via fragmentation\n[1.0.1e-28]\n- fix CVE-2014-0224 fix that broke EAP-FAST session resumption support\n[1.0.1e-26]\n- drop EXPORT, RC2, and DES from the default cipher list (#1057520)\n- print ephemeral key size negotiated in TLS handshake (#1057715)\n- do not include ECC ciphersuites in SSLv2 client hello (#1090952)\n- properly detect encryption failure in BIO (#1100819)\n- fail on hmac integrity check if the .hmac file is empty (#1105567)\n- FIPS mode: make the limitations on DSA, DH, and RSA keygen\n length enforced only if OPENSSL_ENFORCE_MODULUS_BITS environment\n variable is set\n[1.0.1e-25]\n- fix CVE-2010-5298 - possible use of memory after free\n- fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment\n- fix CVE-2014-0198 - possible NULL pointer dereference\n- fix CVE-2014-0221 - DoS from invalid DTLS handshake packet\n- fix CVE-2014-0224 - SSL/TLS MITM vulnerability\n- fix CVE-2014-3470 - client-side DoS when using anonymous ECDH\n[1.0.1e-24]\n- add back support for secp521r1 EC curve\n[1.0.1e-23]\n- fix CVE-2014-0160 - information disclosure in TLS heartbeat extension\n[1.0.1e-22]\n- use 2048 bit RSA key in FIPS selftests\n[1.0.1e-21]\n- add DH_compute_key_padded needed for FIPS CAVS testing\n- make 3des strength to be 128 bits instead of 168 (#1056616)\n- FIPS mode: do not generate DSA keys and DH parameters < 2048 bits\n- FIPS mode: use approved RSA keygen (allows only 2048 and 3072 bit keys)\n- FIPS mode: add DH selftest\n- FIPS mode: reseed DRBG properly on RAND_add()\n- FIPS mode: add RSA encrypt/decrypt selftest\n- FIPS mode: add hard limit for 2^32 GCM block encryptions with the same key\n- use the key length from configuration file if req -newkey rsa is invoked\n[1.0.1e-20]\n- fix CVE-2013-4353 - Invalid TLS handshake crash\n[1.0.1e-19]\n- fix CVE-2013-6450 - possible MiTM attack on DTLS1\n[1.0.1e-18]\n- fix CVE-2013-6449 - crash when version in SSL structure is incorrect\n[1.0.1e-17]\n- add back some no-op symbols that were inadvertently dropped", "modified": "2014-10-16T00:00:00", "published": "2014-10-16T00:00:00", "id": "ELSA-2014-1652", "href": "http://linux.oracle.com/errata/ELSA-2014-1652.html", "title": "openssl security update", "type": "oraclelinux", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "slackware": [{"lastseen": "2019-05-30T07:37:20", "bulletinFamily": "unix", "description": "New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\nand -current to fix security issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/openssl-1.0.1i-i486-1_slack14.1.txz: Upgraded.\n This update fixes several security issues:\n Double Free when processing DTLS packets (CVE-2014-3505)\n DTLS memory exhaustion (CVE-2014-3506)\n DTLS memory leak from zero-length fragments (CVE-2014-3507)\n Information leak in pretty printing functions (CVE-2014-3508)\n Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509)\n OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)\n OpenSSL TLS protocol downgrade attack (CVE-2014-3511)\n SRP buffer overrun (CVE-2014-3512)\n Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139)\n For more information, see:\n https://www.openssl.org/news/secadv_20140806.txt\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3512\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5139\n (* Security fix *)\npatches/packages/openssl-solibs-1.0.1i-i486-1_slack14.1.txz: Upgraded.\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zb-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zb-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zb-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1i-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1i-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1i-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1i-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1i-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1i-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1i-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1i-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 packages:\n30bdc015b10d8891b90d3f6ea34f5fdd openssl-0.9.8zb-i486-1_slack13.0.txz\n3dc4140c22c04c94e5e74386a5a1c200 openssl-solibs-0.9.8zb-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\n3da32f51273762d67bf9dbcc91af9413 openssl-0.9.8zb-x86_64-1_slack13.0.txz\n075e5d12e5b909ecac923cb210f83544 openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n3b7e2bb2b317bf72b8f9b2b7a14bddfb openssl-0.9.8zb-i486-1_slack13.1.txz\n92af0784eade0674332a56bfab73b97d openssl-solibs-0.9.8zb-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\ndf5f961109d7b50971660ca6a7d4c48c openssl-0.9.8zb-x86_64-1_slack13.1.txz\n582aaeae3d56730a2e1538a67d4e44da openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n546445d56d3b367fa0dd4e80859c4620 openssl-0.9.8zb-i486-1_slack13.37.txz\nb80e9df8cdd0649939ec2fab20d24691 openssl-solibs-0.9.8zb-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\n9c9ce97dc21340924a3e27c1a8047023 openssl-0.9.8zb-x86_64-1_slack13.37.txz\n0fe1931f2fc82fb8d5fbe72680caf843 openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\nd1580f4b22b99cee42b22276653c8180 openssl-1.0.1i-i486-1_slack14.0.txz\nec93cec2bcab8ae7391a504573cbc231 openssl-solibs-1.0.1i-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n329475de3759225b1d02aa7317b2eb58 openssl-1.0.1i-x86_64-1_slack14.0.txz\n25f2a198022d974534986a3913ca705c openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n8336457bc31d44ebf502ffc4443f12f7 openssl-1.0.1i-i486-1_slack14.1.txz\n4b99ac357fbd3065c53367eea246b8c7 openssl-solibs-1.0.1i-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\nf2b8f81d9d7dc02e5d1011f663ccc95d openssl-1.0.1i-x86_64-1_slack14.1.txz\n4360abffbb57cb18ba0720f782d78250 openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n49ecd332a899cf742d3467a6efe44269 a/openssl-solibs-1.0.1i-i486-1.txz\n27da017c49045981b1793f105aff365f n/openssl-1.0.1i-i486-1.txz\n\nSlackware x86_64 -current packages:\n8d74f3d770802182137c84d925f58cbc a/openssl-solibs-1.0.1i-x86_64-1.txz\nfd9d94d3210f0aedf74959cb0887e2b8 n/openssl-1.0.1i-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg openssl-1.0.1i-i486-1_slack14.1.txz openssl-solibs-1.0.1i-i486-1_slack14.1.txz", "modified": "2014-08-08T14:22:00", "published": "2014-08-08T14:22:00", "id": "SSA-2014-220-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.788587", "title": "openssl", "type": "slackware", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2019-05-29T19:20:55", "bulletinFamily": "unix", "description": "Adam Langley and Wan-Teh Chang discovered that OpenSSL incorrectly handled certain DTLS packets. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2014-3505)\n\nAdam Langley discovered that OpenSSL incorrectly handled memory when processing DTLS handshake messages. A remote attacker could use this issue to cause OpenSSL to consume memory, resulting in a denial of service. (CVE-2014-3506)\n\nAdam Langley discovered that OpenSSL incorrectly handled memory when processing DTLS fragments. A remote attacker could use this issue to cause OpenSSL to leak memory, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3507)\n\nIvan Fratric discovered that OpenSSL incorrectly leaked information in the pretty printing functions. When OpenSSL is used with certain applications, an attacker may use this issue to possibly gain access to sensitive information. (CVE-2014-3508)\n\nGabor Tyukasz discovered that OpenSSL contained a race condition when processing serverhello messages. A malicious server could use this issue to cause clients to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3509)\n\nFelix Gr\u00f6bert discovered that OpenSSL incorrectly handled certain DTLS handshake messages. A malicious server could use this issue to cause clients to crash, resulting in a denial of service. (CVE-2014-3510)\n\nDavid Benjamin and Adam Langley discovered that OpenSSL incorrectly handled fragmented ClientHello messages. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be used to force a protocol downgrade to TLS 1.0. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3511)\n\nSean Devlin and Watson Ladd discovered that OpenSSL incorrectly handled certain SRP parameters. A remote attacker could use this with applications that use SRP to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3512)\n\nJoonas Kuorilehto and Riku Hietam\u00e4ki discovered that OpenSSL incorrectly handled certain Server Hello messages that specify an SRP ciphersuite. A malicious server could use this issue to cause clients to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-5139)", "modified": "2014-08-07T00:00:00", "published": "2014-08-07T00:00:00", "id": "USN-2308-1", "href": "https://usn.ubuntu.com/2308-1/", "title": "OpenSSL vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2019-05-29T17:22:31", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nA flaw was discovered in the way OpenSSL handled DTLS packets. A remote attacker could use this flaw to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory. \n\nMultiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid SRP (1) g, (2) A, or (3) B parameter. \n\nA flaw was found in the way OpenSSL handled fragmented handshake packets. A man-in-the-middle attacker could use this flaw to force a TLS/SSL server using OpenSSL to use TLS 1.0, even if both the client and the server supported newer protocol versions. \n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a handshake when using the anonymous Diffie-Hellman (DH) key exchange. A malicious server could cause a DTLS client using OpenSSL to crash if that client had anonymous DH cipher suites enabled. \n\nIt was discovered that the OBJ_obj2txt() function could fail to properly NUL-terminate its output. This could possibly cause an application using OpenSSL functions to format fields of X.509 certificates to disclose portions of its memory. \n\nA race condition was found in the way OpenSSL handled ServerHello messages with an included Supported EC Point Format extension. A malicious server could possibly use this flaw to cause a multi-threaded TLS/SSL client using OpenSSL to write into freed memory, causing the client to crash or execute arbitrary code. \n\nThe ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client.\n\n \n**Affected Packages:** \n\n\nopenssl\n\n \n**Issue Correction:** \nRun _yum update openssl_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n openssl-devel-1.0.1i-1.78.amzn1.i686 \n openssl-debuginfo-1.0.1i-1.78.amzn1.i686 \n openssl-perl-1.0.1i-1.78.amzn1.i686 \n openssl-1.0.1i-1.78.amzn1.i686 \n openssl-static-1.0.1i-1.78.amzn1.i686 \n \n src: \n openssl-1.0.1i-1.78.amzn1.src \n \n x86_64: \n openssl-static-1.0.1i-1.78.amzn1.x86_64 \n openssl-debuginfo-1.0.1i-1.78.amzn1.x86_64 \n openssl-devel-1.0.1i-1.78.amzn1.x86_64 \n openssl-1.0.1i-1.78.amzn1.x86_64 \n openssl-perl-1.0.1i-1.78.amzn1.x86_64 \n \n \n", "modified": "2014-09-19T11:59:00", "published": "2014-09-19T11:59:00", "id": "ALAS-2014-391", "href": "https://alas.aws.amazon.com/ALAS-2014-391.html", "title": "Medium: openssl", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "huawei": [{"lastseen": "2019-02-01T18:01:48", "bulletinFamily": "software", "description": "Products\n\nSwitches\nRouters\nWLAN\nServers\nSee All\n\n\n\nSolutions\n\nCloud Data Center\nEnterprise Networking\nWireless Private Network\nSolutions by Industry\nSee All\n\n\n\nServices\n\nTraining and Certification\nICT Lifecycle Services\nTechnology Services\nIndustry Solution Services\nSee All\n\n\n\nSee all offerings at e.huawei.com\n\n\n\nNeed Support ?\n\nProduct Support\nSoftware Download\nCommunity\nTools\n\nGo to Full Support", "modified": "2015-03-11T00:00:00", "published": "2014-10-08T00:00:00", "id": "HUAWEI-SA-20141008-OPENSSL", "href": "https://www.huawei.com/en/psirt/security-advisories/2015/hw-372998", "title": "Security Advisory-9 OpenSSL vulnerabilities on Huawei products", "type": "huawei", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "aix": [{"lastseen": "2019-05-29T19:19:11", "bulletinFamily": "unix", "description": "IBM SECURITY ADVISORY\n\nFirst Issued: <Tue Sep 9 00:50:00 CDT 2014>\n\nThe most recent version of this document is available here:\n\nhttp://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc\nhttps://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc\nftp://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc\n===============================================================================\n VULNERABILITY SUMMARY\n\n1.VULNERABILITY: AIX OpenSSL Denial of Service due to double free\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-3505\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n2. VULNERABILITY: AIX OpenSSL Denial of Service due to memory allocation of large length values\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-3506\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n3. VULNERABILITY: AIX OpenSSL Denial of Service due to improper handling of the return value\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-3507\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n4. VULNERABILITY: AIX OpenSSL allows attackers to obtain sensitive information\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-3508\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n5. VULNERABILITY: AIX OpenSSL Denial of Service due to memory overwrite\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-3509\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n6. VULNERABILITY: AIX OpenSSL Denial of Service due to NULL pointer dereference\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-3510\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n7. VULNERABILITY: AIX OpenSSL Man-in-the-Middle attack related to protocol downgrade issue\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-3511\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n8. VULNERABILITY: AIX OpenSSL Denial of Service due to invalid SRP (1)g, (2)A or (3)B parameter\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-3512\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n9. VULNERABILITY: AIX OpenSSL Denial of Service due to NULL pointer dereference\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-5139\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n===============================================================================\n DETAILED INFORMATION\n\nI. DESCRIPTION \n \n 1. CVE-2014-3505\n\tOpenSSL could allow remote attackers to cause a denial of service \n\t(application crash) via crafted DTLS packets that trigger an error condition.\n\n 2. CVE-2014-3506\n\tOpenSSL could allow remote attackers to cause a denial of service (memory \n\tconsumption) via crafted DTLS handshake messages that trigger memory \n\tallocations corresponding to large length values.\n\n 3. CVE-2014-3507\n\tOpenSSL could allow remote attackers to cause a denial of service \n\t(memory consumption) via zero-length DTLS fragments that trigger improper \n\thandling of the return value of insert function.\n\n 4. CVE-2014-3508\n\tOpenSSL could allow context-dependent attackers to obtain sensitive information \n\tfrom process stack memory by reading output from some functions when pretty \n\tprinting is used\n\n 5. CVE-2014-3509\n\tOpenSSL could allow remote SSL servers to cause a denial of service \n\t(memory overwrite and client application crash) or possibly have unspecified \n\timpact by sending Elliptic Curve (EC) Supported Point Formats Extension data when\n\tmultithreading and session resumption are used\n\n 6. CVE-2014-3510\n\tOpenSSL could allow remote DTLS servers to cause a denial of service \n\t(NULL pointer dereference and client application crash) via a crafted \n\thandshake message in conjunction with a (1) anonymous DH or \n\t(2) anonymous ECDH ciphersuite.\n\n 7. CVE-2014-3511\n\tOpenSSL could allow man-in-the middle attacker to force the use of TLS 1.0 by \n\ttriggering ClientHello message fragmentation in communication between a \n\tclient and server that both support later TLS versions, related to a \n\t\"protocol downgrade\" issue\n\n 8. CVE-2014-3512\n\tOpenssl could allow remote attackers to cause a denial of service or possibly \n\thave unspecified impact via an invalid SRP (1)g, (2)A or (3)B parameter\n\n 9. CVE-2014-5139\n\tOpenSSL could allow SSL servers to cause a denial of service (NULL pointer \n\tdeference and client application crash) through a ServerHello message that \n\tinclude an SRP ciphersuite without the required negotiation of that \n\tciphersuite with the client\n\nII. CVSS\n\n 1. CVE-2014-3505\n CVSS Base Score: 5\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/95163\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n 2. CVE-2014-3506\n CVSS Base Score: 5\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/95160\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n 3. CVE-2014-3507\n CVSS Base Score: 5\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/95161\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n 4. CVE-2014-3508\n CVSS Base Score: 4.3\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/95165\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n 5. CVE-2014-3509\n CVSS Base Score: 4.3\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/95159\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n 6. CVE-2014-3510\n CVSS Base Score: 4.3\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/95164\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n 7. CVE-2014-3511\n CVSS Base Score: 4.3\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/95162\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n 8. CVE-2014-3512\n CVSS Base Score: 5\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/95158\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n 9. CVE-2014-5139\n CVSS Base Score: 5\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/95166\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\nIII. PLATFORM VULNERABILITY ASSESSMENT\n\n To determine if your system is vulnerable, execute the following\n command:\n\n lslpp -L openssl.base\n \n The following fileset levels are vulnerable:\n \n A. CVE-2014-3509, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139\n\n AIX Fileset Lower Level Upper Level \n ------------------------------------------\n openssl.base 1.0.1.500 1.0.1.511\n\n B. CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3510\n\n AIX Fileset Lower Level Upper Level \n ------------------------------------------\n openssl.base 1.0.1.500 1.0.1.511\n openssl.base 0.9.8.401 0.9.8.2502\n openssl.base 12.9.8.1100 12.9.8.2502\n\n\nIV. SOLUTIONS\n\n A. FIXES\n\n Fix is available. The fix can be downloaded via ftp\n from:\n\n ftp://aix.software.ibm.com/aix/efixes/security/openssl_fix10.tar\n\n The link above is to a tar file containing this signed\n advisory, fix packages, and OpenSSL signatures for each package.\n The fixes below include prerequisite checking. This will\n enforce the correct mapping between the fixes and AIX\n releases.\n\n\tNote that the tar file contains Interim fixes that are based on OpenSSL version.\n\n AIX Level Interim Fix (*.Z) Fileset Name\n -------------------------------------------------------------------\n 5.3, 6.1, 7.1 101_fix.140902.epkg.Z\t openssl.base(1.0.1.511 version)\n 5.3, 6.1, 7.1 098_fix.140902.epkg.Z\t openssl.base(0.9.8.2502 version)\n 5.3, 6.1, 7.1 1298_fix.140902.epkg.Z \t openssl.base(12.9.8.2502 version)\n\n VIOS Level Interim Fix (*.Z)\t Fileset Name\n -------------------------------------------------------------------\n 2.2.* 101_fix.140902.epkg.Z\t openssl.base(1.0.1.511 version)\n 2.2.* 098_fix.140902.epkg.Z\t openssl.base(0.9.8.2502 version)\n 2.2.* 1298_fix.140902.epkg.Z \t openssl.base(12.9.8.2502 version)\n\n\n To extract the fix from the tar file:\n\n tar xvf openssl_fix10.tar\n cd openssl_fix10\n\n Verify you have retrieved the fix intact:\n\n The checksums below were generated using the\n \"openssl dgst -sha256 file\" command is the followng:\n\n openssl dgst -sha256 \t\t\t\t\t\t filename\t \n ----------------------------------------------------------------------------------------------\n \t4b5dcf19fbe1068b65b9ecc125d098fcf6f2077971e80c8da7bdfb2260554bd6 \t101_fix.140902.epkg.Z\n\t 834ff7e39d65c98eb7d96b877eab5c2f3ce9922d6ee5b8278358ae6b86d6ab87\t098_fix.140902.epkg.Z\n\t 749536a5247176e8074ba1ec289426cbd4b484c9925ce17a66b411fad2e90841\t1298_fix.140902.epkg.Z\n\n\t These sums should match exactly. The OpenSSL signatures in the tar\n file and on this advisory can also be used to verify the\n integrity of the fixes. If the sums or signatures cannot be\n confirmed, contact IBM AIX Security at\n security-alert@austin.ibm.com and describe the discrepancy.\n \n Published advisory OpenSSL signature file location:\n\n http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc.sig\n https://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc.sig\n ftp://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc.sig \n\n\t openssl dgst -sha1 -verify <pubkey_file> -signature <advisory_file>.sig <advisory_file>\n\n openssl dgst -sha1 -verify <pubkey_file> -signature <ifix_file>.sig <ifix_file>\n\n These fixes will also be part of the next filesets of OpenSSL versions 0.9.8.2503, 12.9.8.2503 and 1.0.1.512.\n\t\n These filesets will be made available by 10th October 2014 and can be downloaded from - \n\n\t https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=aixbp&lang=en_US&S_PKG=openssl&cp=UTF-8\n\n \n B. FIX AND INTERIM FIX INSTALLATION\n\n IMPORTANT: If possible, it is recommended that a mksysb backup\n of the system be created. Verify it is both bootable and\n readable before proceeding.\n\n To preview a fix installation:\n\n installp -a -d fix_name -p all # where fix_name is the name of the\n # fix package being previewed.\n To install a fix package:\n\n installp -a -d fix_name -X all # where fix_name is the name of the\n # fix package being installed.\n\n Interim fixes have had limited functional and regression\n testing but not the full regression testing that takes place\n for Service Packs; however, IBM does fully support them.\n\n Interim fix management documentation can be found at:\n\n http://www14.software.ibm.com/webapp/set2/sas/f/aix.efixmgmt/home.html\n\n To preview an interim fix installation:\n\n emgr -e ipkg_name -p # where ipkg_name is the name of the\n # interim fix package being previewed.\n\n To install an interim fix package:\n\n emgr -e ipkg_name -X # where ipkg_name is the name of the\n # interim fix package being installed.\n\n\nV. WORKAROUNDS\n \n No workarounds.\n\nVI. CONTACT INFORMATION\n\n If you would like to receive AIX Security Advisories via email,\n please visit:\n\n http://www.ibm.com/systems/support\n\n and click on the \"My notifications\" link.\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n \n Comments regarding the content of this announcement can be\n directed to:\n\n security-alert@austin.ibm.com\n\n To obtain the OpenSSL public key that can be used to verify the\n signed advisories and ifixes:\n\n Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pgpkey.txt\n\n To obtain the PGP public key that can be used to communicate\n securely with the AIX Security Team you can either:\n\n A. Send an email with \"get key\" in the subject line to:\n\n security-alert@austin.ibm.com\n\n B. Download the key from a PGP Public Key Server. The key ID is:\n\n 0x28BFAA12\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n\n\nVII. REFERENCES:\n\n Note: Keywords labeled as KEY in this document are used for parsing purposes.\n\n eServer is a trademark of International Business Machines\n Corporation. IBM, AIX and pSeries are registered trademarks of\n International Business Machines Corporation. All other trademarks\n are property of their respective holders.\n\n Complete CVSS Guide: http://www.first.org/cvss/cvss-guide.html\n On-line Calculator V2: http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2\n\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/95163\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/95160\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/95161\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/95165\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/95159\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/95164\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/95162\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/95158\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/95166\n CVE-2014-3505 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505\n CVE-2014-3506 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506\n CVE-2014-3507 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507\n CVE-2014-3508 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508\n CVE-2014-3509 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509\n CVE-2014-3510 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510\n CVE-2014-3511 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511\n CVE-2014-3512 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3512\n CVE-2014-5139 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5139\n\n *The CVSS Environment Score is customer environment specific and will\n ultimately impact the Overall CVSS Score. Customers can evaluate the\n impact of this vulnerability in their environments by accessing the links\n in the Reference section of this Flash.\n\n Note: According to the Forum of Incident Response and Security Teams\n (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry\n open standard designed to convey vulnerability severity and help to\n determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES\n \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF\n MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE\n RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY\n VULNERABILITY.\n", "modified": "2014-09-09T00:50:00", "published": "2014-09-09T00:50:00", "id": "OPENSSL_ADVISORY10.ASC", "href": "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc", "title": "AIX OpenSSL Denial of Service due to double free and others", "type": "aix", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "kaspersky": [{"lastseen": "2019-03-21T00:14:06", "bulletinFamily": "info", "description": "### *Detect date*:\n08/07/2014\n\n### *Severity*:\nCritical\n\n### *Description*:\nAn obsolete version of OpenSSL was found in Stunnel. By exploiting this vulnerability malicious users can cause denial of service, obtain sensitive information and bypass security. This vulnerability can be exploited remotely.\n\n### *Affected products*:\nStunnel versions 5.02 and earlier\n\n### *Solution*:\nUpdate to latest version\n\n### *Original advisories*:\n[Stunnel changelog](<https://www.stunnel.org/sdf_ChangeLog.html>) \n\n\n### *Impacts*:\nOSI \n\n### *Related products*:\n[Stunnel](<https://threats.kaspersky.com/en/product/Stunnel/>)\n\n### *CVE-IDS*:\n[CVE-2014-3508](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508>)4.3Critical \n[CVE-2014-3509](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509>)6.8Critical \n[CVE-2014-3511](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511>)4.3Critical \n[CVE-2014-5139](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5139>)4.3Critical \n[CVE-2014-3505](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505>)5.0Critical \n[CVE-2014-3506](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506>)5.0Critical \n[CVE-2014-3507](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507>)5.0Critical \n[CVE-2014-3510](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510>)4.3Critical \n[CVE-2014-3512](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3512>)7.5Critical", "modified": "2019-03-07T00:00:00", "published": "2014-08-07T00:00:00", "id": "KLA10343", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10343", "title": "\r KLA10343Multiple vulnerabilities in Stunnel ", "type": "kaspersky", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T11:23:40", "bulletinFamily": "unix", "description": "OpenSSL has been updated to fix various security issues:\n\n *\n\n CVE-2014-3568: The build option no-ssl3 was incomplete.\n\n *\n\n CVE-2014-3566: Support for TLS_FALLBACK_SCSV was added.\n\n *\n\n CVE-2014-3508: An information leak in pretty printing functions was\n fixed.\n\n *\n\n CVE-2013-0166: A OCSP bad key DoS attack was fixed.\n\n *\n\n CVE-2013-0169: An SSL/TLS CBC plaintext recovery attack was fixed.\n\n *\n\n CVE-2014-3470: Anonymous ECDH denial of service was fixed.\n\n *\n\n CVE-2014-0224: A SSL/TLS MITM vulnerability was fixed.\n\n *\n\n CVE-2014-3570: Bignum squaring (BN_sqr) may have produced incorrect\n results on some platforms, including x86_64.\n\n *\n\n CVE-2014-3572: Don't accept a handshake using an ephemeral ECDH\n ciphersuites with the server key exchange message omitted.\n\n *\n\n CVE-2014-8275: Fixed various certificate fingerprint issues.\n\n *\n\n CVE-2015-0204: Only allow ephemeral RSA keys in export ciphersuites\n\n *\n\n CVE-2015-0205: A fix was added to prevent use of DH client\n certificates without sending certificate verify message.\n\n *\n\n CVE-2015-0286: A segmentation fault in ASN1_TYPE_cmp was fixed that\n could be exploited by attackers when e.g. client authentication is used.\n This could be exploited over SSL connections.\n\n *\n\n CVE-2015-0287: A ASN.1 structure reuse memory corruption was fixed.\n This problem can not be exploited over regular SSL connections, only if\n specific client programs use specific ASN.1 routines.\n\n *\n\n CVE-2015-0288: A X509_to_X509_REQ NULL pointer dereference was\n fixed, which could lead to crashes. This function is not commonly used,\n and not reachable over SSL methods.\n\n *\n\n CVE-2015-0289: Several PKCS7 NULL pointer dereferences were fixed,\n which could lead to crashes of programs using the PKCS7 APIs. The SSL apis\n do not use those by default.\n\n *\n\n CVE-2015-0292: Various issues in base64 decoding were fixed, which\n could lead to crashes with memory corruption, for instance by using\n attacker supplied PEM data.\n\n *\n\n CVE-2015-0293: Denial of service via reachable assert in SSLv2\n servers, could be used by remote attackers to terminate the server\n process. Note that this requires SSLv2 being allowed, which is not the\n default.\n\n", "modified": "2015-03-24T00:05:09", "published": "2015-03-24T00:05:09", "id": "SUSE-SU-2015:0578-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html", "type": "suse", "title": "Security update for compat-openssl097g (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
