ID SECURITYVULNS:VULN:14045 Type securityvulns Reporter BUGTRAQ Modified 2014-12-09T00:00:00
Description
Poodle attack. Protocol version downgrade to SSL 3.0. Memory leaks in SRTP and session tickets. Insufficient no-ssl3 protection. Data leakage via padding attack.
{"f5": [{"lastseen": "2019-02-17T08:41:13", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned IDs 451218, 450804, and 454465 (BIG-IP), IDs 494328, 494330, and 494331 (BIG-IQ), and IDs 494339, 494341, and 494342 (Enterprise Manager) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth>) may list Heuristic H495027 on the **Diagnostics** >** Identified **> **High **screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM| 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4| 12.0.0 - 12.1.0 \n11.6.0 - 11.6.1 \n11.5.2 - 11.5.4 \n11.5.1 HF6 \n11.5.0 HF6 \n11.4.1 HF6 \n11.4.0 HF9 \n11.2.1 HF13 \n10.2.4 HF10| SSL profiles \nBIG-IP AAM| 11.4.0 - 11.5.1| 12.0.0 - 12.1.0 \n11.6.0 - 11.6.1 \n11.5.2 - 11.5.4 \n11.5.1 HF6 \n11.5.0 HF6 \n11.4.1 HF6 \n11.4.0 HF9| SSL profiles \nBIG-IP AFM| 11.3.0 - 11.5.1| 12.0.0 - 12.1.0 \n11.6.0 - 11.6.1 \n11.5.2 - 11.5.4 \n11.5.1 HF6 \n11.5.0 HF6 \n11.4.1 HF6 \n11.4.0 HF9| SSL profiles \nBIG-IP Analytics| 11.0.0 - 11.5.1| 12.0.0 - 12.1.0 \n11.6.0 - 11.6.1 \n11.5.2 - 11.5.4 \n11.5.1 HF6 \n11.5.0 HF6 \n11.4.1 HF6 \n11.4.0 HF9 \n11.2.1 HF13| SSL profiles \nBIG-IP APM| 11.0.0 - 11.5.1 \n10.1.0 - 10.2.4| 12.0.0 - 12.1.0 \n11.6.0 - 11.6.1 \n11.5.2 - 11.5.4 \n11.5.1 HF6 2 \n11.5.0 HF6 \n11.4.1 HF6 2 \n11.4.0 HF9 \n11.2.1 HF13 \n10.2.4 HF10| SSL profiles \nBIG-IP ASM| 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4| 12.0.0 - 12.1.0 \n11.6.0 - 11.6.1 \n11.5.2 - 11.5.4 \n11.5.1 HF6 \n11.5.0 HF6 \n11.4.1 HF6 \n11.4.0 HF9 \n11.2.1 HF13 \n10.2.4 HF10| SSL profiles \nBIG-IP DNS1| None| 12.0.0 - 12.1.0| None \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| 11.2.1 HF13 \n10.2.4 HF10| SSL profiles \nBIG-IP GTM1| None| 11.0.0 - 11.6.1 \n10.0.0 - 10.2.4| None \nBIG-IP Link Controller1| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.0.0 - 10.2.4| None \nBIG-IP PEM| 11.3.0 - 11.5.1| 12.0.0 - 12.1.0 \n11.6.0 - 11.6.1 \n11.5.2 - 11.5.4 \n11.5.1 HF6 \n11.5.0 HF6 \n11.4.1 HF6 \n11.4.0 HF9| SSL profiles \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.0.0 - 10.2.4| 11.4.1 HF6 \n11.4.0 HF9 \n11.2.1 HF13 \n10.2.4 HF10| SSL profiles \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4| 11.2.1 HF13 \n10.2.4 HF10| SSL profiles \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4| 11.2.1 HF13 \n10.2.4 HF10| SSL profiles \nARX| None| 6.0.0 - 6.4.0| None \nEnterprise Manager1| None| 3.0.0 - 3.1.1 \n2.1.0 - 2.3.0| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| None \nBIG-IQ Cloud| 4.0.0 - 4.4.0| 4.4.0 HF2 \n4.5.0| REST API \nBIG-IQ Device| 4.2.0 - 4.4.0| 4.4.0 HF2 \n4.5.0| REST API \nBIG-IQ Security| 4.0.0 - 4.4.0| 4.4.0 HF2 \n4.5.0| REST API \nLineRate| None| 2.2.0 - 2.5.0 \n1.6.0 - 1.6.4| None \n \n1 The noted products contain vulnerable code but do not expose Secure Sockets Layer (SSL) profiles and are therefore not vulnerable.\n\n2 If you plan to upgrade to BIG-IP APM 11.4.1 HF6 or 11.5.1 HF6 to mitigate this issue, you should instead upgrade to 11.4.1 HF7 or 11.5.1 HF7 to avoid an issue specific to BIG-IP APM. For more information, refer to [K15914: The TMM process may restart and produce a core file after BIG-IP APM systems are upgraded](<https://support.f5.com/csp/article/K15914>). \n\n**Note**: Testing tools for SSL/TLS may report false positives for BIG-IP 10.2.4 HF10 and 11.2.1 HF13 due to an issue being tracked in ID 500688. While these versions have been patched and contain the code fix for CVE-2014-8730, certain test tools may still report a false positive. This occurs because the BIG-IP system silently terminates the connection instead of responding with a **bad_record_mac** alert. Therefore, certain test tools erroneously report a false positive because the connection times out and the tools do not receive a **bad_record_mac** alert.\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability, you can configure a custom cipher string for the SSL profile and associate the profile with the virtual servers. To do so, perform one of the following procedures:\n\nBIG-IP SSL profiles\n\nTo mitigate this vulnerability, you can create a custom cipher string for the SSL profile that uses RC4 or AES-GCM ciphers.\n\nBIG-IP 11.5.0 and later\n\nIn BIG-IP 11.5.0 and later, you can create a custom cipher string for the SSL profile using the AES-GCM:RC4-SHA ciphers. To do so, perform the following procedure:\n\n**Impact of procedure:** Clients that do not support the AES-GCM or RC4-SHA ciphers will fail to establish a connection to the virtual server. RC4 ciphers are not FIPS compliant.\n\n 1. Log in to the Traffic Management Shell (**tmsh**)** **by typing the following command: \n\ntmsh\n\n 2. Create a custom SSL profile that specifies the AES-GCM:RC4-SHA ciphers by using the following syntax: \n\ncreate /ltm profile <client-ssl / server-ssl> <profile_name> ciphers !SSLv3:!ADH:AES-GCM:RC4-SHA\n\nFor example, the following command creates a custom client SSL profile named TLS-Padding:\n\ncreate /ltm profile client-ssl TLS-Padding ciphers !SSLv3:!ADH:AES-GCM:RC4-SHA\n\n 3. Save the configuration by typing the following command: \n\nsave /sys config\n\n 4. Associate the SSL profile with the virtual servers.\n\nBIG-IP 10.x - 11.4.1\n\nIn BIG-IP 10.x through 11.4.1, you can create a custom cipher string for the SSL profile using the RC4-SHA ciphers. To do so, perform the following procedure.\n\n**Impact of procedure:** Clients that do not support the RC4-SHA cipher will fail to establish a connection to the virtual server. RC4 ciphers are not FIPS compliant.\n\n 1. Log in to the **tmsh** utility** **by typing the following command: \n\ntmsh\n\n 2. Create a custom SSL profile that specifies the RC4-SHA ciphers by using the following syntax: \n\ncreate /ltm profile <client-ssl / server-ssl> <profile_name> ciphers !SSLv3:RC4-SHA\n\nFor example, the following command creates a custom client SSL profile named TLS-Padding:\n\ncreate /ltm profile client-ssl TLS-Padding ciphers !SSLv3:RC4-SHA\n\n 3. Save the configuration by typing the following command: \n\nsave /sys config\n\n 4. Associate the SSL profile with the virtual servers.\n\n * [CVE-2014-3566 POODLE vs CVE-2014-8730 TLS POODLE](<https://devcentral.f5.com/articles/cve-2014-3566-poodle-vs-cve-2014-8730-tls-poodle>) \n \n**Note**: A DevCentral login is required to access this content.\n * [K15702: SSLv3 vulnerability CVE-2014-3566](<https://support.f5.com/csp/article/K15702>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>)\n * [K10025: Managing BIG-IP product hotfixes (10.x)](<https://support.f5.com/csp/article/K10025>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n * [K13171: Configuring the cipher strength for SSL profiles (11.x)](<https://support.f5.com/csp/article/K13171>)\n * [K7815: Configuring the cipher strength for SSL profiles (9.x - 10.x)](<https://support.f5.com/csp/article/K7815>)\n", "modified": "2017-06-27T18:31:00", "published": "2014-12-08T22:21:00", "id": "F5:K15882", "href": "https://support.f5.com/csp/article/K15882", "title": "TLS1.x padding vulnerability CVE-2014-8730", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-09-18T23:48:31", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned ID 481907, ID 484678, ID 484677 (BIG-IP, BIG-IQ, Enterprise Manager), ID 484393 (ARX), ID 484708 (FirePass), and LRS-31601 (LineRate) to this vulnerability, and is currently evaluating the vulnerability status for supported releases. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth>) may list Heuristic H484499 on the **Diagnostics** > **Identified** > **High** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\n**Important**: Some releases in the following table have multiple component entries with different vulnerable and non-vulnerable version information.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM | 11.0.0 - 11.4.1 | 12.0.0* \n11.5.0 - 11.6.1* | SSL profiles \n11.0.0 - 11.6.1 | 12.0.0 | Configuration utility \n \nBIG-IP AAM | 11.4.0 - 11.4.1 | 12.0.0* \n11.5.0 - 11.6.1* | SSL profiles \n11.4.0 - 11.6.1 | 12.0.0 | Configuration utility \n \nBIG-IP AFM | 11.3.0 - 11.4.1 | 12.0.0* \n11.5.0 - 11.6.1* | SSL profiles \n11.3.0 - 11.6.1 | 12.0.0 | Configuration utility \n \nBIG-IP Analytics | 11.0.0 - 11.4.1 | 12.0.0* \n11.5.0 - 11.6.1* | SSL profiles \n11.0.0 - 11.6.1 | 12.0.0 | Configuration utility \n \nBIG-IP APM | 11.0.0 - 11.4.1 | 12.0.0* \n11.5.0 - 11.6.1* | SSL profiles \n11.0.0 - 11.6.1 | 12.0.0 | Configuration utility \n \nBIG-IP ASM | 11.0.0 - 11.4.1 | 12.0.0* \n11.5.0 - 11.6.1* | SSL profiles \n11.0.0 - 11.6.1 | 12.0.0 | Configuration utility \n \nBIG-IP DNS | None | 12.0.0 | None \n \nBIG-IP Edge Gateway | 11.0.0 - 11.3.0 | None | SSL profiles \nConfiguration utility \n \nBIG-IP GTM | 11.0.0 - 11.6.1 | None | Configuration utility \n \nBIG-IP Link Controller | 11.0.0 - 11.6.1 | 12.0.0 | Configuration utility \n | | | \nBIG-IP PEM | 11.3.0 - 11.4.1 | 12.0.0* \n11.5.0 - 11.6.1* | SSL profiles \n11.3.0 - 11.6.1 | 12.0.0 | Configuration utility \n \nBIG-IP PSM | 11.0.0 - 11.4.1 | None | SSL profiles \nConfiguration utility \n \nBIG-IP WebAccelerator | 11.0.0 - 11.3.0 | None | SSL profiles \nConfiguration utility \n \nBIG-IP WOM | 11.0.0 - 11.3.0 | None | SSL profiles \nConfiguration utility \n \nARX | 6.0.0 - 6.4.0 | None | ARX Manager GUI \nAPI (disabled by default) \n \nEnterprise Manager | 3.0.0 - 3.1.1 \n2.0.0 - 2.3.0 | None | Configuration utility \n \nFirePass | 7.0.0 \n6.0.0 - 6.1.0 | None | Administrative interface \nWebServices \n \nBIG-IQ Cloud | 4.0.0 - 4.5.0 | None | Configuration utility \n4.0.0 - 4.5.0 | None | REST API \n \nBIG-IQ Device | 4.2.0 - 4.5.0 | None | Configuration utility \n4.2.0 - 4.5.0 | None | REST API \n \nBIG-IQ Security | 4.0.0 - 4.5.0 | None | Configuration utility \n4.0.0 - 4.5.0 | None | REST API \n \nBIG-IQ ADC | 4.5.0 | None | Configuration utility \n4.5.0 | None | REST API \n \nBIG-IQ Centralized Management | None | 5.0.0 \n4.6.0 | None \n \nBIG-IQ Cloud and Orchestration | None | 1.0.0 | None \n \nF5 iWorkflow | None | 2.0.0 | None \n \nLineRate | 2.2.0 - 2.4.1 \n1.6.0 - 1.6.4 | None | SSL profiles \n \n* SSL profiles that contain the default cipher string (DEFAULT) do not allow SSLv3 connections and are not vulnerable to this CVE. However, if you have modified the **Ciphers** setting for the profile to allow SSLv3, then connections to the virtual server are vulnerable. For information about verifying whether SSLv3 is enabled for the profile, refer to the **Vulnerability Recommended Actions** section.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\n * [BIG-IP, BIG-IQ, and Enterprise Manager](<https://support.f5.com/csp/article/K15702#bigip>)\n * [FirePass](<https://support.f5.com/csp/article/K15702#firepass>)\n * [ARX](<https://support.f5.com/csp/article/K15702#arx>)\n * [LineRate](<https://support.f5.com/csp/article/K15702#linerate>)\n\n**BIG-IP, BIG-IQ, and Enterprise Manager**\n\nSSL profiles\n\nTo mitigate this vulnerability in the SSL profile for the BIG-IP system, you can disable the SSLv3 protocol in the SSL profile by adding **!SSLv3** to the cipher string. For details about how to add this, refer to the following articles:\n\n * [K13171: Configuring the cipher strength for SSL profiles (11.x)](<https://support.f5.com/csp/article/K13171>)\n * [K7815: Configuring the cipher strength for SSL profiles (9.x - 10.x)](<https://support.f5.com/csp/article/K7815>)\n\nConfiguration utility\n\nTo mitigate this vulnerability for the Configuration utility, use the following options:\n\nBIG-IP 11.5.0 - 11.6.1\n\nFor BIG-IP 11.5.0 through 11.6.1, you can disable the SSLv3 protocol for the Configuration utility by performing the following procedure:\n\n**Note**: Feature enhancements allowing the use of this procedure have also been included in the following software versions: 11.4.1 HF6, 11.4.0 HF9, 11.2.1 HF13, and 10.2.4 HF10.\n\n 1. Log in to the Traffic Management Shell (**tmsh**) by typing the following command: \n\ntmsh\n\n 2. Disable SSLv3 (and SSLv2) by typing the following command: \n\nmodify /sys httpd ssl-protocol \"all -SSLv2 -SSLv3\"\n\n 3. Save the configuration by typing the following command: \n\nsave /sys config\n\nAll BIG-IP versions\n\nFor all BIG-IP versions, F5 recommends that you expose the management access only on trusted networks.\n\nBIG-IQ 4.4.0 and later\n\nFor BIG-IQ 4.4.0 and later, you can disable the SSLv3 protocol for the Configuration utility by performing the following procedure:\n\n**Impact of procedure**: This procedure restarts the **webd** process and temporarily disrupts traffic to the BIG-IQ system. You should perform this procedure during a maintenance window.\n\n 1. Log in to the BIG-IQ command line.\n 2. Back up a copy of the **/etc/webd/webd.conf** file by typing the following command: \n\ncp -p /etc/webd/webd.conf /var/tmp/webd.conf.sol15702\n\n 3. Edit the **/etc/webd/webd.conf** file using a text editor of your choice.\n 4. Locate the following line in the **/etc/webd/webd.conf** file: \n\nssl_protocols SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2;\n\n 5. Remove SSLv2 and SSLv3 from this line. After removal, this line should appear as follows: \n\nssl_protocols TLSv1 TLSv1.1 TLSv1.2;\n\n 6. Save the changes and exit the text editor.\n 7. Restart the **webd** process by typing the following command: \n\ntmsh restart sys service webd\n\n**FirePass**\n\n**Disabling SSLv3 for all FirePass interfaces**\n\n**Impact of procedure**: This procedure restarts services and prevents some connections to the FirePass system. You should perform this procedure during a maintenance window.\n\n 1. Log in to the FirePass Administrator interface.\n 2. Navigate to **Device Management** >** Security** > **User Access Security**.\n 3. Under **SSL Protocol Versions**, click **Accept only TLS protocol** **(incompatible with some browsers)**.\n 4. Under **SSL Ciphers Policy Enforcement**, select the **Reject SSL connection when a non-compliant cipher is used by the client browser **check box.\n 5. To restart services, click \"**click *here* to restart FirePass Services**.\"\n 6. Click **Restart**.\n\n**ARX**\n\nChanging the ARX Manager GUI cipher string (6.2.0 and later)\n\nTo disable SSLv3 for the ARX Manager GUI, perform the following procedure:\n\n**Impact of procedure:** Disabling SSLv3 may prevent some connections to the ARX Manager GUI.\n\n 1. Log in to the ARX Manager GUI.\n 2. Expand **Maintenance**.\n 3. Select **Certificates**.\n 4. Click the tab for **SSL Ciphers**.\n 5. Deselect all SSL ciphers.\n\n**LineRate**\n\nTo mitigate this vulnerability in the SSL profile for the LineRate system, you can disable the SSLv3 protocol in the SSL profile by pre-pending **!SSLv3** to the cipher-list. For details about how to add this, refer to the following article:\n\n * [CVE-2014-3566: Removing SSLv3 from LineRate](<https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-linerate>)\n\n**Note**: A DevCentral login is required to access this content.\n\n * [K15882: TLS1.x padding vulnerability CVE-2014-8730](<https://support.f5.com/csp/article/K15882>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K10942: Installing OPSWAT hotfixes on BIG-IP APM systems](<https://support.f5.com/csp/article/K10942>)\n**Note**: A DevCentral login is required to access the following content.\n\n * [CVE-2014-3566 POODLE vs CVE-2014-8730 TLS POODLE](<https://devcentral.f5.com/articles/cve-2014-3566-poodle-vs-cve-2014-8730-tls-poodle>)\n * [CVE-2014-3566: Removing SSLv3 from BIG-IP](<https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip>)\n * [iRule to stop SSLv3 connections](<https://devcentral.f5.com/articles/irule-to-stop-sslv3-connections>)\n * [POODLE and TLS_FALLBACK_SCSV deep dive](<https://devcentral.f5.com/articles/poodle-and-tlsfallbackscsv-deep-dive>)\n * [SSLv3 POODLE mitigation recommendations](<https://devcentral.f5.com/articles/sslv3-poodle-recommendations>)\n", "modified": "2017-09-18T21:31:00", "published": "2014-10-15T05:15:00", "href": "https://support.f5.com/csp/article/K15702", "id": "F5:K15702", "title": "SSLv3 vulnerability CVE-2014-3566", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2016-12-03T05:27:54", "bulletinFamily": "software", "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\n * BIG-IP, BIG-IQ, and Enterprise Manager\n * FirePass\n * ARX\n * LineRate\n\n**BIG-IP, BIG-IQ, and Enterprise Manager**\n\nSSL profiles\n\nTo mitigate this vulnerability in the SSL profile for the BIG-IP system, you can\u00c2 disable the SSLv3 protocol in the SSL profile by adding **!SSLv3** to the cipher string. For details about how to add this, refer to the following articles:\n\n * SOL13171: Configuring the cipher strength for SSL profiles (11.x)\n * SOL7815: Configuring the cipher strength for SSL profiles (9.x - 10.x)\n\nConfiguration utility\n\nTo mitigate this vulnerability for the Configuration utility use the following options:\n\nBIG-IP 11.5.0 \u00e2\u0080\u0093 11.6.0\n\nFor BIG-IP 11.5.0 \u00e2\u0080\u0093 11.6.0, you can disable the SSLv3 protocol for the Configuration utility by performing the following procedure:\n\n**Note**: Feature enhancements allowing the use of this procedure have also been included in the following software versions: 11.4.1 HF6, 11.4.0 HF9, 11.2.1 HF13, and 10.2.4 HF10.\n\n 1. Log in to the\u00c2 Traffic Management Shell (**tmsh**) by typing the following command: \n\ntmsh\n\n 2. Disable SSLv3 (and SSLv2) by typing the following command: \n\nmodify /sys httpd ssl-protocol \"all -SSLv2 -SSLv3\"\n\n 3. Save the configuration by typing the following command: \n\nsave /sys config\n\nAll BIG-IP versions\n\nFor all BIG-IP versions, F5 recommends that you expose the management access only on trusted networks.\n\nBIG-IQ 4.4.0 and later\n\nFor BIG-IQ 4.4.0 and later, you can disable the SSLv3 protocol for the Configuration utility by performing the following procedure:\n\n**Impact of procedure**: This procedure will restart the **webd** process and temporarily disrupt traffic to the BIG-IQ system. You should perform this procedure during a maintenance window.\n\n 1. Log in to the BIG-IQ command line.\n 2. Back up a copy of the **/etc/webd/webd.conf** file by typing the following command: \n\ncp -p /etc/webd/webd.conf /var/tmp/webd.conf.sol15702\n\n 3. Edit the **/etc/webd/webd.conf** file using a text editor of your choice.\n 4. Locate the following line in the **/etc/webd/webd.conf** file: \n\nssl_protocols SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2;\n\n 5. Remove SSLv2 and SSLv3 from this line. After removal, this line should appear as follows: \n\nssl_protocols TLSv1 TLSv1.1 TLSv1.2;\n\n 6. Save the changes and exit the text editor.\n 7. Restart the **webd** process by typing the following command: \n\ntmsh restart sys service webd\n\n**FirePass**\n\n**Disabling SSLv3 for all FirePass interfaces**\n\n**Impact of procedure**: This procedure will restart services and prevent some connections to the FirePass system.\u00c2 You should perform this procedure during a maintenance window.\n\n 1. Log in to the FirePass Administrator interface.\n 2. Navigate to **Device Management** >** Security** > **User Access Security**.\n 3. Under\u00c2 **SSL Protocol Versions** click **Accept only TLS protocol** **(incompatible with some browsers)**.\n 4. Under **SSL Ciphers Policy Enforcement**, select the **Reject SSL connection when a non-compliant cipher is used by the client browser **check box.\n 5. To restart services, click \"**click *here* to restart FirePass Services**.\"\n 6. Click **Restart**.\n\n**ARX**\n\n**Changing the ARX Manager GUI cipher string (6.2.0 and later)**\n\nTo disable SSLv3 for the ARX Manager GUI, perform the following procedure:\n\n**Impact of procedure:** Disabling SSLv3 may prevent some connections to the ARX Manager GUI.\n\n 1. Log in to the ARX Manager GUI.\n 2. Expand **Maintenance**.\n 3. Select **Certificates**.\n 4. Click the tab for **SSL Ciphers**.\n 5. Deselect all SSL ciphers.\n\n**LineRate**\n\nTo mitigate this vulnerability in the SSL profile for the LineRate system, you can disable the SSLv3 protocol in the SSL profile by pre-pending **!SSLv3** to the cipher-list. For details about how to add this, refer to the following article:\n\n * [CVE-2014-3566: Removing SSLv3 from LineRate](<https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-linerate>)\n\n**Note**: A DevCentral login is required to access this content.\n\nSupplemental Information\n\n * SOL15882: TLS1.x padding vulnerability CVE-2014-8730\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL10942: Installing OPSWAT hotfixes on BIG-IP APM systems\n**Note**: A DevCentral login is required to access the following content.\n\n * [CVE-2014-3566 POODLE vs CVE-2014-8730 TLS POODLE](<https://devcentral.f5.com/articles/cve-2014-3566-poodle-vs-cve-2014-8730-tls-poodle>)\n * [CVE-2014-3566: Removing SSLv3 from BIG-IP](<https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip>)\n * [iRule to stop SSLv3 connections](<https://devcentral.f5.com/articles/irule-to-stop-sslv3-connections>)\n * [POODLE and TLS_FALLBACK_SCSV deep dive](<https://devcentral.f5.com/articles/poodle-and-tlsfallbackscsv-deep-dive>)\n * [SSLv3 POODLE mitigation recommendations](<https://devcentral.f5.com/articles/sslv3-poodle-recommendations>)\n", "modified": "2016-07-29T00:00:00", "published": "2014-10-14T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/700/sol15702.html", "id": "SOL15702", "title": "SOL15702 - SSLv3 vulnerability CVE-2014-3566", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2016-12-03T05:27:45", "bulletinFamily": "software", "description": "2 If you are planning to upgrade to BIG-IP APM 11.4.1 HF6 or 11.5.1 HF6 to mitigate this issue, you should instead upgrade to 11.4.1 HF7 or 11.5.1 HF7 to avoid an issue specific to BIG-IP APM.\u00c2 For more information, refer to SOL15914:\u00c2 The TMM process may restart and produce a core file after BIG-IP APM systems are upgraded.\u00c2 \u00c2 \u00c2 \n\n**Note**: Testing tools for SSL/TLS may report false positives for BIG-IP 10.2.4 HF10 and 11.2.1 HF13 due to an issue being tracked in ID 500688. While these versions have been patched and contain the code fix for CVE-2014-8730, certain test tools may still report a false positive. This reason for this is because the BIG-IP system silently terminates the connection instead of responding with a **bad_record_mac** alert. Therefore, certain test tools erroneously report a false positive because the connection times out and the tools do not receive a **bad_record_mac** alert.\n\nVulnerability Recommended Actions\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 is responding to this vulnerability as determined by the parameters defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability, you can configure a custom cipher string for the SSL profile and associate the profile with the virtual servers. To do so, perform one of the following procedures:\n\n**BIG-IP SSL profiles**\n\nTo mitigate this vulnerability, you can create a custom cipher string for the SSL profile that uses RC4 or AES-GCM ciphers. For details about how to add this, refer to the following procedures:\n\nBIG-IP 11.5.0 and later \n\n\nIn BIG-IP 11.5.0 and later, you can create a custom cipher string for the SSL profile using the AES-GCM:RC4-SHA ciphers. To do so, perform the following procedure: \n\n\n**Impact of procedure:** Clients that do not support the AES-GCM or RC4-SHA ciphers will fail to establish a connection to the virtual server. RC4 ciphers are not FIPS compliant.\n\n 1. Log in to the Traffic Management Shell (**tmsh**)** **by typing the following command:\n\ntmsh\n\n 2. Create a custom SSL profile that specifies the AES-GCM:RC4-SHA ciphers by using the following syntax:\n\ncreate /ltm profile <client-ssl / server-ssl> <profile_name> ciphers !SSLv3:AES-GCM:RC4-SHA\n\nFor example, the following command creates a custom client SSL profile called TLS-Padding:\n\ncreate /ltm profile client-ssl TLS-Padding ciphers !SSLv3:AES-GCM:RC4-SHA\n\n 3. Save the configuration by typing the following command:\n\nsave /sys config\n\n 4. Associate the SSL profile with the virtual servers.\n\nBIG-IP 10.x - 11.4.1 \n\n\nIn BIG-IP 10.x - 11.4.1, you can create a custom cipher string for the SSL profile using the RC4-SHA ciphers. To do so, perform the following procedure: \n\n\n**Impact of procedure:** Clients that do not support the RC4-SHA cipher will fail to establish a connection to the virtual server. RC4 ciphers are not FIPS compliant.\n\n 1. Log in to the Traffic Management Shell (**tmsh**)** **by typing the following command: \n\n\ntmsh\n\n 2. Create a custom SSL profile that specifies the RC4-SHA ciphers by using the following syntax:\n\ncreate /ltm profile <client-ssl / server-ssl> <profile_name> ciphers !SSLv3:RC4-SHA\n\nFor example, the following command creates a custom client SSL profile called TLS-Padding:\n\ncreate /ltm profile client-ssl TLS-Padding ciphers !SSLv3:RC4-SHA\n\n 3. Save the configuration by typing the following command:\n\nsave /sys config\n\n 4. Associate the SSL profile with the virtual servers.\n\nSupplemental Information\n\n * [CVE-2014-3566 POODLE vs CVE-2014-8730 TLS POODLE](<https://devcentral.f5.com/articles/cve-2014-3566-poodle-vs-cve-2014-8730-tls-poodle>)** \n \nNote**: A DevCentral login is required to access this content.\n * SOL15702: SSLv3 vulnerability CVE-2014-3566 \n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n * SOL10025: Managing BIG-IP product hotfixes (10.x)\n * SOL9502: BIG-IP hotfix matrix\n * SOL13171: Configuring the cipher strength for SSL profiles (11.x)\n * SOL7815: Configuring the cipher strength for SSL profiles (9.x - 10.x)\n", "modified": "2016-06-28T00:00:00", "published": "2014-12-08T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/800/sol15882.html", "id": "SOL15882", "type": "f5", "title": "SOL15882 - TLS1.x padding vulnerability CVE-2014-8730", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2016-09-26T17:23:19", "bulletinFamily": "software", "description": "Recommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents.\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2014-10-23T00:00:00", "published": "2014-10-23T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/700/sol15724.html", "id": "SOL15724", "title": "SOL15724 - OpenSSL vulnerability CVE-2014-3568", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-26T17:23:06", "bulletinFamily": "software", "description": "Recommended action\n\nIf you are running a version listed in the** Versions known to be vulnerable **column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists. \n \nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy. \n\n\nTo mitigate these vulnerabilities for affected systems, you can restrict access to the Configuration utility to only trusted networks, and limit login access to only trusted users.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL167: Downloading software and firmware from F5\n", "modified": "2015-11-10T00:00:00", "published": "2014-10-21T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/700/sol15723.html", "id": "SOL15723", "title": "SOL15723 - OpenSSL vulnerability CVE-2014-3567", "type": "f5", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-26T17:22:56", "bulletinFamily": "software", "description": "Recommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 is responding to this vulnerability as determined by the parameters defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\n**BIG-IP, BIG-IQ, and Enterprise Manager**\n\nF5 recommends that you expose the management interface only on trusted networks.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x)\n * SOL10025: Managing BIG-IP product hotfixes (10.x)\n * SOL9502: BIG-IP hotfix matrix\n * SOL10942: Installing OPSWAT hotfixes on BIG-IP APM systems\n", "modified": "2015-09-15T00:00:00", "published": "2014-10-23T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/700/sol15722.html", "id": "SOL15722", "title": "SOL15722 - OpenSSL DTLS SRTP Memory Leak CVE-2014-3513", "type": "f5", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "cve": [{"lastseen": "2017-04-18T15:55:30", "bulletinFamily": "NVD", "description": "The SSL profiles component in F5 BIG-IP LTM, APM, and ASM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, AAM 11.4.0 through 11.5.1, AFM 11.3.0 through 11.5.1, Analytics 11.0.0 through 11.5.1, Edge Gateway, WebAccelerator, and WOM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, PEM 11.3.0 through 11.6.0, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.4.1 and BIG-IQ Cloud and Security 4.0.0 through 4.4.0 and Device 4.2.0 through 4.4.0, when using TLS 1.x before TLS 1.2, does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE). NOTE: the scope of this identifier is limited to the F5 implementation only. Other vulnerable implementations should receive their own CVE ID, since this is not a vulnerability within the design of TLS 1.x itself.", "modified": "2017-01-02T21:59:21", "published": "2014-12-09T19:59:01", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8730", "id": "CVE-2014-8730", "title": "CVE-2014-8730", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-11-15T11:55:25", "bulletinFamily": "NVD", "description": "OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c.", "modified": "2017-11-14T21:29:04", "published": "2014-10-18T21:55:13", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3568", "id": "CVE-2014-3568", "title": "CVE-2014-3568", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-11-15T11:55:25", "bulletinFamily": "NVD", "description": "Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure.", "modified": "2017-11-14T21:29:04", "published": "2014-10-18T21:55:13", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3567", "id": "CVE-2014-3567", "title": "CVE-2014-3567", "type": "cve", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-04-18T15:54:54", "bulletinFamily": "NVD", "description": "Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message.", "modified": "2017-01-02T21:59:03", "published": "2014-10-18T21:55:13", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3513", "id": "CVE-2014-3513", "title": "CVE-2014-3513", "type": "cve", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-11-01T05:14:34", "bulletinFamily": "NVD", "description": "The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the \"POODLE\" issue.", "modified": "2018-10-30T12:27:34", "published": "2014-10-14T20:55:02", "id": "CVE-2014-3566", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566", "title": "CVE-2014-3566", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "aix": [{"lastseen": "2018-08-31T00:08:33", "bulletinFamily": "unix", "description": "IBM SECURITY ADVISORY\n\nFirst Issued: <Wed Oct 29 04:58:52 CDT 2014>\n\nThe most recent version of this document is available here:\n\nhttp://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc\nhttps://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc\nftp://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc\n===============================================================================\n VULNERABILITY SUMMARY\n\n1.VULNERABILITY: AIX OpenSSL Denial of Service due to memory leak in DTLS SRTP extension\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-3513\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n2. VULNERABILITY: AIX OpenSSL Patch to mitigate CVE-2014-3566\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-3566\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n3. VULNERABILITY: AIX OpenSSL Denial of Service due to memory consumption\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-3567\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n===============================================================================\n DETAILED INFORMATION\n\nI. DESCRIPTION \n \n 1. CVE-2014-3513\n\tOpenSSL could allow remote attackers to cause a denial of service \n\t(memory consumption) via crafted handshake message\n\n 2. CVE-2014-3566\n\tSSL protocol 3.0 uses nondeterministic CBC padding, which makes it easier\n\tfor man-in-the-middle attackers to obtain cleartext data via a \n\tpadding-oracle attack.\n\n 3. CVE-2014-3567\n\tOpenSSL could allow remote attackers to cause a denial of service \n\t(memory consumption) via crafted session ticket that triggers an \n\tintegrity-check failure.\n\nII. CVSS\n\n 1. CVE-2014-3513\n CVSS Base Score: 5\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/97035\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n 2. CVE-2014-3566\n CVSS Base Score: 4.3\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/97013\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n 3. CVE-2014-3567\n CVSS Base Score: 5\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/97036\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n\nIII. PLATFORM VULNERABILITY ASSESSMENT\n\n To determine if your system is vulnerable, execute the following\n command:\n\n lslpp -L openssl.base\n \n The following fileset levels are vulnerable:\n \n A. CVE-2014-3513\n\n AIX Fileset Lower Level Upper Level \n ------------------------------------------\n openssl.base 1.0.1.500 1.0.1.512\n\n B. CVE-2014-3566, CVE-2014-3567\n\n AIX Fileset Lower Level Upper Level \n ------------------------------------------\n openssl.base 1.0.1.500 1.0.1.512\n openssl.base 0.9.8.401 0.9.8.2503\n openssl.base 12.9.8.1100 12.9.8.2503\n\n\tNote, 0.9.8.401 and 12.9.8.1100 are the Lowest OpenSSL version\n\tavailable in aix web download site. Even OpenSSL versions below \n\tthis are impacted\n\n\nIV. SOLUTIONS\n\n A. FIXES\n\n Fix is available. The fix can be downloaded via ftp\n from:\n\n ftp://aix.software.ibm.com/aix/efixes/security/openssl_fix11.tar\n\n The link above is to a tar file containing this signed\n advisory, fix packages, and OpenSSL signatures for each package.\n The fixes below include prerequisite checking. This will\n enforce the correct mapping between the fixes and AIX\n releases.\n\n\tNote that the tar file contains Interim fixes that are based on OpenSSL version.\n\n AIX Level Interim Fix (*.Z) Fileset Name(prereq for installation)\n ---------------------------------------------------------------------------------\n 5.3, 6.1, 7.1 IV66250s9a.141027.epkg.Z\t openssl.base(1.0.1.512 version)\n 5.3, 6.1, 7.1 IV66250s9b.141027.epkg.Z openssl.base(0.9.8.2503 version)\n 5.3, 6.1, 7.1 IV66250s9c.141027.epkg.Z\t openssl.base(12.9.8.2503 version)\n\n VIOS Level Interim Fix (*.Z)\t Fileset Name(prereq for installation)\n -------------------------------------------------------------------------------------\n 2.2.* IV66250s9a.141027.epkg.Z\t openssl.base(1.0.1.512 version)\n 2.2.* IV66250s9b.141027.epkg.Z\t openssl.base(0.9.8.2503 version)\n 2.2.* IV66250s9c.141027.epkg.Z\t openssl.base(12.9.8.2503 version)\n\n\n To extract the fix from the tar file:\n\n tar xvf openssl_fix11.tar\n cd openssl_fix11\n\n Verify you have retrieved the fix intact:\n\n The checksums below were generated using the\n \"openssl dgst -sha256 file\" command is the followng:\n\n openssl dgst -sha256 \t\t\t\t\t\t filename\t \n ----------------------------------------------------------------------------------------------\n \t5bde653c4cb972b7068aa99a49c4a388abf2cdc0627fd61d2a7278b7a5d1e1cb \tIV66250s9a.141027.epkg.Z\n\tb8a8c74835add78314e48540640f50478ec11b08195fe2df979f7d1597722a60\tIV66250s9b.141027.epkg.Z\n\t8b3b019c6ed2bf0d54ed93f2e5159ace136c7ad7a8d3b1735748c0f13a4bc1cf\tIV66250s9c.141027.epkg.Z\n\n\tThese sums should match exactly. The OpenSSL signatures in the tar\n file and on this advisory can also be used to verify the\n integrity of the fixes. If the sums or signatures cannot be\n confirmed, contact IBM AIX Security at\n security-alert@austin.ibm.com and describe the discrepancy.\n \n Published advisory OpenSSL signature file location:\n\n http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc.sig\n https://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc.sig\n ftp://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc.sig \n\n\topenssl dgst -sha1 -verify <pubkey_file> -signature <advisory_file>.sig <advisory_file>\n\n openssl dgst -sha1 -verify <pubkey_file> -signature <ifix_file>.sig <ifix_file>\n\n These fixes will also be part of the next filesets of OpenSSL versions 0.9.8.2504, 12.9.8.2504 and 1.0.1.513.\n\tThe estimated availability date of filesets is by 1st December 2014 and can be downloaded from - \n\thttps://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=aixbp&lang=en_US&S_PKG=openssl&cp=UTF-8\n\n \n B. FIX AND INTERIM FIX INSTALLATION\n\n IMPORTANT: If possible, it is recommended that a mksysb backup\n of the system be created. Verify it is both bootable and\n readable before proceeding.\n\n To preview a fix installation:\n\n installp -a -d fix_name -p all # where fix_name is the name of the\n # fix package being previewed.\n To install a fix package:\n\n installp -a -d fix_name -X all # where fix_name is the name of the\n # fix package being installed.\n\n Interim fixes have had limited functional and regression\n testing but not the full regression testing that takes place\n for Service Packs; however, IBM does fully support them.\n\n Interim fix management documentation can be found at:\n\n http://www14.software.ibm.com/webapp/set2/sas/f/aix.efixmgmt/home.html\n\n To preview an interim fix installation:\n\n emgr -e ipkg_name -p # where ipkg_name is the name of the\n # interim fix package being previewed.\n\n To install an interim fix package:\n\n emgr -e ipkg_name -X # where ipkg_name is the name of the\n # interim fix package being installed.\n\n\nV. WORKAROUNDS\n \n No workarounds.\n\nVI. CONTACT US:\n\n If you would like to receive AIX Security Advisories via email,\n please visit \"My Notifications\":\n\n http://www.ibm.com/support/mynotifications\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n \n Comments regarding the content of this announcement can be\n directed to:\n\n security-alert@austin.ibm.com\n\n To obtain the OpenSSL public key that can be used to verify the\n signed advisories and ifixes:\n\n Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pubkey.txt\n\n To obtain the PGP public key that can be used to communicate\n securely with the AIX Security Team via security-alert@austin.ibm.com you\n can either:\n\n A. Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pgppubkey.txt\n\n B. Download the key from a PGP Public Key Server. The key ID is:\n\n 0x28BFAA12\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n\n\nVII. REFERENCES:\n\n Note: Keywords labeled as KEY in this document are used for parsing purposes.\n\n eServer is a trademark of International Business Machines\n Corporation. IBM, AIX and pSeries are registered trademarks of\n International Business Machines Corporation. All other trademarks\n are property of their respective holders.\n\n Complete CVSS Guide: http://www.first.org/cvss/cvss-guide.html\n On-line Calculator V2: http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2\n\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/97035\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/97013\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/97036\n CVE-2014-3513 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513\n CVE-2014-3566 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\n CVE-2014-3567 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567\n\n *The CVSS Environment Score is customer environment specific and will\n ultimately impact the Overall CVSS Score. Customers can evaluate the\n impact of this vulnerability in their environments by accessing the links\n in the Reference section of this Flash.\n\n Note: According to the Forum of Incident Response and Security Teams\n (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry\n open standard designed to convey vulnerability severity and help to\n determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES\n \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF\n MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE\n RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY\n VULNERABILITY.\n", "modified": "2014-10-29T04:58:52", "published": "2014-10-29T04:58:52", "id": "OPENSSL_ADVISORY11.ASC", "href": "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc", "title": "AIX OpenSSL Denial of Service due to memory leak in DTLS / AIX OpenSSL Patch to mitigate CVE-2014-3566 / AIX OpenSSL Denial of Service due to memory consumption", "type": "aix", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-10-18T13:49:11", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3053-1 security@debian.org\nhttp://www.debian.org/security/ Thijs Kinkhorst\nOctober 16, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openssl\nCVE ID : CVE-2014-3513 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568\n\nSeveral vulnerabilities have been found in OpenSSL, the Secure Sockets\nLayer library and toolkit.\n\nCVE-2014-3513\n\n A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure\n Real-time Transport Protocol (SRTP) extension data. A remote attacker\n could send multiple specially crafted handshake messages to exhaust\n all available memory of an SSL/TLS or DTLS server.\n\nCVE-2014-3566 ("POODLE")\n\n A flaw was found in the way SSL 3.0 handled padding bytes when\n decrypting messages encrypted using block ciphers in cipher block\n chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM)\n attacker to decrypt a selected byte of a cipher text in as few as 256\n tries if they are able to force a victim application to repeatedly send\n the same data over newly created SSL 3.0 connections. \n\n This update adds support for Fallback SCSV to mitigate this issue.\n\nCVE-2014-3567\n\n A memory leak flaw was found in the way an OpenSSL handled failed\n session ticket integrity checks. A remote attacker could exhaust all\n available memory of an SSL/TLS or DTLS server by sending a large number\n of invalid session tickets to that server. \n\nCVE-2014-3568\n\n When OpenSSL is configured with "no-ssl3" as a build option, servers\n could accept and complete a SSL 3.0 handshake, and clients could be\n configured to send them.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.0.1e-2+deb7u13.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.1j-1.\n\nWe recommend that you upgrade your openssl packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2014-10-16T15:48:46", "published": "2014-10-16T15:48:46", "id": "DEBIAN:DSA-3053-1:A743E", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00239.html", "title": "[SECURITY] [DSA 3053-1] openssl security update", "type": "debian", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-10-16T22:14:19", "bulletinFamily": "unix", "description": "Package : openssl\nVersion : 0.9.8o-4squeeze18\nCVE ID : CVE-2014-3567 CVE-2014-3568 CVE-2014-3569\n\nSeveral vulnerabilities have been found in OpenSSL.\n\nCVE-2014-3566 ("POODLE")\n\n A flaw was found in the way SSL 3.0 handled padding bytes when\n decrypting messages encrypted using block ciphers in cipher block\n chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM)\n attacker to decrypt a selected byte of a cipher text in as few as 256\n tries if they are able to force a victim application to repeatedly\n send the same data over newly created SSL 3.0 connections. \n\n This update adds support for Fallback SCSV to mitigate this issue.\n This does not fix the issue. The proper way to fix this is to\n disable SSL 3.0.\n\nCVE-2014-3567\n\n A memory leak flaw was found in the way an OpenSSL handled failed\n session ticket integrity checks. A remote attacker could exhaust all\n available memory of an SSL/TLS or DTLS server by sending a large number\n of invalid session tickets to that server.\n\nCVE-2014-3568\n\n When OpenSSL is configured with "no-ssl3" as a build option, servers\n could accept and complete a SSL 3.0 handshake, and clients could be\n configured to send them.\n\n Note that the package is Debian is not build with this option.\n\nCVE-2014-3569\n\n When openssl is build with the no-ssl3 option and a SSL v3 Client\n Hello is received the ssl method would be set to NULL which could\n later result in a NULL pointer dereference.\n\n Note that the package is Debian is not build with this option.\n\n", "modified": "2014-11-01T15:50:03", "published": "2014-11-01T15:50:03", "id": "DEBIAN:DLA-81-1:C60A9", "href": "https://lists.debian.org/debian-lts-announce/2014/debian-lts-announce-201411/msg00000.html", "title": "[SECURITY] [DLA 81-1] openssl security update", "type": "debian", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-11-19T13:03:05", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2015-10-16T00:00:00", "id": "OPENVAS:1361412562310850875", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850875", "title": "SuSE Update for OpenSSL SUSE-SU-2014:1386-1 (OpenSSL)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2014_1386_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for OpenSSL SUSE-SU-2014:1386-1 (OpenSSL)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850875\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 13:21:00 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2014-3513\", \"CVE-2014-3566\", \"CVE-2014-3567\", \"CVE-2014-3568\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for OpenSSL SUSE-SU-2014:1386-1 (OpenSSL)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'OpenSSL'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"This OpenSSL update fixes the following issues:\n\n * Session Ticket Memory Leak (CVE-2014-3567)\n\n * Build option no-ssl3 is incomplete ((CVE-2014-3568)\n\n * Add support for TLS_FALLBACK_SCSV to mitigate CVE-2014-3566 (POODLE)\");\n\n script_tag(name:\"affected\", value:\"OpenSSL on SUSE Linux Enterprise Server 11 SP2 LTSS, SUSE Linux Enterprise Server 11 SP1 LTSS\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"SUSE-SU\", value:\"2014:1386_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(SLES11\\.0SP2|SLES11\\.0SP1)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"SLES11.0SP2\")\n{\n\n if ((res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~0.9.8j~0.66.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl0_9_8\", rpm:\"libopenssl0_9_8~0.9.8j~0.66.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl0_9_8-hmac\", rpm:\"libopenssl0_9_8-hmac~0.9.8j~0.66.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8j~0.66.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~0.9.8j~0.66.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl0_9_8-32bit\", rpm:\"libopenssl0_9_8-32bit~0.9.8j~0.66.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl0_9_8-hmac-32bit\", rpm:\"libopenssl0_9_8-hmac-32bit~0.9.8j~0.66.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"SLES11.0SP1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~0.9.8j~0.66.1\", rls:\"SLES11.0SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl0_9_8\", rpm:\"libopenssl0_9_8~0.9.8j~0.66.1\", rls:\"SLES11.0SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl0_9_8-hmac\", rpm:\"libopenssl0_9_8-hmac~0.9.8j~0.66.1\", rls:\"SLES11.0SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8j~0.66.1\", rls:\"SLES11.0SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~0.9.8j~0.66.1\", rls:\"SLES11.0SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl0_9_8-32bit\", rpm:\"libopenssl0_9_8-32bit~0.9.8j~0.66.1\", rls:\"SLES11.0SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl0_9_8-hmac-32bit\", rpm:\"libopenssl0_9_8-hmac-32bit~0.9.8j~0.66.1\", rls:\"SLES11.0SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-08-01T10:49:16", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been found in OpenSSL, the Secure Sockets\nLayer library and toolkit.\n\nCVE-2014-3513 \nA memory leak flaw was found in the way OpenSSL parsed the DTLS Secure\nReal-time Transport Protocol (SRTP) extension data. A remote attacker\ncould send multiple specially crafted handshake messages to exhaust\nall available memory of an SSL/TLS or DTLS server.\n\nCVE-2014-3566 (", "modified": "2017-07-17T00:00:00", "published": "2014-10-16T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703053", "id": "OPENVAS:703053", "title": "Debian Security Advisory DSA 3053-1 (openssl - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3053.nasl 6735 2017-07-17 09:56:49Z teissa $\n# Auto-generated from advisory DSA 3053-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703053);\n script_version(\"$Revision: 6735 $\");\n script_cve_id(\"CVE-2014-3513\", \"CVE-2014-3566\", \"CVE-2014-3567\", \"CVE-2014-3568\");\n script_name(\"Debian Security Advisory DSA 3053-1 (openssl - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-17 11:56:49 +0200 (Mon, 17 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-10-16 00:00:00 +0200 (Thu, 16 Oct 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-3053.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"openssl on Debian Linux\");\n script_tag(name: \"insight\", value: \"This package contains the openssl binary and related tools.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy), these problems have been fixed in\nversion 1.0.1e-2+deb7u13.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.1j-1.\n\nWe recommend that you upgrade your openssl packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities have been found in OpenSSL, the Secure Sockets\nLayer library and toolkit.\n\nCVE-2014-3513 \nA memory leak flaw was found in the way OpenSSL parsed the DTLS Secure\nReal-time Transport Protocol (SRTP) extension data. A remote attacker\ncould send multiple specially crafted handshake messages to exhaust\nall available memory of an SSL/TLS or DTLS server.\n\nCVE-2014-3566 ('POODLE') \nA flaw was found in the way SSL 3.0 handled padding bytes when\ndecrypting messages encrypted using block ciphers in cipher block\nchaining (CBC) mode. This flaw allows a man-in-the-middle (MITM)\nattacker to decrypt a selected byte of a cipher text in as few as 256\ntries if they are able to force a victim application to repeatedly send\nthe same data over newly created SSL 3.0 connections. \n\nThis update adds support for Fallback SCSV to mitigate this issue.\n\nCVE-2014-3567 \nA memory leak flaw was found in the way an OpenSSL handled failed\nsession ticket integrity checks. A remote attacker could exhaust all\navailable memory of an SSL/TLS or DTLS server by sending a large number\nof invalid session tickets to that server. \n\nCVE-2014-3568 \nWhen OpenSSL is configured with 'no-ssl3' as a build option, servers\ncould accept and complete a SSL 3.0 handshake, and clients could be\nconfigured to send them.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:54:17", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been found in OpenSSL, the Secure Sockets\nLayer library and toolkit.\n\nCVE-2014-3513 \nA memory leak flaw was found in the way OpenSSL parsed the DTLS Secure\nReal-time Transport Protocol (SRTP) extension data. A remote attacker\ncould send multiple specially crafted handshake messages to exhaust\nall available memory of an SSL/TLS or DTLS server.\n\nCVE-2014-3566 (", "modified": "2018-04-06T00:00:00", "published": "2014-10-16T00:00:00", "id": "OPENVAS:1361412562310703053", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703053", "title": "Debian Security Advisory DSA 3053-1 (openssl - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3053.nasl 9354 2018-04-06 07:15:32Z cfischer $\n# Auto-generated from advisory DSA 3053-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703053\");\n script_version(\"$Revision: 9354 $\");\n script_cve_id(\"CVE-2014-3513\", \"CVE-2014-3566\", \"CVE-2014-3567\", \"CVE-2014-3568\");\n script_name(\"Debian Security Advisory DSA 3053-1 (openssl - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2018-04-06 09:15:32 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value:\"2014-10-16 00:00:00 +0200 (Thu, 16 Oct 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-3053.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"openssl on Debian Linux\");\n script_tag(name: \"insight\", value: \"This package contains the openssl binary and related tools.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy), these problems have been fixed in\nversion 1.0.1e-2+deb7u13.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.1j-1.\n\nWe recommend that you upgrade your openssl packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities have been found in OpenSSL, the Secure Sockets\nLayer library and toolkit.\n\nCVE-2014-3513 \nA memory leak flaw was found in the way OpenSSL parsed the DTLS Secure\nReal-time Transport Protocol (SRTP) extension data. A remote attacker\ncould send multiple specially crafted handshake messages to exhaust\nall available memory of an SSL/TLS or DTLS server.\n\nCVE-2014-3566 ('POODLE') \nA flaw was found in the way SSL 3.0 handled padding bytes when\ndecrypting messages encrypted using block ciphers in cipher block\nchaining (CBC) mode. This flaw allows a man-in-the-middle (MITM)\nattacker to decrypt a selected byte of a cipher text in as few as 256\ntries if they are able to force a victim application to repeatedly send\nthe same data over newly created SSL 3.0 connections. \n\nThis update adds support for Fallback SCSV to mitigate this issue.\n\nCVE-2014-3567 \nA memory leak flaw was found in the way an OpenSSL handled failed\nsession ticket integrity checks. A remote attacker could exhaust all\navailable memory of an SSL/TLS or DTLS server by sending a large number\nof invalid session tickets to that server. \n\nCVE-2014-3568 \nWhen OpenSSL is configured with 'no-ssl3' as a build option, servers\ncould accept and complete a SSL 3.0 handshake, and clients could be\nconfigured to send them.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u13\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-10-02T14:32:39", "bulletinFamily": "scanner", "description": "Amazon Linux Local Security Checks", "modified": "2018-10-01T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120187", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120187", "title": "Amazon Linux Local Check: ALAS-2014-427", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2014-427.nasl 6735 2017-07-17 09:56:49Z teissa$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120187\");\n script_version(\"$Revision: 11703 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:19:29 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 10:05:31 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: ALAS-2014-427\");\n script_tag(name:\"insight\", value:\"A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol (SRTP) extension data. A remote attacker could send multiple specially crafted handshake messages to exhaust all available memory of an SSL/TLS or DTLS server. (CVE-2014-3513 )A memory leak flaw was found in the way an OpenSSL handled failed session ticket integrity checks. A remote attacker could exhaust all available memory of an SSL/TLS or DTLS server by sending a large number of invalid session tickets to that server. (CVE-2014-3567 )When OpenSSL is configured with no-ssl3 as a build option, servers could accept and complete a SSL 3.0 handshake, and clients could beconfigured to send them. (CVE-2014-3568 )\");\n script_tag(name:\"solution\", value:\"Run yum update openssl to update your system. Note that you may need to run yum clean all first.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2014-427.html\");\n script_cve_id(\"CVE-2014-3513\", \"CVE-2014-3568\", \"CVE-2014-3567\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1j~1.80.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1j~1.80.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1j~1.80.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1j~1.80.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1j~1.80.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T13:03:54", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2014-10-30T00:00:00", "id": "OPENVAS:1361412562310850621", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850621", "title": "SuSE Update for update openSUSE-SU-2014:1331-1 (update)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2014_1331_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for update openSUSE-SU-2014:1331-1 (update)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850621\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-30 05:44:03 +0100 (Thu, 30 Oct 2014)\");\n script_cve_id(\"CVE-2014-3513\", \"CVE-2014-3566\", \"CVE-2014-3567\", \"CVE-2014-3568\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_name(\"SuSE Update for update openSUSE-SU-2014:1331-1 (update)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'update'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The following issues were fixed in this release:\n\n CVE-2014-3566: SSLv3 POODLE attack (bnc#901223) CVE-2014-3513,\n CVE-2014-3567: DTLS memory leak and session ticket memory leak\");\n script_tag(name:\"affected\", value:\"update on openSUSE 13.1, openSUSE 12.3\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"openSUSE-SU\", value:\"2014:1331_1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSE12\\.3|openSUSE13\\.1)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSE12.3\")\n{\n\n if ((res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~1.0.1j~1.68.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl1_0_0\", rpm:\"libopenssl1_0_0~1.0.1j~1.68.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo\", rpm:\"libopenssl1_0_0-debuginfo~1.0.1j~1.68.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1j~1.68.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1j~1.68.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debugsource\", rpm:\"openssl-debugsource~1.0.1j~1.68.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl-devel-32bit\", rpm:\"libopenssl-devel-32bit~1.0.1j~1.68.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl1_0_0-32bit\", rpm:\"libopenssl1_0_0-32bit~1.0.1j~1.68.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo-32bit\", rpm:\"libopenssl1_0_0-debuginfo-32bit~1.0.1j~1.68.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~1.0.1j~1.68.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"openSUSE13.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~1.0.1j~11.56.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl1_0_0\", rpm:\"libopenssl1_0_0~1.0.1j~11.56.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo\", rpm:\"libopenssl1_0_0-debuginfo~1.0.1j~11.56.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1j~11.56.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1j~11.56.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debugsource\", rpm:\"openssl-debugsource~1.0.1j~11.56.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl-devel-32bit\", rpm:\"libopenssl-devel-32bit~1.0.1j~11.56.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl1_0_0-32bit\", rpm:\"libopenssl1_0_0-32bit~1.0.1j~11.56.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo-32bit\", rpm:\"libopenssl1_0_0-debuginfo-32bit~1.0.1j~11.56.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~1.0.1j~11.56.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-10-22T16:38:02", "bulletinFamily": "scanner", "description": "McAfee Email Gateway is vulnerable to one or more of the three Open Secure\nSockets Layer (OpenSSL) 3.0 (SSLv3) vulnerabilities.", "modified": "2018-10-12T00:00:00", "published": "2015-01-07T00:00:00", "id": "OPENVAS:1361412562310105157", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105157", "title": "McAfee Email Gateway - Three SSLv3 Vulnerabilities", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mcafee_email_gateway_sb10091.nasl 11872 2018-10-12 11:22:41Z cfischer $\n#\n# McAfee Email Gateway - Three SSLv3 Vulnerabilities\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mcafee:email_gateway\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105157\");\n script_cve_id(\"CVE-2014-3513\", \"CVE-2014-3567\", \"CVE-2014-3568\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_version(\"$Revision: 11872 $\");\n\n script_name(\"McAfee Email Gateway - Three SSLv3 Vulnerabilities\");\n\n script_xref(name:\"URL\", value:\"https://kc.mcafee.com/corporate/index?page=content&id=SB10091\");\n\n script_tag(name:\"vuldetect\", value:\"Check the installed version and hotfixes\");\n script_tag(name:\"solution\", value:\"Apply the hotfix referenced in the advisory.\");\n\n script_tag(name:\"summary\", value:\"McAfee Email Gateway is vulnerable to one or more of the three Open Secure\nSockets Layer (OpenSSL) 3.0 (SSLv3) vulnerabilities.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 13:22:41 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-07 17:42:14 +0100 (Wed, 07 Jan 2015)\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_family(\"General\");\n script_copyright(\"This script is Copyright (C) 2015 Greenbone Networks GmbH\");\n script_dependencies(\"gb_mcafee_email_gateway_version.nasl\");\n script_mandatory_keys(\"mcafee_email_gateway/product_version\", \"mcafee_email_gateway/patches\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! version = get_app_version( cpe:CPE ) ) exit( 0 );\n\nproduct = get_kb_item(\"mcafee_email_gateway/product_name\");\nif( ! product ) product = 'McAfee Email Gateway';\n\nif( ! patches = get_kb_item(\"mcafee_email_gateway/patches\") ) exit( 0 );\n\nif( version =~ \"^7\\.0\\.\" )\n{\n fixed = '7.0.2934.114';\n patch = '7.0.5h1014812';\n}\n\nelse if (version =~ \"^7\\.5\\.\")\n{\n fixed = \"7.5.3088.113\";\n patch = \"7.5.4h1014806\";\n}\n\nelse if (version =~ \"^7\\.6\\.\")\n{\n fixed = \"7.6.3044.120\";\n patch = \"7.6.2h1014803\";\n}\n\nelse\n exit( 0 );\n\nif( patch >< patches ) exit( 99 );\n\nif( version_is_less( version:version, test_version:fixed ) )\n{\n report = product + ' (' + version + ') is missing the patch ' + patch + '.\\n';\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 0 );\n\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:53:21", "bulletinFamily": "scanner", "description": "Check the version of openssl", "modified": "2017-08-24T00:00:00", "published": "2014-10-17T00:00:00", "id": "OPENVAS:1361412562310882062", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882062", "title": "CentOS Update for openssl CESA-2014:1652 centos7 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for openssl CESA-2014:1652 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882062\");\n script_version(\"$Revision: 7000 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-08-24 13:51:46 +0200 (Thu, 24 Aug 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-17 05:58:44 +0200 (Fri, 17 Oct 2014)\");\n script_cve_id(\"CVE-2014-3513\", \"CVE-2014-3567\", \"CVE-2014-3566\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_name(\"CentOS Update for openssl CESA-2014:1652 centos7 \");\n\n script_tag(name: \"summary\", value: \"Check the version of openssl\");\n\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the\nhelp of detect NVT and check if the version is vulnerable or not.\");\n\n script_tag(name: \"insight\", value: \"OpenSSL is a toolkit that implements the\nSecure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport\nLayer Security (DTLS) protocols, as well as a full-strength, general purpose\ncryptography library.\n\nThis update adds support for the TLS Fallback Signaling Cipher Suite Value\n(TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade\nattacks against applications which re-connect using a lower SSL/TLS\nprotocol version when the initial connection indicating the highest\nsupported protocol version fails.\n\nThis can prevent a forceful downgrade of the communication to SSL 3.0.\nThe SSL 3.0 protocol was found to be vulnerable to the padding oracle\nattack when using block cipher suites in cipher block chaining (CBC) mode.\nThis issue is identified as CVE-2014-3566, and also known under the alias\nPOODLE. This SSL 3.0 protocol flaw will not be addressed in a future\nupdate it is recommended that users configure their applications to\nrequire at least TLS protocol version 1.0 for secure communication.\n\nFor additional information about this flaw, see the Knowledgebase article\nat https://access.redhat.com/articles/1232123\n\nA memory leak flaw was found in the way OpenSSL parsed the DTLS Secure\nReal-time Transport Protocol (SRTP) extension data. A remote attacker could\nsend multiple specially crafted handshake messages to exhaust all available\nmemory of an SSL/TLS or DTLS server. (CVE-2014-3513)\n\nA memory leak flaw was found in the way an OpenSSL handled failed session\nticket integrity checks. A remote attacker could exhaust all available\nmemory of an SSL/TLS or DTLS server by sending a large number of invalid\nsession tickets to that server. (CVE-2014-3567)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to mitigate the CVE-2014-3566 issue and correct\nthe CVE-2014-3513 and CVE-2014-3567 issues. For the update to take effect,\nall services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n\");\n script_tag(name: \"affected\", value: \"openssl on CentOS 7\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2014:1652\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2014-October/020695.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~34.el7_0.6\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~34.el7_0.6\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-libs\", rpm:\"openssl-libs~1.0.1e~34.el7_0.6\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1e~34.el7_0.6\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1e~34.el7_0.6\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T13:03:55", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2014-10-17T00:00:00", "id": "OPENVAS:1361412562310871274", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871274", "title": "RedHat Update for openssl RHSA-2014:1652-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for openssl RHSA-2014:1652-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871274\");\n script_version(\"$Revision: 12380 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:03:48 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-17 05:58:23 +0200 (Fri, 17 Oct 2014)\");\n script_cve_id(\"CVE-2014-3513\", \"CVE-2014-3567\", \"CVE-2014-3566\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_name(\"RedHat Update for openssl RHSA-2014:1652-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary.\n\nThis update adds support for the TLS Fallback Signaling Cipher Suite Value\n(TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade\nattacks against applications which re-connect using a lower SSL/TLS\nprotocol version when the initial connection indicating the highest\nsupported protocol version fails.\n\nThis can prevent a forceful downgrade of the communication to SSL 3.0.\nThe SSL 3.0 protocol was found to be vulnerable to the padding oracle\nattack when using block cipher suites in cipher block chaining (CBC) mode.\nThis issue is identified as CVE-2014-3566, and also known under the alias\nPOODLE. This SSL 3.0 protocol flaw will not be addressed in a future\nupdate it is recommended that users configure their applications to\nrequire at least TLS protocol version 1.0 for secure communication.\n\nFor additional information about this flaw, see the referenced Knowledgebase article.\n\nA memory leak flaw was found in the way OpenSSL parsed the DTLS Secure\nReal-time Transport Protocol (SRTP) extension data. A remote attacker could\nsend multiple specially crafted handshake messages to exhaust all available\nmemory of an SSL/TLS or DTLS server. (CVE-2014-3513)\n\nA memory leak flaw was found in the way an OpenSSL handled failed session\nticket integrity checks. A remote attacker could exhaust all available\nmemory of an SSL/TLS or DTLS server by sending a large number of invalid\nsession tickets to that server. (CVE-2014-3567)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to mitigate the CVE-2014-3566 issue and correct\nthe CVE-2014-3513 and CVE-2014-3567 issues. For the update to take effect,\nall services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\");\n script_tag(name:\"affected\", value:\"openssl on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Server (v. 7),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:1652-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-October/msg00030.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(7|6)\");\n\n script_xref(name:\"URL\", value:\"https://access.redhat.com/articles/1232123\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~34.el7_0.6\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1e~34.el7_0.6\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~34.el7_0.6\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-libs\", rpm:\"openssl-libs~1.0.1e~34.el7_0.6\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~30.el6_6.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1e~30.el6_6.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~30.el6_6.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T13:02:09", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2015-10-13T00:00:00", "id": "OPENVAS:1361412562310850800", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850800", "title": "SuSE Update for OpenSSL SUSE-SU-2014:1361-1 (OpenSSL)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2014_1361_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for OpenSSL SUSE-SU-2014:1361-1 (OpenSSL)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850800\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-13 18:35:01 +0530 (Tue, 13 Oct 2015)\");\n script_cve_id(\"CVE-2014-3566\", \"CVE-2014-3567\", \"CVE-2014-3568\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for OpenSSL SUSE-SU-2014:1361-1 (OpenSSL)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'OpenSSL'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"This OpenSSL update fixes the following issues:\n\n * Session Ticket Memory Leak (CVE-2014-3567)\n\n * Build option no-ssl3 is incomplete (CVE-2014-3568)\n\n * Add support for TLS_FALLBACK_SCSV to mitigate CVE-2014-3566 (POODLE)\n\n Security Issues:\n\n * CVE-2014-3567\n\n * CVE-2014-3566\n\n * CVE-2014-3568\n\n Indications:\n\n Everybody should update.\");\n script_tag(name:\"affected\", value:\"OpenSSL on SUSE Linux Enterprise Server 11 SP3\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"SUSE-SU\", value:\"2014:1361_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLES11\\.0SP3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"SLES11.0SP3\")\n{\n\n if ((res = isrpmvuln(pkg:\"libopenssl0_9_8\", rpm:\"libopenssl0_9_8~0.9.8j~0.66.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl0_9_8-hmac\", rpm:\"libopenssl0_9_8-hmac~0.9.8j~0.66.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8j~0.66.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~0.9.8j~0.66.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl0_9_8-32bit\", rpm:\"libopenssl0_9_8-32bit~0.9.8j~0.66.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl0_9_8-hmac-32bit\", rpm:\"libopenssl0_9_8-hmac-32bit~0.9.8j~0.66.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl0_9_8-x86\", rpm:\"libopenssl0_9_8-x86~0.9.8j~0.66.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T13:03:19", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2014-10-17T00:00:00", "id": "OPENVAS:1361412562310842011", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842011", "title": "Ubuntu Update for openssl USN-2385-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2385_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# Ubuntu Update for openssl USN-2385-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842011\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-17 05:59:12 +0200 (Fri, 17 Oct 2014)\");\n script_cve_id(\"CVE-2014-3513\", \"CVE-2014-3567\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_name(\"Ubuntu Update for openssl USN-2385-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that OpenSSL incorrectly\nhandled memory when parsing DTLS SRTP extension data. A remote attacker could\npossibly use this issue to cause OpenSSL to consume resources, resulting in a\ndenial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.\n(CVE-2014-3513)\n\nIt was discovered that OpenSSL incorrectly handled memory when verifying\nthe integrity of a session ticket. A remote attacker could possibly use\nthis issue to cause OpenSSL to consume resources, resulting in a denial of\nservice. (CVE-2014-3567)\n\nIn addition, this update introduces support for the TLS Fallback Signaling\nCipher Suite Value (TLS_FALLBACK_SCSV). This new feature prevents protocol\ndowngrade attacks when certain applications such as web browsers attempt\nto reconnect using a lower protocol version for interoperability reasons.\");\n script_tag(name:\"affected\", value:\"openssl on Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2385-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2385-1/\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|10\\.04 LTS)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:i386\", ver:\"1.0.1f-1ubuntu2.7\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:amd64\", ver:\"1.0.1f-1ubuntu2.7\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1-4ubuntu5.20\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8k-7ubuntu8.22\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T11:50:20", "bulletinFamily": "unix", "description": "This OpenSSL update fixes the following issues:\n\n * Session Ticket Memory Leak (CVE-2014-3567)\n * Build option no-ssl3 is incomplete ((CVE-2014-3568)\n * Add support for TLS_FALLBACK_SCSV to mitigate CVE-2014-3566 (POODLE)\n\n Security Issues:\n\n * CVE-2014-3513\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513</a>>\n * CVE-2014-3567\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567</a>>\n * CVE-2014-3566\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566</a>>\n * CVE-2014-3568\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568</a>>\n", "modified": "2014-11-11T00:05:06", "published": "2014-11-11T00:05:06", "id": "SUSE-SU-2014:1386-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00006.html", "title": "Security update for OpenSSL (important)", "type": "suse", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:42:58", "bulletinFamily": "unix", "description": "The following issues were fixed in this release:\n\n CVE-2014-3566: SSLv3 POODLE attack (bnc#901223) CVE-2014-3513,\n CVE-2014-3567: DTLS memory leak and session ticket memory leak\n\n", "modified": "2014-10-29T16:05:00", "published": "2014-10-29T16:05:00", "id": "OPENSUSE-SU-2014:1331-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html", "type": "suse", "title": "update for openssl (important)", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:46:54", "bulletinFamily": "unix", "description": "This OpenSSL update fixes the following issues:\n\n * SRTP Memory Leak (CVE-2014-3513)\n * Session Ticket Memory Leak (CVE-2014-3567)\n * Build option no-ssl3 is incomplete (CVE-2014-3568)\n * Add support for TLS_FALLBACK_SCSV to mitigate CVE-2014-3566 (POODLE)\n\n Security Issues:\n\n * CVE-2014-3513\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513</a>>\n * CVE-2014-3567\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567</a>>\n * CVE-2014-3566\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566</a>>\n * CVE-2014-3568\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568</a>>\n", "modified": "2014-11-04T23:04:45", "published": "2014-11-04T23:04:45", "id": "SUSE-SU-2014:1357-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html", "type": "suse", "title": "Security update for openssl1 (important)", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:48:25", "bulletinFamily": "unix", "description": "This OpenSSL update fixes the following issues:\n\n * Session Ticket Memory Leak (CVE-2014-3567)\n * Build option no-ssl3 is incomplete ((CVE-2014-3568)\n * Add support for TLS_FALLBACK_SCSV to mitigate CVE-2014-3566 (POODLE)\n\n Security Issues:\n\n * CVE-2014-3567\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567</a>>\n * CVE-2014-3566\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566</a>>\n * CVE-2014-3568\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568</a>>\n", "modified": "2014-11-11T01:04:46", "published": "2014-11-11T01:04:46", "id": "SUSE-SU-2014:1387-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00007.html", "type": "suse", "title": "Security update for OpenSSL (important)", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:42:58", "bulletinFamily": "unix", "description": "This OpenSSL update fixes the following issues:\n\n * Session Ticket Memory Leak (CVE-2014-3567)\n * Build option no-ssl3 is incomplete (CVE-2014-3568)\n * Add support for TLS_FALLBACK_SCSV to mitigate CVE-2014-3566 (POODLE)\n\n Security Issues:\n\n * CVE-2014-3567\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567</a>>\n * CVE-2014-3566\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566</a>>\n * CVE-2014-3568\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568</a>>\n", "modified": "2014-11-13T01:04:46", "published": "2014-11-13T01:04:46", "id": "SUSE-SU-2014:1387-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00012.html", "title": "Security update for OpenSSL (important)", "type": "suse", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:27:16", "bulletinFamily": "unix", "description": "This OpenSSL update fixes the following issues:\n\n * Session Ticket Memory Leak (CVE-2014-3567)\n * Build option no-ssl3 is incomplete (CVE-2014-3568)\n * Add support for TLS_FALLBACK_SCSV to mitigate CVE-2014-3566 (POODLE)\n\n Security Issues:\n\n * CVE-2014-3567\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567</a>>\n * CVE-2014-3566\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566</a>>\n * CVE-2014-3568\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568</a>>\n", "modified": "2014-11-05T23:04:47", "published": "2014-11-05T23:04:47", "id": "SUSE-SU-2014:1361-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html", "title": "Security update for OpenSSL (important)", "type": "suse", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:46:50", "bulletinFamily": "unix", "description": "This OpenSSL update fixes the following issues:\n\n * Build option no-ssl3 is incomplete (CVE-2014-3568)\n * Add support for TLS_FALLBACK_SCSV to mitigate CVE-2014-3566 (POODLE)\n\n Security Issues:\n\n * CVE-2014-3566\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566</a>>\n * CVE-2014-3568\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568</a>>\n", "modified": "2014-11-12T19:05:00", "published": "2014-11-12T19:05:00", "id": "SUSE-SU-2014:1409-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00010.html", "type": "suse", "title": "Security update for OpenSSL (important)", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:42", "bulletinFamily": "unix", "description": "SRTP Memory Leak (CVE-2014-3513)\n--------------------------------\n\nA flaw in the DTLS SRTP extension parsing code allows an attacker, who\nsends a carefully crafted handshake message, to cause OpenSSL to fail\nto free up to 64k of memory causing a memory leak. This could be\nexploited in a Denial Of Service attack. This issue affects OpenSSL\n1.0.1 server implementations for both SSL/TLS and DTLS regardless of\nwhether SRTP is used or configured. Implementations of OpenSSL that\nhave been compiled with OPENSSL_NO_SRTP defined are not affected.\n\nSession Ticket Memory Leak (CVE-2014-3567)\n------------------------------------------\n\nWhen an OpenSSL SSL/TLS/DTLS server receives a session ticket the\nintegrity of that ticket is first verified. In the event of a session\nticket integrity check failing, OpenSSL will fail to free memory\ncausing a memory leak. By sending a large number of invalid session\ntickets an attacker could exploit this issue in a Denial Of Service\nattack.\n\nBuild option no-ssl3 is incomplete (CVE-2014-3568)\n--------------------------------------------------\n\nWhen OpenSSL is configured with "no-ssl3" as a build option, servers\ncould accept and complete a SSL 3.0 handshake, and clients could be\nconfigured to send them.\n\nSSL 3.0 Fallback protection\n---------------------------\n\nOpenSSL has added support for TLS_FALLBACK_SCSV to allow applications\nto block the ability for a MITM attacker to force a protocol\ndowngrade.\n\nSome client applications (such as browsers) will reconnect using a\ndowngraded protocol to work around interoperability bugs in older\nservers. This could be exploited by an active man-in-the-middle to\ndowngrade connections to SSL 3.0 even if both sides of the connection\nsupport higher protocols. SSL 3.0 contains a number of weaknesses\nincluding POODLE (CVE-2014-3566).", "modified": "2014-10-16T00:00:00", "published": "2014-10-16T00:00:00", "href": "https://lists.archlinux.org/pipermail/arch-security/2014-October/000117.html", "id": "ASA-201410-6", "title": "openssl: denial of service / man-in-the-middle / poodle mitigation", "type": "archlinux", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "slackware": [{"lastseen": "2018-08-31T00:36:54", "bulletinFamily": "unix", "description": "New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\nand -current to fix security issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/openssl-solibs-1.0.1j-i486-1_slack14.1.txz: Upgraded.\n (* Security fix *)\npatches/packages/openssl-1.0.1j-i486-1_slack14.1.txz: Upgraded.\n This update fixes several security issues:\n SRTP Memory Leak (CVE-2014-3513):\n A flaw in the DTLS SRTP extension parsing code allows an attacker, who\n sends a carefully crafted handshake message, to cause OpenSSL to fail\n to free up to 64k of memory causing a memory leak. This could be\n exploited in a Denial Of Service attack.\n Session Ticket Memory Leak (CVE-2014-3567):\n When an OpenSSL SSL/TLS/DTLS server receives a session ticket the\n integrity of that ticket is first verified. In the event of a session\n ticket integrity check failing, OpenSSL will fail to free memory\n causing a memory leak. By sending a large number of invalid session\n tickets an attacker could exploit this issue in a Denial Of Service\n attack.\n SSL 3.0 Fallback protection:\n OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications\n to block the ability for a MITM attacker to force a protocol\n downgrade.\n Some client applications (such as browsers) will reconnect using a\n downgraded protocol to work around interoperability bugs in older\n servers. This could be exploited by an active man-in-the-middle to\n downgrade connections to SSL 3.0 even if both sides of the connection\n support higher protocols. SSL 3.0 contains a number of weaknesses\n including POODLE (CVE-2014-3566).\n Build option no-ssl3 is incomplete (CVE-2014-3568):\n When OpenSSL is configured with "no-ssl3" as a build option, servers\n could accept and complete a SSL 3.0 handshake, and clients could be\n configured to send them.\n For more information, see:\n https://www.openssl.org/news/secadv_20141015.txt\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zc-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zc-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zc-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zc-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zc-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zc-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zc-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zc-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zc-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zc-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zc-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zc-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1j-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1j-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1j-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1j-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1j-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1j-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1j-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1j-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1j-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1j-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1j-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1j-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 packages:\n44d336a121b39296f0e6bbeeb283dd2b openssl-0.9.8zc-i486-1_slack13.0.txz\n8342cfb351e59ecf5ea6d8cba66f0040 openssl-solibs-0.9.8zc-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\n671f12535bdc10ab24388b713351aca2 openssl-0.9.8zc-x86_64-1_slack13.0.txz\n21e380284cdfab2fd15fffe2e0aed526 openssl-solibs-0.9.8zc-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n64cb819f1e07522bd5d7ceedd0a9ab50 openssl-0.9.8zc-i486-1_slack13.1.txz\n5fe4e385b2251cfd7e8ae5963ec6cef1 openssl-solibs-0.9.8zc-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\n94feb6699d6f2cc7750a6b2e17ccaaa2 openssl-0.9.8zc-x86_64-1_slack13.1.txz\n2c17e4286509c29074ab0168367b851e openssl-solibs-0.9.8zc-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n4483d91c776c7e23c59246c4e0aa24aa openssl-0.9.8zc-i486-1_slack13.37.txz\nfedd58eb19bc13c9dd88d947827a7370 openssl-solibs-0.9.8zc-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\n5d48ac1e9339efc35e304c7d48b2e762 openssl-0.9.8zc-x86_64-1_slack13.37.txz\n6f5e2b576259477c13f12cbed9be8804 openssl-solibs-0.9.8zc-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\n2b678160283bc696565dc8bd8b28c0eb openssl-1.0.1j-i486-1_slack14.0.txz\nf7762615c990713e9e86d4da962f1022 openssl-solibs-1.0.1j-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n41010ca37d49b74e7d7dc3f1c6ddc57e openssl-1.0.1j-x86_64-1_slack14.0.txz\n40dc6f3de217279d6140c1efcc0d45c8 openssl-solibs-1.0.1j-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n024ecea55e22e47f9fbb4b81a7b72a51 openssl-1.0.1j-i486-1_slack14.1.txz\n0a575668bb41ec4c2160800611f7f627 openssl-solibs-1.0.1j-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\nd07fe289f7998a584c2b0d9810a8b9aa openssl-1.0.1j-x86_64-1_slack14.1.txz\n1ffc5d0c02b0c60cefa5cf9189bfc71d openssl-solibs-1.0.1j-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n53c9f51a79460bbfc5dec5720317cd53 a/openssl-solibs-1.0.1j-i486-1.txz\ncc059aa63494f3b005a886c70bc3f5d6 n/openssl-1.0.1j-i486-1.txz\n\nSlackware x86_64 -current packages:\n500709555e652adcd84b4e02dfab4eeb a/openssl-solibs-1.0.1j-x86_64-1.txz\nc483ca9c450fa90a901ac013276ccc53 n/openssl-1.0.1j-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg openssl-1.0.1j-i486-1_slack14.1.txz openssl-solibs-1.0.1j-i486-1_slack14.1.txz", "modified": "2014-10-15T10:58:22", "published": "2014-10-15T10:58:22", "id": "SSA-2014-288-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.846452", "title": "openssl", "type": "slackware", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2018-08-31T01:14:47", "bulletinFamily": "unix", "description": "\nThe OpenSSL Project reports:\n\nA flaw in the DTLS SRTP extension parsing code allows an\n\t attacker, who sends a carefully crafted handshake message,\n\t to cause OpenSSL to fail to free up to 64k of memory causing\n\t a memory leak. This could be exploited in a Denial Of Service\n\t attack. This issue affects OpenSSL 1.0.1 server implementations\n\t for both SSL/TLS and DTLS regardless of whether SRTP is used\n\t or configured. Implementations of OpenSSL that have been\n\t compiled with OPENSSL_NO_SRTP defined are not affected.\n\t [CVE-2014-3513].\nWhen an OpenSSL SSL/TLS/DTLS server receives a session\n\t ticket the integrity of that ticket is first verified.\n\t In the event of a session ticket integrity check failing,\n\t OpenSSL will fail to free memory causing a memory leak.\n\t By sending a large number of invalid session tickets an\n\t attacker could exploit this issue in a Denial Of Service\n\t attack. [CVE-2014-3567].\nOpenSSL has added support for TLS_FALLBACK_SCSV to allow\n\t applications to block the ability for a MITM attacker to\n\t force a protocol downgrade.\nSome client applications (such as browsers) will reconnect\n\t using a downgraded protocol to work around interoperability\n\t bugs in older servers. This could be exploited by an active\n\t man-in-the-middle to downgrade connections to SSL 3.0 even\n\t if both sides of the connection support higher protocols.\n\t SSL 3.0 contains a number of weaknesses including POODLE\n\t [CVE-2014-3566].\nWhen OpenSSL is configured with \"no-ssl3\" as a build option,\n\t servers could accept and complete a SSL 3.0 handshake, and\n\t clients could be configured to send them. [CVE-2014-3568].\n\n", "modified": "2016-08-09T00:00:00", "published": "2014-10-15T00:00:00", "id": "03175E62-5494-11E4-9CC1-BC5FF4FB5E7B", "href": "https://vuxml.freebsd.org/freebsd/03175e62-5494-11e4-9cc1-bc5ff4fb5e7b.html", "title": "OpenSSL -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:14:41", "bulletinFamily": "unix", "description": "\nMicka\u00c3\u00abl Guessant reports:\n\nDavMail 4.6.0 released\nEnhancements: Fix potential CVE-2014-3566 vulnerability.\n\n", "modified": "2014-10-27T00:00:00", "published": "2014-10-27T00:00:00", "id": "384FC0B2-0144-11E5-8FDA-002590263BF5", "href": "https://vuxml.freebsd.org/freebsd/384fc0b2-0144-11e5-8fda-002590263bf5.html", "title": "davmail -- fix potential CVE-2014-3566 vulnerability (POODLE)", "type": "freebsd", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:54", "bulletinFamily": "software", "description": "\r\n\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n[slackware-security] openssl (SSA:2014-288-01)\r\n\r\nNew openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\r\nand -current to fix security issues.\r\n\r\n\r\nHere are the details from the Slackware 14.1 ChangeLog:\r\n+--------------------------+\r\npatches/packages/openssl-solibs-1.0.1j-i486-1_slack14.1.txz: Upgraded.\r\n (* Security fix *)\r\npatches/packages/openssl-1.0.1j-i486-1_slack14.1.txz: Upgraded.\r\n This update fixes several security issues:\r\n SRTP Memory Leak (CVE-2014-3513):\r\n A flaw in the DTLS SRTP extension parsing code allows an attacker, who\r\n sends a carefully crafted handshake message, to cause OpenSSL to fail\r\n to free up to 64k of memory causing a memory leak. This could be\r\n exploited in a Denial Of Service attack.\r\n Session Ticket Memory Leak (CVE-2014-3567):\r\n When an OpenSSL SSL/TLS/DTLS server receives a session ticket the\r\n integrity of that ticket is first verified. In the event of a session\r\n ticket integrity check failing, OpenSSL will fail to free memory\r\n causing a memory leak. By sending a large number of invalid session\r\n tickets an attacker could exploit this issue in a Denial Of Service\r\n attack.\r\n SSL 3.0 Fallback protection:\r\n OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications\r\n to block the ability for a MITM attacker to force a protocol\r\n downgrade.\r\n Some client applications (such as browsers) will reconnect using a\r\n downgraded protocol to work around interoperability bugs in older\r\n servers. This could be exploited by an active man-in-the-middle to\r\n downgrade connections to SSL 3.0 even if both sides of the connection\r\n support higher protocols. SSL 3.0 contains a number of weaknesses\r\n including POODLE (CVE-2014-3566).\r\n Build option no-ssl3 is incomplete (CVE-2014-3568):\r\n When OpenSSL is configured with "no-ssl3" as a build option, servers\r\n could accept and complete a SSL 3.0 handshake, and clients could be\r\n configured to send them.\r\n For more information, see:\r\n https://www.openssl.org/news/secadv_20141015.txt\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568\r\n (* Security fix *)\r\n+--------------------------+\r\n\r\n\r\nWhere to find the new packages:\r\n+-----------------------------+\r\n\r\nThanks to the friendly folks at the OSU Open Source Lab\r\n(http://osuosl.org) for donating FTP and rsync hosting\r\nto the Slackware project! \r\n\r\nAlso see the "Get Slack" section on http://slackware.com for\r\nadditional mirror sites near you.\r\n\r\nUpdated packages for Slackware 13.0:\r\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zc-i486-1_slack13.0.txz\r\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zc-i486-1_slack13.0.txz\r\n\r\nUpdated packages for Slackware x86_64 13.0:\r\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zc-x86_64-1_slack13.0.txz\r\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zc-x86_64-1_slack13.0.txz\r\n\r\nUpdated packages for Slackware 13.1:\r\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zc-i486-1_slack13.1.txz\r\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zc-i486-1_slack13.1.txz\r\n\r\nUpdated packages for Slackware x86_64 13.1:\r\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zc-x86_64-1_slack13.1.txz\r\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zc-x86_64-1_slack13.1.txz\r\n\r\nUpdated packages for Slackware 13.37:\r\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zc-i486-1_slack13.37.txz\r\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zc-i486-1_slack13.37.txz\r\n\r\nUpdated packages for Slackware x86_64 13.37:\r\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zc-x86_64-1_slack13.37.txz\r\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zc-x86_64-1_slack13.37.txz\r\n\r\nUpdated packages for Slackware 14.0:\r\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1j-i486-1_slack14.0.txz\r\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1j-i486-1_slack14.0.txz\r\n\r\nUpdated packages for Slackware x86_64 14.0:\r\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1j-x86_64-1_slack14.0.txz\r\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1j-x86_64-1_slack14.0.txz\r\n\r\nUpdated packages for Slackware 14.1:\r\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1j-i486-1_slack14.1.txz\r\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1j-i486-1_slack14.1.txz\r\n\r\nUpdated packages for Slackware x86_64 14.1:\r\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1j-x86_64-1_slack14.1.txz\r\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1j-x86_64-1_slack14.1.txz\r\n\r\nUpdated packages for Slackware -current:\r\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1j-i486-1.txz\r\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1j-i486-1.txz\r\n\r\nUpdated packages for Slackware x86_64 -current:\r\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1j-x86_64-1.txz\r\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1j-x86_64-1.txz\r\n\r\n\r\nMD5 signatures:\r\n+-------------+\r\n\r\nSlackware 13.0 packages:\r\n44d336a121b39296f0e6bbeeb283dd2b openssl-0.9.8zc-i486-1_slack13.0.txz\r\n8342cfb351e59ecf5ea6d8cba66f0040 openssl-solibs-0.9.8zc-i486-1_slack13.0.txz\r\n\r\nSlackware x86_64 13.0 packages:\r\n671f12535bdc10ab24388b713351aca2 openssl-0.9.8zc-x86_64-1_slack13.0.txz\r\n21e380284cdfab2fd15fffe2e0aed526 openssl-solibs-0.9.8zc-x86_64-1_slack13.0.txz\r\n\r\nSlackware 13.1 packages:\r\n64cb819f1e07522bd5d7ceedd0a9ab50 openssl-0.9.8zc-i486-1_slack13.1.txz\r\n5fe4e385b2251cfd7e8ae5963ec6cef1 openssl-solibs-0.9.8zc-i486-1_slack13.1.txz\r\n\r\nSlackware x86_64 13.1 packages:\r\n94feb6699d6f2cc7750a6b2e17ccaaa2 openssl-0.9.8zc-x86_64-1_slack13.1.txz\r\n2c17e4286509c29074ab0168367b851e openssl-solibs-0.9.8zc-x86_64-1_slack13.1.txz\r\n\r\nSlackware 13.37 packages:\r\n4483d91c776c7e23c59246c4e0aa24aa openssl-0.9.8zc-i486-1_slack13.37.txz\r\nfedd58eb19bc13c9dd88d947827a7370 openssl-solibs-0.9.8zc-i486-1_slack13.37.txz\r\n\r\nSlackware x86_64 13.37 packages:\r\n5d48ac1e9339efc35e304c7d48b2e762 openssl-0.9.8zc-x86_64-1_slack13.37.txz\r\n6f5e2b576259477c13f12cbed9be8804 openssl-solibs-0.9.8zc-x86_64-1_slack13.37.txz\r\n\r\nSlackware 14.0 packages:\r\n2b678160283bc696565dc8bd8b28c0eb openssl-1.0.1j-i486-1_slack14.0.txz\r\nf7762615c990713e9e86d4da962f1022 openssl-solibs-1.0.1j-i486-1_slack14.0.txz\r\n\r\nSlackware x86_64 14.0 packages:\r\n41010ca37d49b74e7d7dc3f1c6ddc57e openssl-1.0.1j-x86_64-1_slack14.0.txz\r\n40dc6f3de217279d6140c1efcc0d45c8 openssl-solibs-1.0.1j-x86_64-1_slack14.0.txz\r\n\r\nSlackware 14.1 packages:\r\n024ecea55e22e47f9fbb4b81a7b72a51 openssl-1.0.1j-i486-1_slack14.1.txz\r\n0a575668bb41ec4c2160800611f7f627 openssl-solibs-1.0.1j-i486-1_slack14.1.txz\r\n\r\nSlackware x86_64 14.1 packages:\r\nd07fe289f7998a584c2b0d9810a8b9aa openssl-1.0.1j-x86_64-1_slack14.1.txz\r\n1ffc5d0c02b0c60cefa5cf9189bfc71d openssl-solibs-1.0.1j-x86_64-1_slack14.1.txz\r\n\r\nSlackware -current packages:\r\n53c9f51a79460bbfc5dec5720317cd53 a/openssl-solibs-1.0.1j-i486-1.txz\r\ncc059aa63494f3b005a886c70bc3f5d6 n/openssl-1.0.1j-i486-1.txz\r\n\r\nSlackware x86_64 -current packages:\r\n500709555e652adcd84b4e02dfab4eeb a/openssl-solibs-1.0.1j-x86_64-1.txz\r\nc483ca9c450fa90a901ac013276ccc53 n/openssl-1.0.1j-x86_64-1.txz\r\n\r\n\r\nInstallation instructions:\r\n+------------------------+\r\n\r\nUpgrade the packages as root:\r\n# upgradepkg openssl-1.0.1j-i486-1_slack14.1.txz openssl-solibs-1.0.1j-i486-1_slack14.1.txz\r\n\r\n\r\n+-----+\r\n\r\nSlackware Linux Security Team\r\nhttp://slackware.com/gpg-key\r\nsecurity@slackware.com\r\n\r\n+------------------------------------------------------------------------+\r\n| To leave the slackware-security mailing list: |\r\n+------------------------------------------------------------------------+\r\n| Send an email to majordomo@slackware.com with this text in the body of |\r\n| the email message: |\r\n| |\r\n| unsubscribe slackware-security |\r\n| |\r\n| You will get a confirmation message back containing instructions to |\r\n| complete the process. Please do not reply to this email address. |\r\n+------------------------------------------------------------------------+\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niEYEARECAAYFAlQ+sX4ACgkQakRjwEAQIjMnYwCggSNccNsCi57a+p6F6/wBJNMr\r\nnjcAn08K5PJNtkMeLWV18epIMDLm+Vyg\r\n=7+DM\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2014-10-17T00:00:00", "published": "2014-10-17T00:00:00", "id": "SECURITYVULNS:DOC:31293", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31293", "title": "[slackware-security] openssl (SSA:2014-288-01)", "type": "securityvulns", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:02", "bulletinFamily": "software", "description": "Restrictions bypass, weak encryption, information discosure, multiple svn vulnerabilities.", "modified": "2015-10-25T00:00:00", "published": "2015-10-25T00:00:00", "id": "SECURITYVULNS:VULN:14697", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14697", "title": "Apple Xcode multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:11:01", "bulletinFamily": "software", "description": "\r\n\r\nAPPLE-SA-2015-09-16-2 Xcode 7.0\r\n\r\nXcode 7.0 is now available and addresses the following:\r\n\r\nDevTools\r\nAvailable for: OS X Yosemite v10.10.4 or later\r\nImpact: An attacker may be able to bypass access restrictions\r\nDescription: An API issue existed in the apache configuration. This\r\nissue was addressed by updating header files to use the latest\r\nversion.\r\nCVE-ID\r\nCVE-2015-3185 : Branko Aibej of the Apache Software Foundation\r\n\r\nIDE Xcode Server\r\nAvailable for: OS X Yosemite 10.10 or later\r\nImpact: An attacker may be able to access restricted parts of the\r\nfilesystem\r\nDescription: A comparison issue existed in the node.js send module\r\nprior to version 0.8.4. This issue was addressed by upgrading to\r\nversion 0.12.3.\r\nCVE-ID\r\nCVE-2014-6394 : Ilya Kantor\r\n\r\nIDE Xcode Server\r\nAvailable for: OS X Yosemite v10.10.4 or later\r\nImpact: Multiple vulnerabilties in OpenSSL\r\nDescription: Multiple vulnerabilties existed in the node.js OpenSSL\r\nmodule prior to version 1.0.1j. These issues were addressed by\r\nupdating openssl to version 1.0.1j.\r\nCVE-ID\r\nCVE-2014-3513\r\nCVE-2014-3566\r\nCVE-2014-3567\r\nCVE-2014-3568\r\n\r\nIDE Xcode Server\r\nAvailable for: OS X Yosemite v10.10.4 or later\r\nImpact: An attacker with a privileged network position may be able\r\nto inspect traffic to Xcode Server\r\nDescription: Connections to Xcode Server may have been made without\r\nencryption. This issue was addressed through improved network\r\nconnection logic.\r\nCVE-ID\r\nCVE-2015-5910 : an anonymous researcher\r\n\r\nIDE Xcode Server\r\nAvailable for: OS X Yosemite v10.10.4 or later\r\nImpact: Build notifications may be sent to unintended recipients\r\nDescription: An access issue existed in the handling of repository\r\nemail lists. This issue was addressed through improved validation.\r\nCVE-ID\r\nCVE-2015-5909 : Daniel Tomlinson of Rocket Apps, David Gatwood of\r\nAnchorfree\r\n\r\nsubversion\r\nAvailable for: OS X Yosemite v10.10.4 or later\r\nImpact: Multiple vulnerabilities existed in svn versions prior to\r\n1.7.19\r\nDescription: Multiple vulnerabilities existed in svn versions prior\r\nto 1.7.19. These issues were addressed by updating svn to version\r\n1.7.20.\r\nCVE-ID\r\nCVE-2015-0248\r\nCVE-2015-0251\r\n\r\n\r\nXcode 7.0 may be obtained from:\r\nhttps://developer.apple.com/xcode/downloads/\r\n\r\nTo check that the Xcode has been updated:\r\n\r\n* Select Xcode in the menu bar\r\n* Select About Xcode\r\n* The version after applying this update will be "7.0".\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: https://support.apple.com/kb/HT201222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n", "modified": "2015-10-05T00:00:00", "published": "2015-10-05T00:00:00", "id": "SECURITYVULNS:DOC:32516", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32516", "title": "APPLE-SA-2015-09-16-2 Xcode 7.0", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:56", "bulletinFamily": "software", "description": "\r\nHi All,\r\n\r\nBefore i ask my question:\r\n\r\nIt seems some TLS implementations may be vulnerable to POODLE like attack if they use SSL 3.0 type padding and the padding bytes are not checked by the implementation.\r\n\r\nhttps://www.imperialviolet.org/2014/12/08/poodleagain.html\r\nhttps://devcentral.f5.com/articles/cve-2014-8730-padding-issue-8151\r\n\r\n\r\nCVE-2014-8730 was assigned to this issue (by MITRE i suppose) and its not clear if this CVE has been assigned to their code or to the protocol weakness.\r\n\r\nI have not checked if any implementations are vulnerable, but could MITRE please confirm if its ok to reuse this CVE if any crypto-libs are found vulnerable, or if they plan to assign another CVE id?\r\n\r\n\r\n-- \r\nHuzaifa Sidhpurwala / Red Hat Product Security Team\r\n", "modified": "2014-12-09T00:00:00", "published": "2014-12-09T00:00:00", "id": "SECURITYVULNS:DOC:31481", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31481", "title": "[oss-security] CVE question: Return of POODLE", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "nessus": [{"lastseen": "2019-01-16T20:20:39", "bulletinFamily": "scanner", "description": "The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - Memory leak in d1_srtp.c in the DTLS SRTP extension in\n OpenSSL 1.0.1 before 1.0.1j allows remote attackers to\n cause a denial of service (memory consumption) via a\n crafted handshake message. (CVE-2014-3513)\n\n - The SSL protocol 3.0, as used in OpenSSL through 1.0.1i\n and other products, uses nondeterministic CBC padding,\n which makes it easier for man-in-the-middle attackers to\n obtain cleartext data via a padding-oracle attack, aka\n the 'POODLE' issue. (CVE-2014-3566)\n\n - Memory leak in the tls_decrypt_ticket function in\n t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o,\n and 1.0.1 before 1.0.1j allows remote attackers to cause\n a denial of service (memory consumption) via a crafted\n session ticket that triggers an integrity-check failure.\n (CVE-2014-3567)\n\n - OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1\n before 1.0.1j does not properly enforce the no-ssl3\n build option, which allows remote attackers to bypass\n intended access restrictions via an SSL 3.0 handshake,\n related to s23_clnt.c and s23_srvr.c. (CVE-2014-3568)", "modified": "2018-11-15T00:00:00", "published": "2015-01-19T00:00:00", "id": "SOLARIS11_OPENSSL_20141104.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80725", "title": "Oracle Solaris Third-Party Patch Update : openssl (multiple_vulnerabilities_in_openssl6) (POODLE)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80725);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/11/15 20:50:25\");\n\n script_cve_id(\"CVE-2014-3513\", \"CVE-2014-3566\", \"CVE-2014-3567\", \"CVE-2014-3568\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : openssl (multiple_vulnerabilities_in_openssl6) (POODLE)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - Memory leak in d1_srtp.c in the DTLS SRTP extension in\n OpenSSL 1.0.1 before 1.0.1j allows remote attackers to\n cause a denial of service (memory consumption) via a\n crafted handshake message. (CVE-2014-3513)\n\n - The SSL protocol 3.0, as used in OpenSSL through 1.0.1i\n and other products, uses nondeterministic CBC padding,\n which makes it easier for man-in-the-middle attackers to\n obtain cleartext data via a padding-oracle attack, aka\n the 'POODLE' issue. (CVE-2014-3566)\n\n - Memory leak in the tls_decrypt_ticket function in\n t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o,\n and 1.0.1 before 1.0.1j allows remote attackers to cause\n a denial of service (memory consumption) via a crafted\n session ticket that triggers an integrity-check failure.\n (CVE-2014-3567)\n\n - OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1\n before 1.0.1j does not properly enforce the no-ssl3\n build option, which allows remote attackers to bypass\n intended access restrictions via an SSL 3.0 handshake,\n related to s23_clnt.c and s23_srvr.c. (CVE-2014-3568)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n # https://blogs.oracle.com/sunsecurity/multiple-vulnerabilities-in-openssl\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5ecff53d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11.2.3.5.0.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:openssl\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/04\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^openssl$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.2.3.0.5.0\", sru:\"SRU 11.2.3.5.0\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : openssl\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_hole(port:0, extra:error_extra);\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"openssl\");\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:19:57", "bulletinFamily": "scanner", "description": "The version of stunnel installed on the remote host is prior to\nversion 5.06. It is, therefore, affected by the following\nvulnerabilities in the bundled OpenSSL library :\n\n - An error exists related to DTLS SRTP extension handling\n and specially crafted handshake messages that can allow\n denial of service attacks via memory leaks.\n (CVE-2014-3513)\n\n - An error exists related to the way SSL 3.0 handles\n padding bytes when decrypting messages encrypted using\n block ciphers in cipher block chaining (CBC) mode. A\n man-in-the-middle attacker can decrypt a selected byte\n of a cipher text in as few as 256 tries if they are able\n to force a victim application to repeatedly send the\n same data over newly created SSL 3.0 connections. This\n is also known as the 'POODLE' issue. (CVE-2014-3566)\n\n - An error exists related to session ticket handling that\n can allow denial of service attacks via memory leaks.\n (CVE-2014-3567)\n\n - An error exists related to the build configuration\n process and the 'no-ssl3' build option that allows\n servers and clients to process insecure SSL 3.0\n handshake messages. (CVE-2014-3568)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "modified": "2018-11-15T00:00:00", "published": "2014-10-20T00:00:00", "id": "STUNNEL_5_06.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78584", "title": "stunnel < 5.06 OpenSSL Multiple Vulnerabilities (POODLE)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78584);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/11/15 20:50:28\");\n\n script_cve_id(\n \"CVE-2014-3513\",\n \"CVE-2014-3566\",\n \"CVE-2014-3567\",\n \"CVE-2014-3568\"\n );\n script_bugtraq_id(70574, 70584, 70585, 70586);\n script_xref(name:\"CERT\", value:\"577193\");\n\n script_name(english:\"stunnel < 5.06 OpenSSL Multiple Vulnerabilities (POODLE)\");\n script_summary(english:\"Checks the version of stunnel.exe.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a program that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of stunnel installed on the remote host is prior to\nversion 5.06. It is, therefore, affected by the following\nvulnerabilities in the bundled OpenSSL library :\n\n - An error exists related to DTLS SRTP extension handling\n and specially crafted handshake messages that can allow\n denial of service attacks via memory leaks.\n (CVE-2014-3513)\n\n - An error exists related to the way SSL 3.0 handles\n padding bytes when decrypting messages encrypted using\n block ciphers in cipher block chaining (CBC) mode. A\n man-in-the-middle attacker can decrypt a selected byte\n of a cipher text in as few as 256 tries if they are able\n to force a victim application to repeatedly send the\n same data over newly created SSL 3.0 connections. This\n is also known as the 'POODLE' issue. (CVE-2014-3566)\n\n - An error exists related to session ticket handling that\n can allow denial of service attacks via memory leaks.\n (CVE-2014-3567)\n\n - An error exists related to the build configuration\n process and the 'no-ssl3' build option that allows\n servers and clients to process insecure SSL 3.0\n handshake messages. (CVE-2014-3568)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.stunnel.org/?page=sdf_ChangeLog\");\n # https://www.stunnel.org/pipermail/stunnel-announce/2014-October/000084.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d459ce27\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/openssl-1.0.1-notes.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20141015.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/vulnerabilities.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2014/10/14/poodle.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/~bodo/ssl-poodle.pdf\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to stunnel version 5.06 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n \n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:stunnel:stunnel\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"stunnel_installed.nasl\");\n script_require_keys(\"installed_sw/stunnel\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\napp = 'stunnel';\ninstall = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);\n\nversion = install[\"version\"];\npath = install[\"path\"];\n\n# Affected < 5.06\nif (\n version =~ \"^[0-4]\\.\" ||\n version =~ \"^5\\.0[0-5]($|[^0-9])\"\n)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 5.06' +\n '\\n';\n security_report_v4(severity:SECURITY_WARNING, port:port, extra:report);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app, version, path);\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:19:55", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been found in OpenSSL, the Secure Sockets\nLayer library and toolkit.\n\n - CVE-2014-3513\n A memory leak flaw was found in the way OpenSSL parsed\n the DTLS Secure Real-time Transport Protocol (SRTP)\n extension data. A remote attacker could send multiple\n specially crafted handshake messages to exhaust all\n available memory of an SSL/TLS or DTLS server.\n\n - CVE-2014-3566 ('POODLE')\n A flaw was found in the way SSL 3.0 handled padding\n bytes when decrypting messages encrypted using block\n ciphers in cipher block chaining (CBC) mode. This flaw\n allows a man-in-the-middle (MITM) attacker to decrypt a\n selected byte of a cipher text in as few as 256 tries if\n they are able to force a victim application to\n repeatedly send the same data over newly created SSL 3.0\n connections. \n\n This update adds support for Fallback SCSV to mitigate this issue.\n\n - CVE-2014-3567\n A memory leak flaw was found in the way an OpenSSL\n handled failed session ticket integrity checks. A remote\n attacker could exhaust all available memory of an\n SSL/TLS or DTLS server by sending a large number of\n invalid session tickets to that server. \n\n - CVE-2014-3568\n When OpenSSL is configured with 'no-ssl3' as a build\n option, servers could accept and complete a SSL 3.0\n handshake, and clients could be configured to send them.", "modified": "2018-11-10T00:00:00", "published": "2014-10-17T00:00:00", "id": "DEBIAN_DSA-3053.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78520", "title": "Debian DSA-3053-1 : openssl - security update (POODLE)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3053. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78520);\n script_version(\"1.23\");\n script_cvs_date(\"Date: 2018/11/10 11:49:36\");\n\n script_cve_id(\"CVE-2014-3513\", \"CVE-2014-3566\", \"CVE-2014-3567\", \"CVE-2014-3568\");\n script_bugtraq_id(70574, 70584, 70585, 70586);\n script_xref(name:\"DSA\", value:\"3053\");\n\n script_name(english:\"Debian DSA-3053-1 : openssl - security update (POODLE)\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been found in OpenSSL, the Secure Sockets\nLayer library and toolkit.\n\n - CVE-2014-3513\n A memory leak flaw was found in the way OpenSSL parsed\n the DTLS Secure Real-time Transport Protocol (SRTP)\n extension data. A remote attacker could send multiple\n specially crafted handshake messages to exhaust all\n available memory of an SSL/TLS or DTLS server.\n\n - CVE-2014-3566 ('POODLE')\n A flaw was found in the way SSL 3.0 handled padding\n bytes when decrypting messages encrypted using block\n ciphers in cipher block chaining (CBC) mode. This flaw\n allows a man-in-the-middle (MITM) attacker to decrypt a\n selected byte of a cipher text in as few as 256 tries if\n they are able to force a victim application to\n repeatedly send the same data over newly created SSL 3.0\n connections. \n\n This update adds support for Fallback SCSV to mitigate this issue.\n\n - CVE-2014-3567\n A memory leak flaw was found in the way an OpenSSL\n handled failed session ticket integrity checks. A remote\n attacker could exhaust all available memory of an\n SSL/TLS or DTLS server by sending a large number of\n invalid session tickets to that server. \n\n - CVE-2014-3568\n When OpenSSL is configured with 'no-ssl3' as a build\n option, servers could accept and complete a SSL 3.0\n handshake, and clients could be configured to send them.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-3513\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-3566\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-3567\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-3568\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/openssl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-3053\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the openssl packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 1.0.1e-2+deb7u13.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/16\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libssl-dev\", reference:\"1.0.1e-2+deb7u13\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libssl-doc\", reference:\"1.0.1e-2+deb7u13\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libssl1.0.0\", reference:\"1.0.1e-2+deb7u13\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libssl1.0.0-dbg\", reference:\"1.0.1e-2+deb7u13\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openssl\", reference:\"1.0.1e-2+deb7u13\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:21:34", "bulletinFamily": "scanner", "description": "openssl was updated to fix four security issues.\n\nThese security issues were fixed :\n\n - SRTP Memory Leak (CVE-2014-3513).\n\n - Session Ticket Memory Leak (CVE-2014-3567).\n\n - Fixed incomplete no-ssl3 build option (CVE-2014-3568).\n\n - Add support for TLS_FALLBACK_SCSV (CVE-2014-3566).\n\nNOTE: This update alone DOESN'T FIX the POODLE SSL protocol\nvulnerability. OpenSSL only adds downgrade detection support for\nclient applications. See\nhttps://www.suse.com/support/kb/doc.php?id=7015773 for mitigations.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2018-12-18T00:00:00", "published": "2015-05-20T00:00:00", "id": "SUSE_SU-2014-1524-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83648", "title": "SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2014:1524-1) (POODLE)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2014:1524-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83648);\n script_version(\"2.12\");\n script_cvs_date(\"Date: 2018/12/18 10:18:59\");\n\n script_cve_id(\"CVE-2014-3513\", \"CVE-2014-3566\", \"CVE-2014-3567\", \"CVE-2014-3568\");\n script_bugtraq_id(70574, 70584, 70585, 70586);\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2014:1524-1) (POODLE)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"openssl was updated to fix four security issues.\n\nThese security issues were fixed :\n\n - SRTP Memory Leak (CVE-2014-3513).\n\n - Session Ticket Memory Leak (CVE-2014-3567).\n\n - Fixed incomplete no-ssl3 build option (CVE-2014-3568).\n\n - Add support for TLS_FALLBACK_SCSV (CVE-2014-3566).\n\nNOTE: This update alone DOESN'T FIX the POODLE SSL protocol\nvulnerability. OpenSSL only adds downgrade detection support for\nclient applications. See\nhttps://www.suse.com/support/kb/doc.php?id=7015773 for mitigations.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=901223\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=901277\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-3513/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-3566/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-3567/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-3568/\"\n );\n # https://www.suse.com/support/kb/doc.php?id=7015773\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/support/kb/doc/?id=7015773\"\n );\n # https://www.suse.com/support/update/announcement/2014/suse-su-20141524-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?690c88bf\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2014-84\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2014-84\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2014-84\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/28\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! ereg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! ereg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-1.0.1i-5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-debuginfo-1.0.1i-5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-hmac-1.0.1i-5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssl-1.0.1i-5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssl-debuginfo-1.0.1i-5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssl-debugsource-1.0.1i-5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-1.0.1i-5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-1.0.1i-5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"openssl-1.0.1i-5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"openssl-debuginfo-1.0.1i-5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"openssl-debugsource-1.0.1i-5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:20:48", "bulletinFamily": "scanner", "description": "The VMware vCenter Server installed on the remote host is version 5.5\nprior to Update 2d. It is, therefore, affected by multiple\nvulnerabilities in the included OpenSSL library :\n\n - An error exists related to DTLS SRTP extension handling\n and specially crafted handshake messages that can allow\n denial of service attacks via memory leaks.\n (CVE-2014-3513)\n\n - An error exists related to the way SSL 3.0 handles\n padding bytes when decrypting messages encrypted using\n block ciphers in cipher block chaining (CBC) mode.\n Man-in-the-middle attackers can decrypt a selected byte\n of a cipher text in as few as 256 tries if they are able\n to force a victim application to repeatedly send the\n same data over newly created SSL 3.0 connections. This\n is also known as the 'POODLE' issue. (CVE-2014-3566)\n\n - An error exists related to session ticket handling that\n can allow denial of service attacks via memory leaks.\n (CVE-2014-3567)\n\n - An error exists related to the build configuration\n process and the 'no-ssl3' build option that allows\n servers and clients to process insecure SSL 3.0\n handshake messages. (CVE-2014-3568)", "modified": "2018-08-06T00:00:00", "published": "2015-02-03T00:00:00", "id": "VMWARE_VCENTER_VMSA-2015-0001.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81146", "title": "VMware Security Updates for vCenter Server (VMSA-2015-0001) (POODLE)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81146);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/08/06 14:03:15\");\n\n script_cve_id(\n \"CVE-2014-3513\",\n \"CVE-2014-3566\",\n \"CVE-2014-3567\",\n \"CVE-2014-3568\"\n );\n script_bugtraq_id(\n 70574,\n 70584,\n 70585,\n 70586\n );\n script_xref(name:\"CERT\", value:\"577193\");\n script_xref(name:\"VMSA\", value:\"2015-0001\");\n\n script_name(english:\"VMware Security Updates for vCenter Server (VMSA-2015-0001) (POODLE)\");\n script_summary(english:\"Checks the version of VMware vCenter.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has a virtualization management application installed\nthat is affected by multiple security vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The VMware vCenter Server installed on the remote host is version 5.5\nprior to Update 2d. It is, therefore, affected by multiple\nvulnerabilities in the included OpenSSL library :\n\n - An error exists related to DTLS SRTP extension handling\n and specially crafted handshake messages that can allow\n denial of service attacks via memory leaks.\n (CVE-2014-3513)\n\n - An error exists related to the way SSL 3.0 handles\n padding bytes when decrypting messages encrypted using\n block ciphers in cipher block chaining (CBC) mode.\n Man-in-the-middle attackers can decrypt a selected byte\n of a cipher text in as few as 256 tries if they are able\n to force a victim application to repeatedly send the\n same data over newly created SSL 3.0 connections. This\n is also known as the 'POODLE' issue. (CVE-2014-3566)\n\n - An error exists related to session ticket handling that\n can allow denial of service attacks via memory leaks.\n (CVE-2014-3567)\n\n - An error exists related to the build configuration\n process and the 'no-ssl3' build option that allows\n servers and clients to process insecure SSL 3.0\n handshake messages. (CVE-2014-3568)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.vmware.com/security/advisories/VMSA-2015-0001.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2014/10/14/poodle.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/~bodo/ssl-poodle.pdf\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to VMware vCenter Server 5.5u2d (5.5.0 build-2183111) or\nlater.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:vcenter_server\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"vmware_vcenter_detect.nbin\");\n script_require_keys(\"Host/VMware/vCenter\", \"Host/VMware/version\", \"Host/VMware/release\");\n script_require_ports(\"Services/www\", 80, 443);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nport = get_kb_item_or_exit(\"Host/VMware/vCenter\");\nversion = get_kb_item_or_exit(\"Host/VMware/version\");\nrelease = get_kb_item_or_exit(\"Host/VMware/release\");\n\n# Extract and verify the build number\nbuild = ereg_replace(pattern:'^VMware vCenter Server [0-9\\\\.]+ build-([0-9]+)$', string:release, replace:\"\\1\");\nif (build !~ '^[0-9]+$') exit(1, 'Failed to extract the build number from the release string.');\n\nrelease = release - 'VMware vCenter Server ';\nfixversion = NULL;\n\n# Check version and build numbers\nif (version =~ '^VMware vCenter 5\\\\.5$' && int(build) < 2183111) fixversion = '5.5.0 build-2183111';\nelse audit(AUDIT_LISTEN_NOT_VULN, 'VMware vCenter', port, release);\n\nif (report_verbosity > 0)\n{\n report =\n '\\n Installed version : ' + release +\n '\\n Fixed version : ' + fixversion +\n '\\n';\n security_hole(port:port, extra:report);\n}\nelse security_hole(port);\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:19:55", "bulletinFamily": "scanner", "description": "The OpenSSL Project reports :\n\nA flaw in the DTLS SRTP extension parsing code allows an attacker, who\nsends a carefully crafted handshake message, to cause OpenSSL to fail\nto free up to 64k of memory causing a memory leak. This could be\nexploited in a Denial Of Service attack. This issue affects OpenSSL\n1.0.1 server implementations for both SSL/TLS and DTLS regardless of\nwhether SRTP is used or configured. Implementations of OpenSSL that\nhave been compiled with OPENSSL_NO_SRTP defined are not affected.\n[CVE-2014-3513].\n\nWhen an OpenSSL SSL/TLS/DTLS server receives a session ticket the\nintegrity of that ticket is first verified. In the event of a session\nticket integrity check failing, OpenSSL will fail to free memory\ncausing a memory leak. By sending a large number of invalid session\ntickets an attacker could exploit this issue in a Denial Of Service\nattack. [CVE-2014-3567].\n\nOpenSSL has added support for TLS_FALLBACK_SCSV to allow applications\nto block the ability for a MITM attacker to force a protocol\ndowngrade.\n\nSome client applications (such as browsers) will reconnect using a\ndowngraded protocol to work around interoperability bugs in older\nservers. This could be exploited by an active man-in-the-middle to\ndowngrade connections to SSL 3.0 even if both sides of the connection\nsupport higher protocols. SSL 3.0 contains a number of weaknesses\nincluding POODLE [CVE-2014-3566].\n\nWhen OpenSSL is configured with 'no-ssl3' as a build option, servers\ncould accept and complete a SSL 3.0 handshake, and clients could be\nconfigured to send them. [CVE-2014-3568].", "modified": "2018-11-10T00:00:00", "published": "2014-10-16T00:00:00", "id": "FREEBSD_PKG_03175E62549411E49CC1BC5FF4FB5E7B.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78495", "title": "FreeBSD : OpenSSL -- multiple vulnerabilities (03175e62-5494-11e4-9cc1-bc5ff4fb5e7b) (POODLE)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78495);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2018/11/10 11:49:43\");\n\n script_cve_id(\"CVE-2014-3513\", \"CVE-2014-3566\", \"CVE-2014-3567\", \"CVE-2014-3568\");\n script_bugtraq_id(70574, 70584, 70585, 70586);\n script_xref(name:\"FreeBSD\", value:\"SA-14:23.openssl\");\n\n script_name(english:\"FreeBSD : OpenSSL -- multiple vulnerabilities (03175e62-5494-11e4-9cc1-bc5ff4fb5e7b) (POODLE)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The OpenSSL Project reports :\n\nA flaw in the DTLS SRTP extension parsing code allows an attacker, who\nsends a carefully crafted handshake message, to cause OpenSSL to fail\nto free up to 64k of memory causing a memory leak. This could be\nexploited in a Denial Of Service attack. This issue affects OpenSSL\n1.0.1 server implementations for both SSL/TLS and DTLS regardless of\nwhether SRTP is used or configured. Implementations of OpenSSL that\nhave been compiled with OPENSSL_NO_SRTP defined are not affected.\n[CVE-2014-3513].\n\nWhen an OpenSSL SSL/TLS/DTLS server receives a session ticket the\nintegrity of that ticket is first verified. In the event of a session\nticket integrity check failing, OpenSSL will fail to free memory\ncausing a memory leak. By sending a large number of invalid session\ntickets an attacker could exploit this issue in a Denial Of Service\nattack. [CVE-2014-3567].\n\nOpenSSL has added support for TLS_FALLBACK_SCSV to allow applications\nto block the ability for a MITM attacker to force a protocol\ndowngrade.\n\nSome client applications (such as browsers) will reconnect using a\ndowngraded protocol to work around interoperability bugs in older\nservers. This could be exploited by an active man-in-the-middle to\ndowngrade connections to SSL 3.0 even if both sides of the connection\nsupport higher protocols. SSL 3.0 contains a number of weaknesses\nincluding POODLE [CVE-2014-3566].\n\nWhen OpenSSL is configured with 'no-ssl3' as a build option, servers\ncould accept and complete a SSL 3.0 handshake, and clients could be\nconfigured to send them. [CVE-2014-3568].\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20141015.txt\"\n );\n # https://vuxml.freebsd.org/freebsd/03175e62-5494-11e4-9cc1-bc5ff4fb5e7b.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a1d30c67\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-c6-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mingw32-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/15\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"openssl>=1.0.1<1.0.1_16\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mingw32-openssl>=1.0.1<1.0.1j\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-c6-openssl<1.0.1e_1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:19:54", "bulletinFamily": "scanner", "description": "New openssl packages are available for Slackware 13.0, 13.1, 13.37,\n14.0, 14.1, and -current to fix security issues.", "modified": "2018-09-04T00:00:00", "published": "2014-10-16T00:00:00", "id": "SLACKWARE_SSA_2014-288-01.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78483", "title": "Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : openssl (SSA:2014-288-01) (POODLE)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2014-288-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78483);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2018/09/04 13:20:07\");\n\n script_cve_id(\"CVE-2014-3513\", \"CVE-2014-3566\", \"CVE-2014-3567\", \"CVE-2014-3568\");\n script_bugtraq_id(70574, 70584, 70585, 70586);\n script_xref(name:\"SSA\", value:\"2014-288-01\");\n\n script_name(english:\"Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : openssl (SSA:2014-288-01) (POODLE)\");\n script_summary(english:\"Checks for updated packages in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New openssl packages are available for Slackware 13.0, 13.1, 13.37,\n14.0, 14.1, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.846452\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f04ef77c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl and / or openssl-solibs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:openssl-solibs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/15\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"13.0\", pkgname:\"openssl\", pkgver:\"0.9.8zc\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zc\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"0.9.8zc\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zc\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"openssl\", pkgver:\"0.9.8zc\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zc\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"0.9.8zc\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zc\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"openssl\", pkgver:\"0.9.8zc\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zc\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"0.9.8zc\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zc\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"14.0\", pkgname:\"openssl\", pkgver:\"1.0.1j\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1j\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"1.0.1j\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1j\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"openssl\", pkgver:\"1.0.1j\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1j\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"1.0.1j\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1j\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"openssl\", pkgver:\"1.0.1j\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1j\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"1.0.1j\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1j\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:19:54", "bulletinFamily": "scanner", "description": "A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure\nReal-time Transport Protocol (SRTP) extension data. A remote attacker\ncould send multiple specially crafted handshake messages to exhaust\nall available memory of an SSL/TLS or DTLS server. (CVE-2014-3513)\n\nA memory leak flaw was found in the way an OpenSSL handled failed\nsession ticket integrity checks. A remote attacker could exhaust all\navailable memory of an SSL/TLS or DTLS server by sending a large\nnumber of invalid session tickets to that server. (CVE-2014-3567)\n\nWhen OpenSSL is configured with 'no-ssl3' as a build option, servers\ncould accept and complete a SSL 3.0 handshake, and clients could be\n\nconfigured to send them. (CVE-2014-3568)", "modified": "2018-04-18T00:00:00", "published": "2014-10-16T00:00:00", "id": "ALA_ALAS-2014-427.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78485", "title": "Amazon Linux AMI : openssl (ALAS-2014-427)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2014-427.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78485);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2014-3513\", \"CVE-2014-3567\", \"CVE-2014-3568\");\n script_xref(name:\"ALAS\", value:\"2014-427\");\n\n script_name(english:\"Amazon Linux AMI : openssl (ALAS-2014-427)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure\nReal-time Transport Protocol (SRTP) extension data. A remote attacker\ncould send multiple specially crafted handshake messages to exhaust\nall available memory of an SSL/TLS or DTLS server. (CVE-2014-3513)\n\nA memory leak flaw was found in the way an OpenSSL handled failed\nsession ticket integrity checks. A remote attacker could exhaust all\navailable memory of an SSL/TLS or DTLS server by sending a large\nnumber of invalid session tickets to that server. (CVE-2014-3567)\n\nWhen OpenSSL is configured with 'no-ssl3' as a build option, servers\ncould accept and complete a SSL 3.0 handshake, and clients could be\n\nconfigured to send them. (CVE-2014-3568)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2014-427.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Run 'yum update openssl' to update your system. Note that you may need\nto run 'yum clean all' first.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"openssl-1.0.1j-1.80.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-debuginfo-1.0.1j-1.80.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-devel-1.0.1j-1.80.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-perl-1.0.1j-1.80.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-static-1.0.1j-1.80.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:19:56", "bulletinFamily": "scanner", "description": "According to its banner, the remote web server uses a version of\nOpenSSL 1.0.1 prior to 1.0.1j. The OpenSSL library is, therefore,\naffected by the following vulnerabilities :\n\n - An error exists related to DTLS SRTP extension handling\n and specially crafted handshake messages that can allow\n denial of service attacks via memory leaks.\n (CVE-2014-3513)\n\n - An error exists related to the way SSL 3.0 handles\n padding bytes when decrypting messages encrypted using\n block ciphers in cipher block chaining (CBC) mode. A\n man-in-the-middle attacker can decrypt a selected byte\n of a cipher text in as few as 256 tries if they are able\n to force a victim application to repeatedly send the\n same data over newly created SSL 3.0 connections. This\n is also known as the 'POODLE' issue. (CVE-2014-3566)\n\n - An error exists related to session ticket handling that\n can allow denial of service attacks via memory leaks.\n (CVE-2014-3567)\n\n - An error exists related to the build configuration\n process and the 'no-ssl3' build option that allows\n servers and clients to process insecure SSL 3.0\n handshake messages. (CVE-2014-3568)", "modified": "2018-07-16T00:00:00", "published": "2014-10-17T00:00:00", "id": "OPENSSL_1_0_1J.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78554", "title": "OpenSSL 1.0.1 < 1.0.1j Multiple Vulnerabilities (POODLE)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78554);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/07/16 14:09:14\");\n\n script_cve_id(\n \"CVE-2014-3513\",\n \"CVE-2014-3566\",\n \"CVE-2014-3567\",\n \"CVE-2014-3568\"\n );\n script_bugtraq_id(70574, 70584, 70585, 70586);\n script_xref(name:\"CERT\", value:\"577193\");\n\n script_name(english:\"OpenSSL 1.0.1 < 1.0.1j Multiple Vulnerabilities (POODLE)\");\n script_summary(english:\"Performs a banner check.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote service is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote web server uses a version of\nOpenSSL 1.0.1 prior to 1.0.1j. The OpenSSL library is, therefore,\naffected by the following vulnerabilities :\n\n - An error exists related to DTLS SRTP extension handling\n and specially crafted handshake messages that can allow\n denial of service attacks via memory leaks.\n (CVE-2014-3513)\n\n - An error exists related to the way SSL 3.0 handles\n padding bytes when decrypting messages encrypted using\n block ciphers in cipher block chaining (CBC) mode. A\n man-in-the-middle attacker can decrypt a selected byte\n of a cipher text in as few as 256 tries if they are able\n to force a victim application to repeatedly send the\n same data over newly created SSL 3.0 connections. This\n is also known as the 'POODLE' issue. (CVE-2014-3566)\n\n - An error exists related to session ticket handling that\n can allow denial of service attacks via memory leaks.\n (CVE-2014-3567)\n\n - An error exists related to the build configuration\n process and the 'no-ssl3' build option that allows\n servers and clients to process insecure SSL 3.0\n handshake messages. (CVE-2014-3568)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/openssl-1.0.1-notes.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20141015.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/vulnerabilities.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2014/10/14/poodle.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/~bodo/ssl-poodle.pdf\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to OpenSSL 1.0.1j or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:'1.0.1j', min:\"1.0.1\", severity:SECURITY_WARNING);\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:20:42", "bulletinFamily": "scanner", "description": "A version of IBM General Parallel File System (GPFS) 3.5.x prior to\n3.5.0.21 is installed on the remote Windows host. It is, therefore,\naffected by the following OpenSSL related vulnerabilities :\n\n - An error exists related to DTLS SRTP extension handling\n and specially crafted handshake messages that can allow\n denial of service attacks via memory leaks.\n (CVE-2014-3513)\n\n - An error exists related to the way SSL 3.0 handles\n padding bytes when decrypting messages encrypted using\n block ciphers in cipher block chaining (CBC) mode.\n Man-in-the-middle attackers can decrypt a selected byte\n of a cipher text in as few as 256 tries if they are able\n to force a victim application to repeatedly send the\n same data over newly created SSL 3.0 connections. This\n is also known as the 'POODLE' issue. (CVE-2014-3566)\n\n - An error exists related to session ticket handling that\n can allow denial of service attacks via memory leaks.\n (CVE-2014-3567)\n\n - An error exists related to the build configuration\n process and the 'no-ssl3' build option that allows\n servers and clients to process insecure SSL 3.0\n handshake messages. (CVE-2014-3568)", "modified": "2018-07-12T00:00:00", "published": "2015-01-21T00:00:00", "id": "IBM_GPFS_ISG3T1021546_WINDOWS.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80885", "title": "IBM General Parallel File System Multiple Vulnerabilities (Windows) (POODLE)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80885);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/07/12 19:01:17\");\n\n script_cve_id(\n \"CVE-2014-3513\",\n \"CVE-2014-3566\",\n \"CVE-2014-3567\",\n \"CVE-2014-3568\"\n );\n script_bugtraq_id(70574, 70584, 70585, 70586);\n script_xref(name:\"CERT\", value:\"577193\");\n\n script_name(english:\"IBM General Parallel File System Multiple Vulnerabilities (Windows) (POODLE)\");\n script_summary(english:\"Checks the local version of GPFS.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A clustered file system on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"A version of IBM General Parallel File System (GPFS) 3.5.x prior to\n3.5.0.21 is installed on the remote Windows host. It is, therefore,\naffected by the following OpenSSL related vulnerabilities :\n\n - An error exists related to DTLS SRTP extension handling\n and specially crafted handshake messages that can allow\n denial of service attacks via memory leaks.\n (CVE-2014-3513)\n\n - An error exists related to the way SSL 3.0 handles\n padding bytes when decrypting messages encrypted using\n block ciphers in cipher block chaining (CBC) mode.\n Man-in-the-middle attackers can decrypt a selected byte\n of a cipher text in as few as 256 tries if they are able\n to force a victim application to repeatedly send the\n same data over newly created SSL 3.0 connections. This\n is also known as the 'POODLE' issue. (CVE-2014-3566)\n\n - An error exists related to session ticket handling that\n can allow denial of service attacks via memory leaks.\n (CVE-2014-3567)\n\n - An error exists related to the build configuration\n process and the 'no-ssl3' build option that allows\n servers and clients to process insecure SSL 3.0\n handshake messages. (CVE-2014-3568)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=isg3T1021546\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-304.ibm.com/support/docview.wss?uid=isg3T1021548\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2014/10/14/poodle.html\");\n script_set_attribute(attribute:\"see_also\", value: \"https://www.openssl.org/~bodo/ssl-poodle.pdf\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20141015.txt\");\n script_set_attribute(attribute:\"see_also\", value: \"https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to GPFS 3.5.0.21 or later.\n\nIf GPFS multiclustering is configured on Windows nodes, consult the\nvendor advisory for detailed instructions.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:general_parallel_file_system\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ibm_gpfs_installed.nbin\");\n script_require_keys(\"installed_sw/IBM General Parallel File System\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\napp_name = \"IBM General Parallel File System\";\ninstall = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);\nversion = install['version'];\npath = install['path'];\n\nif (version !~ \"^3\\.5\\.\") audit(AUDIT_NOT_INST, app_name + \" 3.5.x\");\nif (version =~ \"^3(\\.5(\\.0)?)?$\") audit(AUDIT_VER_NOT_GRANULAR, app_name, version);\n\nfix = \"3.5.0.21\";\n\n# Affected :\n# 3.5.x < 3.5.0.21\nif (ver_compare(ver:version, fix:fix, strict:FALSE) == -1)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix + '\\n';\n security_warning(extra:report, port:port);\n }\n else security_warning(port:port);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "openssl": [{"lastseen": "2016-09-26T17:22:34", "bulletinFamily": "software", "description": "When OpenSSL is configured with \"no-ssl3\" as a build option, servers could accept and complete a SSL 3.0 handshake, and clients could be configured to send them. Reported by Akamai Technologies.", "modified": "2014-10-15T00:00:00", "published": "2014-10-15T00:00:00", "id": "OPENSSL:CVE-2014-3568", "href": "https://www.openssl.org/news/vulnerabilities.html", "type": "openssl", "title": "Vulnerability in OpenSSL (CVE-2014-3568)", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-26T17:22:34", "bulletinFamily": "software", "description": "When an OpenSSL SSL/TLS/DTLS server receives a session ticket the integrity of that ticket is first verified. In the event of a session ticket integrity check failing, OpenSSL will fail to free memory causing a memory leak. By sending a large number of invalid session tickets an attacker could exploit this issue in a Denial Of Service attack.", "modified": "2014-10-15T00:00:00", "published": "2014-10-15T00:00:00", "id": "OPENSSL:CVE-2014-3567", "href": "https://www.openssl.org/news/vulnerabilities.html", "type": "openssl", "title": "Vulnerability in OpenSSL (CVE-2014-3567)", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-26T17:22:34", "bulletinFamily": "software", "description": "A flaw in the DTLS SRTP extension parsing code allows an attacker, who sends a carefully crafted handshake message, to cause OpenSSL to fail to free up to 64k of memory causing a memory leak. This could be exploited in a Denial Of Service attack. This issue affects OpenSSL 1.0.1 server implementations for both SSL/TLS and DTLS regardless of whether SRTP is used or configured. Implementations of OpenSSL that have been compiled with OPENSSL_NO_SRTP defined are not affected. Reported by LibreSSL project.", "modified": "2014-10-15T00:00:00", "published": "2014-10-15T00:00:00", "id": "OPENSSL:CVE-2014-3513", "href": "https://www.openssl.org/news/vulnerabilities.html", "type": "openssl", "title": "Vulnerability in OpenSSL (CVE-2014-3513)", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "kaspersky": [{"lastseen": "2019-02-15T12:33:36", "bulletinFamily": "info", "description": "### *Detect date*:\n07/18/2014\n\n### *Severity*:\nHigh\n\n### *Description*:\nAn obsolete version of OpenSSL was found in Tableau. By exploiting this vulnerability malicious users can cause denial of service, obtain sensitive information and bypass security. This vulnerability can be exploited remotely.\n\n### *Affected products*:\nTableau server 8.1. versions 8.1.12 and earlier \nTableau server 8.2. versions 8.2.4 and earlier\n\n### *Solution*:\nUpdate to latest version\n\n### *Original advisories*:\n[Tableau changelog](<http://www.tableausoftware.com/support/releases>) \n\n\n### *Impacts*:\nOSI \n\n### *Related products*:\n[Tableau Server](<https://threats.kaspersky.com/en/product/Tableau-Server/>)\n\n### *CVE-IDS*:\n[CVE-2014-3566](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566>) \n[CVE-2014-3568](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568>) \n[CVE-2014-3513](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513>) \n[CVE-2014-3567](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567>)", "modified": "2019-02-13T00:00:00", "published": "2014-07-18T00:00:00", "id": "KLA10359", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10359", "title": "\r KLA10359Vulnerability in Tableau ", "type": "kaspersky", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-02-15T12:34:15", "bulletinFamily": "info", "description": "### *Detect date*:\n01/27/2015\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple serious vulnerabilities have been found in VMware products. Malicious users can exploit these vulnerabilities to gain privileges or cause denial of service.\n\n### *Affected products*:\nVMware Workstation 10 versions earlier than 10.0.5 \nVMware Player 6 versions earlier than 6.0.5 \nVMware Fusion 7 versions earlier than 7.0.1 \nVMware Fusion 6 versions earlier than 6.0.5 \nVMware vCenter Server 5.5 earlier than update 2d \nESXi 5.5 without patch ESXi550-201403102-SG, ESXi550-201501101-SG \nESXi 5.1 without patch ESXi510-201404101-SG \nESXi 5.0 without patch ESXi500-201405101-SG\n\n### *Solution*:\nUpdate to latest version \n[Get VMware products](<https://my.vmware.com/web/vmware/downloads>)\n\n### *Original advisories*:\n[VMSA](<https://www.vmware.com/security/advisories/VMSA-2015-0001>) \n\n\n### *Impacts*:\nOSI \n\n### *Related products*:\n[VMware Workstation](<https://threats.kaspersky.com/en/product/VMware-Workstation/>)\n\n### *CVE-IDS*:\n[CVE-2014-3566](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566>) \n[CVE-2014-3568](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568>) \n[CVE-2014-3660](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3660>) \n[CVE-2015-1043](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1043>) \n[CVE-2015-1044](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1044>) \n[CVE-2014-3513](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513>) \n[CVE-2014-3567](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567>) \n[CVE-2014-8370](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8370>)", "modified": "2019-02-13T00:00:00", "published": "2015-01-27T00:00:00", "id": "KLA10452", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10452", "title": "\r KLA10452Multiple vulnerabilities in VMware products ", "type": "kaspersky", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "amazon": [{"lastseen": "2018-10-02T16:55:14", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nA memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol (SRTP) extension data. A remote attacker could send multiple specially crafted handshake messages to exhaust all available memory of an SSL/TLS or DTLS server. ([CVE-2014-3513 __](<https://access.redhat.com/security/cve/CVE-2014-3513>))\n\nA memory leak flaw was found in the way an OpenSSL handled failed session ticket integrity checks. A remote attacker could exhaust all available memory of an SSL/TLS or DTLS server by sending a large number of invalid session tickets to that server. ([CVE-2014-3567 __](<https://access.redhat.com/security/cve/CVE-2014-3567>))\n\nWhen OpenSSL is configured with \"no-ssl3\" as a build option, servers could accept and complete a SSL 3.0 handshake, and clients could be \nconfigured to send them. ([CVE-2014-3568 __](<https://access.redhat.com/security/cve/CVE-2014-3568>))\n\n \n**Affected Packages:** \n\n\nopenssl\n\n \n**Issue Correction:** \nRun _yum update openssl_ to update your system. Note that you may need to run _yum clean all_ first.\n\n \n\n\n**New Packages:**\n \n \n i686: \n openssl-1.0.1j-1.80.amzn1.i686 \n openssl-debuginfo-1.0.1j-1.80.amzn1.i686 \n openssl-devel-1.0.1j-1.80.amzn1.i686 \n openssl-static-1.0.1j-1.80.amzn1.i686 \n openssl-perl-1.0.1j-1.80.amzn1.i686 \n \n src: \n openssl-1.0.1j-1.80.amzn1.src \n \n x86_64: \n openssl-1.0.1j-1.80.amzn1.x86_64 \n openssl-perl-1.0.1j-1.80.amzn1.x86_64 \n openssl-debuginfo-1.0.1j-1.80.amzn1.x86_64 \n openssl-static-1.0.1j-1.80.amzn1.x86_64 \n openssl-devel-1.0.1j-1.80.amzn1.x86_64 \n \n \n", "modified": "2014-10-15T18:38:00", "published": "2014-10-15T18:38:00", "id": "ALAS-2014-427", "href": "https://alas.aws.amazon.com/ALAS-2014-427.html", "title": "Important: openssl", "type": "amazon", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-12-11T19:42:44", "bulletinFamily": "unix", "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary.\n\nThis update adds support for the TLS Fallback Signaling Cipher Suite Value\n(TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade\nattacks against applications which re-connect using a lower SSL/TLS\nprotocol version when the initial connection indicating the highest\nsupported protocol version fails.\n\nThis can prevent a forceful downgrade of the communication to SSL 3.0.\nThe SSL 3.0 protocol was found to be vulnerable to the padding oracle\nattack when using block cipher suites in cipher block chaining (CBC) mode.\nThis issue is identified as CVE-2014-3566, and also known under the alias\nPOODLE. This SSL 3.0 protocol flaw will not be addressed in a future\nupdate; it is recommended that users configure their applications to\nrequire at least TLS protocol version 1.0 for secure communication.\n\nFor additional information about this flaw, see the Knowledgebase article\nat https://access.redhat.com/articles/1232123\n\nA memory leak flaw was found in the way OpenSSL parsed the DTLS Secure\nReal-time Transport Protocol (SRTP) extension data. A remote attacker could\nsend multiple specially crafted handshake messages to exhaust all available\nmemory of an SSL/TLS or DTLS server. (CVE-2014-3513)\n\nA memory leak flaw was found in the way an OpenSSL handled failed session\nticket integrity checks. A remote attacker could exhaust all available\nmemory of an SSL/TLS or DTLS server by sending a large number of invalid\nsession tickets to that server. (CVE-2014-3567)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to mitigate the CVE-2014-3566 issue and correct\nthe CVE-2014-3513 and CVE-2014-3567 issues. For the update to take effect,\nall services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n", "modified": "2018-06-06T20:24:06", "published": "2014-10-16T04:00:00", "id": "RHSA-2014:1652", "href": "https://access.redhat.com/errata/RHSA-2014:1652", "type": "redhat", "title": "(RHSA-2014:1652) Important: openssl security update", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:44:58", "bulletinFamily": "unix", "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary.\n\nThis update adds support for the TLS Fallback Signaling Cipher Suite Value\n(TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade\nattacks against applications which re-connect using a lower SSL/TLS\nprotocol version when the initial connection indicating the highest\nsupported protocol version fails.\n\nThis can prevent a forceful downgrade of the communication to SSL 3.0.\nThe SSL 3.0 protocol was found to be vulnerable to the padding oracle\nattack when using block cipher suites in cipher block chaining (CBC) mode.\nThis issue is identified as CVE-2014-3566, and also known under the alias\nPOODLE. This SSL 3.0 protocol flaw will not be addressed in a future\nupdate; it is recommended that users configure their applications to\nrequire at least TLS protocol version 1.0 for secure communication.\n\nFor additional information about this flaw, see the Knowledgebase article\nat https://access.redhat.com/articles/1232123\n\nA memory leak flaw was found in the way OpenSSL parsed the DTLS Secure\nReal-time Transport Protocol (SRTP) extension data. A remote attacker could\nsend multiple specially crafted handshake messages to exhaust all available\nmemory of an SSL/TLS or DTLS server. (CVE-2014-3513)\n\nA memory leak flaw was found in the way an OpenSSL handled failed session\nticket integrity checks. A remote attacker could exhaust all available\nmemory of an SSL/TLS or DTLS server by sending a large number of invalid\nsession tickets to that server. (CVE-2014-3567)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to mitigate the CVE-2014-3566 issue and correct\nthe CVE-2014-3513 and CVE-2014-3567 issues. For the update to take effect,\nall services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n", "modified": "2015-04-24T14:20:56", "published": "2014-10-22T04:00:00", "id": "RHSA-2014:1692", "href": "https://access.redhat.com/errata/RHSA-2014:1692", "type": "redhat", "title": "(RHSA-2014:1692) Important: openssl security update", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "centos": [{"lastseen": "2018-03-09T11:46:27", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2014:1652\n\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary.\n\nThis update adds support for the TLS Fallback Signaling Cipher Suite Value\n(TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade\nattacks against applications which re-connect using a lower SSL/TLS\nprotocol version when the initial connection indicating the highest\nsupported protocol version fails.\n\nThis can prevent a forceful downgrade of the communication to SSL 3.0.\nThe SSL 3.0 protocol was found to be vulnerable to the padding oracle\nattack when using block cipher suites in cipher block chaining (CBC) mode.\nThis issue is identified as CVE-2014-3566, and also known under the alias\nPOODLE. This SSL 3.0 protocol flaw will not be addressed in a future\nupdate; it is recommended that users configure their applications to\nrequire at least TLS protocol version 1.0 for secure communication.\n\nFor additional information about this flaw, see the Knowledgebase article\nat https://access.redhat.com/articles/1232123\n\nA memory leak flaw was found in the way OpenSSL parsed the DTLS Secure\nReal-time Transport Protocol (SRTP) extension data. A remote attacker could\nsend multiple specially crafted handshake messages to exhaust all available\nmemory of an SSL/TLS or DTLS server. (CVE-2014-3513)\n\nA memory leak flaw was found in the way an OpenSSL handled failed session\nticket integrity checks. A remote attacker could exhaust all available\nmemory of an SSL/TLS or DTLS server by sending a large number of invalid\nsession tickets to that server. (CVE-2014-3567)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to mitigate the CVE-2014-3566 issue and correct\nthe CVE-2014-3513 and CVE-2014-3567 issues. For the update to take effect,\nall services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-October/020695.html\nhttp://lists.centos.org/pipermail/centos-announce/2014-October/020697.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2014-October/001475.html\n\n**Affected packages:**\nopenssl\nopenssl-devel\nopenssl-libs\nopenssl-perl\nopenssl-static\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-1652.html", "modified": "2014-10-20T18:15:10", "published": "2014-10-16T16:22:42", "href": "http://lists.centos.org/pipermail/centos-announce/2014-October/020695.html", "id": "CESA-2014:1652", "title": "openssl security update", "type": "centos", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T12:01:42", "bulletinFamily": "exploit", "description": "# SSL 3.0 POODLE attack information disclosure Vulnerability(CVE-2014-3566)\n\n * Release date: 2014-10-14\n * Update date: 2014-10-16\n\n### Affected system:\n\n * Netscape ssl 3.0\n * Netscape tls\n\n### Not affected system:\n\n * Netscape tls 1.2\n * Netscape tls 1.1\n * Netscape tls 1.0\n\n## Description:\n\nCVE(CAN) ID: CVE-2014-3566\n\nSSL3. 0 is an obsolete and insecure Protocol, has now been TLS 1.0, TLS 1.1, TLS 1.2 alternative, because of compatibility reasons, most TLS implementations remain compatible with SSL3. To 0.\n\nFor commonality considerations, currently most browsers version support SSL3. 0, TLS Protocol handshake phase contains a version negotiation step, in General, the client and server to the latest version of the Protocol will be used. Its in the server side of the handshake phase for version negotiation, first offer its support agreement to the latest version, if the handshake fails, then try with the older version of the Protocol negotiation. Be able to implement man in the middle attacks the attacker by making the affected versions of the browser and the server using newer Protocol negotiation failed connection, you can successfully achieve a downgrade attack, so that the client and the server using the insecure SSL3. 0 communicate, in this case, since the SSL 3.0 use of CBC block encryption implementation vulnerability exists, an attacker can successfully crack the SSL connections encrypt the information, such as access to user cookie data. This attack is called POODL attack(Padding Oracle On Downgraded Legacy Encryption) is.\n\nThis vulnerability affected the vast majority of SSL server and client, the impact of a wide range. But the attacker as to the use of successful, need to be able to control the client and server between the data(perform a MiTM attack).\n\nHow to fix POODLE SSLv3 security vulnerability (CVE-2014-3566) http://www.linuxidc.com/Linux/2014-10/108103.htm\n\n## Recommendations\n\nTemporary workaround:\n\nIf you can not immediately install patches or upgrades, NSFOCUS recommend that you take the following measures to reduce the threat:\n\n * Disable the SSL 3.0 Protocol.\n\nThe current popular browsers, only IE 6.0 still does not support TLS 1.0, disable SSL 3.0 Protocol will affect IE 6 clients SSL access.\n\n## The service end of the Disable method:\n\n### Apache 2. x\n\nIn the mod_ssl configuration file use the following command to disable SSLv2 and SSLv3 with: SSLProtocol All-SSLv2-SSLv3 Restart Apache\n\n### Nginx\n\nIn the configuration file to use: ssl_protocols TLSv1 TLSv1. 1 TLSv1. 2; Restart Nginx\n\n### IIS\n\nFind the following registry key: HKey_Local_Machine\\System\\CurrentControlSet\\Control\\SecurityProviders \\SCHANNEL\\Protocols This registry key usually contains the following sub-items:\n\n * PCT 1.0\n * SSL 2.0\n * SSL 3.0\n * TLS 1.0\n\nEach of the registry entries are reserved for in the Protocol-related information. Can be on the server, disable these protocols in any one. To do this, the Protocol SSL 3.0, the server subkey create a new DWORD Value. The DWORD value is set to\u201c00 00 00 00\u201dit.\n\n## Browser disable method:\n\nIE: \"Tools\" -> \"Internet Options\" -> \"Advanced\", uncheck\"use SSL 3.0\"check box.\n\nChrome:\n\nCopy a usually open Chrome browser shortcuts, the new shortcut on right-click, Go into properties, In the\"target\"behind the spaces in the end of the field, enter the following command --ssl-version-min=tls1\n\nFireFox:\n\nIn the address bar enter\"about:config\", and then the security. tls. version. min adjusted to 1.\n\n### Reference:\n\n * https://www.openssl.org/~bodo/ssl-poodle. pdf\n * http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html \n * https://technet.microsoft.com/en-us/library/security/3009008\n", "modified": "2017-02-17T00:00:00", "published": "2017-02-17T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-92692", "id": "SSV:92692", "type": "seebug", "title": "SSL 3.0 POODLE\uff08CVE-2014-3566\uff09", "sourceData": "", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": ""}], "paloalto": [{"lastseen": "2018-08-31T00:11:38", "bulletinFamily": "software", "description": "A vulnerability affecting most implementations of SSL 3.0 has been discovered that allows an attacker to decrypt some encrypted contents under certain conditions (CVE-2014-3566). The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the \"POODLE\" issue. More information can be found at: https://www.openssl.org/~bodo/ssl-poodle.pdf. SSL 3.0 is a supported protocol in PAN-OS services including device management and SSL VPN.\n", "modified": "2014-10-20T00:00:00", "published": "2014-10-20T00:00:00", "id": "PAN-SA-2014-0005", "href": "https://securityadvisories.paloaltonetworks.com/Home/Detail/25", "title": "SSL 3.0 MITM Attack (CVE-2014-3566)", "type": "paloalto", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T00:11:39", "bulletinFamily": "software", "description": "A vulnerability affecting some implementations of TLS 1.x with CBC cipher modes has been discovered that allows an attacker to decrypt some encrypted contents under certain conditions (CVE-2014-8730). This padding-oracle attack on TLS CBC cipher modes is a variant of the POODLE vulnerability, commonly known as \u201cPOODLE Bites\u201d. This issue is confirmed to affect PAN-OS implementation of TLS 1.x. (Ref #72544)\n", "modified": "2015-01-12T00:00:00", "published": "2015-01-12T00:00:00", "id": "PAN-SA-2015-0001", "href": "https://securityadvisories.paloaltonetworks.com/Home/Detail/28", "title": "Padding-oracle attack on TLS CBC cipher mode (CVE-2014-8730)", "type": "paloalto", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "cloudfoundry": [{"lastseen": "2018-09-07T03:25:46", "bulletinFamily": "software", "description": "CVE-2014-3566 SSLV3 POODLE\n\n# \n\nModerate\n\n# Vendor\n\nThe SSL protocol 3.0, as used in OpenSSL through 1.0.1i\n\n# Versions Affected\n\n * SSLv3 \n\n# Description\n\nSSL 3.0 [RFC6101] is an obsolete and insecure protocol. While for most practical purposes it has been replaced by its successors TLS 1.0 [RFC2246], TLS 1.1 [RFC4346] and TLS 1.2 [RFC5246], many TLS implementations remain backwards \u00adcompatible with SSL 3.0 to interoperate with legacy systems in the interest of a smooth user experience.\n\nThe protocol handshake provides for authenticated version negotiation, so normally the latest protocol version common to the client and the server will be used. However, even if a client and server both support a version of TLS, the security level offered by SSL 3.0 is still relevant since many clients implement a protocol downgrade dance to work around server\u00adside interoperability bugs. Attackers can exploit the downgrade dance and break the cryptographic security of SSL 3.0. Our POODLE attack (Padding Oracle On Downgraded Legacy Encryption) will allow them, for example, to steal \u201csecure\u201d HTTP cookies (or other bearer tokens such as HTTP Authorization header contents).\n\n# Affected Products and Versions\n\n_Severity is moderate unless otherwise noted. \n_\n\n * BOSH: All versions of Cloud Foundry BOSH stemcells 2743 and prior use SSLv3 and thus are vulnerable to CVE-2014-3356 \n * tc Server 2.9.0 to 2.9.7 and 3.0.0 to 3.0.1. Previous, unsupported tc Server versions may also be affected. \n\n# Mitigation\n\nThe Cloud Foundry project recommends that HAProxy or any other ELBs is use be updated to disable SSLv3 as a workaround that resolves CVE-2014-3566.\n\nThe details published by the Apache Software Foundation for [mitigating this attack for Apache Tomcat](<https://wiki.apache.org/tomcat/Security/POODLE>) apply equally to tc Runtime instances. The tc Server team is tracking the work of the Apache Tomcat project to release versions of Apache Tomcat that disable SSLv3 by default. tc Server releases will follow the releases from the Apache Software Foundation.\n\n# Credit\n\nGoogle researchers Bodo M\u00f6ller, Thai Duong and Krzysztof Kotowicz released a [paper](<https://www.openssl.org/~bodo/ssl-poodle.pdf>) discussing a serious bug in SSL 3.0 that allows attackers to conduct man-in-the-middle attacks and decrypt the traffic between Web servers and end users.\n\n# References\n\n * <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566>\n * <https://www.openssl.org/~bodo/ssl-poodle.pdf>\n * <http://boshartifacts.cloudfoundry.org/file_collections?type=stemcells>\n * <https://github.com/cloudfoundry/cf-release>\n * <https://wiki.apache.org/tomcat/Security/POODLE>\n\n# History\n\n2014-Oct-16: Initial vulnerability report published.\n\n2013-Nov-03: Updated to include tc Server information\n", "modified": "2014-10-16T00:00:00", "published": "2014-10-16T00:00:00", "id": "CFOUNDRY:ACE3C7E4A01EEFAC1C8D47279076DC77", "href": "https://www.cloudfoundry.org/blog/cve-2014-3566/", "title": "CVE-2014-3566 SSLV3 POODLE | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "lenovo": [{"lastseen": "2018-02-21T17:01:54", "bulletinFamily": "info", "description": "**Lenovo Security Advisory:**** **LEN-2014-007 \n**Potential Impact:** Unauthorized Access; Man-in-the-Middle (MitM) Attack \n**Severity****:** Medium \n\n\n**Summary: ** \nA security [vulnerability](<https://www.openssl.org/~bodo/ssl-poodle.pdf>) known as POODLE was publicly announced that affects a relatively low number of Internet connected devices. However, this vulnerability is critical and could allow an attacker to read encrypted information, even when passed over an SSL connection. Lenovo has listed steps you can take to help protect yourself. \n\n\n**Mitigation Strategy for Customers (what you should do to protect yourself):**\n\n * Upgrade your browser to the latest version [supported](<https://support.zendesk.com/hc/en-us/articles/203661786>) by your IT organization. If using Internet Explorer 6, move to a more modern, supported browser.\n * Disable SSLv3 support within your browser. You can check if your browser is vulnerable by going [here](<https://www.ssllabs.com/ssltest/viewMyClient.html>) and looking for SSLv3 \"Yes\". To disable SSLv3 support, making the following changes and restart your browser: \n * Mozilla Firefox \n * Open about:config, find security.tls.version.min and set the value to 1.\n * Google Chrome \n * Newer versions of Chrome support TLS_FALLBACK_SCSV, which mitigates this issue.\n * You can explicitly disable support for SSLv3 by issuing the command line command --ssl-version-min=tls1. Further instructions about using command line flags can be found [here](<http://www.chromium.org/for-testers/command-line-flags>).\n * Internet Explorer \n * Go into \"Internet Options\", \"advanced\", and uncheck SSLv3.\n * Scan your own infrastructure for this vulnerability using available tools. Two tools are available from [Tinfoil Security](<https://www.tinfoilsecurity.com/poodle>) and [SSL Labs](<https://www.ssllabs.com/ssltest/>).\n * Be cognizant of opportunistic phishers who email you to patch your devices. Don\u2019t click on links that look suspicious.\n * In general it is good practice to reduce the surface area of where a malicious attacker can exploit, so where possible, disable unnecessary services such as web servers.\n * If you are unable to disable web servers that use SSLv3 please limit remote access by applying network segmentation and appropriate access control list to minimize impact.\n * Review the Product Impact list below and update applicable firmware. \n * ThinkPad, ThinkCentre and ThinkStation products should update the Intel Management Engine (ME) Firmware\n * ThinkServer products should update the Base Management Controller (BMC) firmware\n * LenovoEMC should update the Lifeline software\n * Software applications should update to the recommended version\n\n**Update 9/24/15 : **It has come to our attention that the initial ThinkServer BMC fixes for POODLE were incomplete and did not disable SSLv3 on certain services. Please update to the latest ThinkServer BMC version listed below to address this issue. \n\n\n**Product Impact**\n", "modified": "2016-07-22T00:00:00", "published": "2016-07-22T00:00:00", "id": "LENOVO:PS500041-NOSID", "href": "https://support.lenovo.com/us/en/product_security/poodle", "type": "lenovo", "title": "POODLE: SSLv3 Vulnerability", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "cisco": [{"lastseen": "2017-09-26T15:33:49", "bulletinFamily": "software", "description": "A vulnerability in certain implementations of the TLSv1 protocol could allow an unauthenticated, remote attacker to access sensitive information.\n\nThe vulnerability is due to improper block cipher padding implemented in TLSv1 when using Cipher Block Chaining (CBC) mode. An attacker could exploit the vulnerability to perform an \"oracle padding\" side channel attack on the cryptographic message. A successful exploit could allow the attacker to access sensitive information.\n\nConsult the bug release note for additional information about affected products and configurations.\n\nF5 Networks has confirmed the vulnerability in a security advisory and released software updates.\n\nAttacks exploiting this vulnerability are identified as Padding Oracle On Downgraded Legacy Encryption (POODLE) attacks, which could be used to disclose HTTP cookies or other HTTP authorization content that is being transmitted over an TLSv1.x secure session. This issue should not be confused with CVE-2014-3566, as described in Cisco Alert 36084[\"http://tools.cisco.com/security/center/viewAlert.x?alertId=36084\"].\n\nIt should be noted that oracle does not refer to the software company of the same name, but to a term used in cryptography.\n\nTo exploit the vulnerability, the attacker may require access to a trusted, internal network to perform man-in-the-middle attacks on a targeted system. This access requirement limits the likelihood of a successful exploit.", "modified": "2015-09-30T14:00:09", "published": "2014-12-11T19:21:05", "id": "CISCO-SA-20141211-CVE-2014-8730", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20141211-CVE-2014-8730", "type": "cisco", "title": "SSL-TLS Implementations Cipher Block Chaining Padding Information Disclosure Vulnerability", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:30", "bulletinFamily": "unix", "description": "It was discovered that OpenSSL incorrectly handled memory when parsing DTLS SRTP extension data. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3513)\n\nIt was discovered that OpenSSL incorrectly handled memory when verifying the integrity of a session ticket. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. (CVE-2014-3567)\n\nIn addition, this update introduces support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV). This new feature prevents protocol downgrade attacks when certain applications such as web browsers attempt to reconnect using a lower protocol version for interoperability reasons.", "modified": "2014-10-16T00:00:00", "published": "2014-10-16T00:00:00", "id": "USN-2385-1", "href": "https://usn.ubuntu.com/2385-1/", "title": "OpenSSL vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "vmware": [{"lastseen": "2018-09-02T02:40:27", "bulletinFamily": "unix", "description": "**a. VMware ESXi, Workstation, Player, and Fusion host privilege escalation vulnerability**\n\nVMware ESXi, Workstation, Player and Fusion contain an arbitrary file write issue. Exploitation this issue may allow for privilege escalation on the host. \n \nThe vulnerability does not allow for privilege escalation from the guest Operating System to the host or vice-versa. This means that host memory can not be manipulated from the Guest Operating \nSystem. \n \n**Mitigation** \n \nFor ESXi to be affected, permissions must have been added to ESXi (or a vCenter Server managing it) for a virtual machine administrator role or greater. \n \nVMware would like to thank Shanon Olsson for reporting this issue to us through JPCERT. \n \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2014-8370 to this issue. \n \nColumn 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.\n", "modified": "2015-03-26T00:00:00", "published": "2015-01-27T00:00:00", "id": "VMSA-2015-0001", "href": "https://www.vmware.com/security/advisories/VMSA-2015-0001.html", "title": "VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates address security issues", "type": "vmware", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "threatpost": [{"lastseen": "2018-10-06T22:57:41", "bulletinFamily": "info", "description": "Two of Cisco\u2019s products are vulnerable to the [POODLE attack](<https://threatpost.com/researchers-say-poodle-attack-affects-some-tls-implementations/109764>) via the TLS implementation in those products. The vulnerability affects Cisco\u2019s Adaptive Security Appliance software and its Application Control Engine module.\n\nThe POODLE attack was disclosed in October by researchers from Google, who discovered that if an attacker can force a vulnerable Web server to fall back from a modern cryptographic protocol such as TLS to an older one such as SSLv3, under some circumstances he can then decrypt the secure connection. Originally, researchers believed that the attack was only effective against SSLv3, but last week Adam Langley from Google said that it also affected some implementations of TLS.\n\nLangley discovered that appliances from F5 Networks and A10 Networks both were vulnerable to the POODLE attack on TLS and notified the vendors. He said at the time that he didn\u2019t think he had identified every vulnerable implementation. Cisco on Monday said that some of its products also are vulnerable.\n\n\u201cA vulnerability in certain implementations of the TLSv1 protocol could allow an unauthenticated, remote attacker to access sensitive information,\u201d the [Cisco advisory](<http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8730>) says.\n\n\u201cThe vulnerability is due to improper block cipher padding implemented in TLSv1 when using Cipher Block Chaining (CBC) mode. An attacker could exploit the vulnerability to perform an \u2018oracle padding\u2019 side channel attack on the cryptographic message. A successful exploit could allow the attacker to access sensitive information.\u201d\n\nCisco did not say in its advisory whether there is a patch available to address the vulnerability in its products.\n", "modified": "2014-12-18T15:23:20", "published": "2014-12-16T09:10:44", "id": "THREATPOST:DAEFEF41F669FB27280C6A94EBB7FBB2", "href": "https://threatpost.com/two-cisco-products-vulnerable-to-poodle-attack-on-tls/109900/", "type": "threatpost", "title": "Two Cisco Products Vulnerable to POODLE Attack on TLS", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "thn": [{"lastseen": "2018-01-27T09:17:25", "bulletinFamily": "info", "description": "[](<https://1.bp.blogspot.com/--o5_T9vWthY/VIcO7BXAk3I/AAAAAAAAhK8/mEy_RvEZPvM/s1600/SSL-Poodle-TSL-attack.jpg>)\n\n**POODLE**, a critical SSL flaw discovered in October that was patched and fixed by webmasters around the world after Google alerted software and hardware vendors, has again made its way and this time the vulnerability affects implementations of the newer **_Transport Layer Security (TLS) protocol_**.\n\n \n\n\nYes, the serious **_[POODLE vulnerability](<https://thehackernews.com/search/label/POODLE>)_** that affected the most widely used web encryption standard Secure Sockets Layer (SSL) 3.0 has once again returned and is likely to affect some of the most popular web sites in the world \u2014 including those owned or operated by Bank of America, the US Department of Veteran's Affairs, and Accenture.\n\n \n\n\n_POODLE (Padding Oracle On Downgraded Legacy Encryption)_ flaw, disclosed two months ago by Google security team, allowed attackers to perform [Man-in-the-Middle (MitM) attack](<https://thehackernews.com/search/label/Man-in-the-Middle>) in order to intercept traffic between a user\u2019s browser and an HTTPS website to decrypt sensitive information, like the user\u2019s authentication cookies.\n\n \n\n\nNow, the dangerous flaw has turned out to some versions of TLS \u2014 the seemingly secure successor of SSL. The new vulnerability (_**CVE-2014-8730**_) affects TLS version 1.2 which fails to handle padding, which was the target of POODLE. Researchers at security firm Qualys says, \"some TLS implementations omit to check the padding structure after decryption.\"\n\n> \"_The impact of this problem is similar to that of POODLE, with the attack being slightly easier to execute\u2013no need to downgrade modern clients down to SSL 3 first, TLS 1.2 will do just fine_,\" Ivan Ristic, Qualys's director of application security research, wrote in a [blog post](<https://community.qualys.com/blogs/securitylabs/2014/12/08/poodle-bites-tls>) titled POODLE bites TLS.\n\n> \"_The main target are browsers, because the attacker must inject malicious JavaScript to initiate the attack. A successful attack will use about 256 requests to uncover one cookie character, or only 4096 requests for a 16-character cookie. This makes the attack quite practical._\"\n\n_Qualys_ has provided a free test, [SSL Server Test](<https://www.ssllabs.com/ssltest/>), that showed some of the Internet's leading websites including Bank of America, VMware, the US Department of Veteran's Affairs, and business consultancy Accenture, are affected by the bug. The vulnerability is very serious as the most recent SSL Pulse scan showed that about 10 percent of the servers are vulnerable to the POODLE attack through TLS.\n\n \n\n\nTill now, load balancers and similar devices which are used to handle the TLS connections sold by two different manufacturers, F5 Networks and A10 Networks, are found vulnerable to the attack. Basically, the recent versions of TLS calls for the [encryption](<https://thehackernews.com/search/label/encryption>) padding to be closely checked for Oracle attacks, which was skipped by both the companies during implementation, which makes them vulnerable to POODLE attacks. \n\n \n\n\nF5 Networks agrees that their F5 kit is vulnerable to the attack, and believes that A10 should also be releasing updates for patches in coming hours. \"_Everything less than TLS 1.2 with an AEAD cipher suite is broken_\", Google's Adam Langley [notes](<https://www.imperialviolet.org/2014/12/08/poodleagain.html>). \"_I\u2019m not completely sure that I've found every affected vendor but, now that this issue is public, any other affected products should quickly come to light._\"\n\n \n\n\nWebsite administrators who want to check if their servers or load balancers used in front of their servers are vulnerable to this newly discovered POODLE attack through TLS can use the [_Qualys SSL _Labs server test](<https://www.ssllabs.com/ssltest/>), which has been updated on its website in order to detect the problem.\n", "modified": "2014-12-09T15:03:20", "published": "2014-12-09T04:03:00", "id": "THN:A0DB49E979328428F82CCAFAC07BAFE6", "href": "https://thehackernews.com/2014/12/SSL-Poodle-TSL-attack.html", "type": "thn", "title": "POODLE SSL Vulnerability Now Attacking TLS Security Protocol", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}]}
