ID SUSE-SU-2015:1183-1 Type suse Reporter Suse Modified 2015-07-03T15:05:22
Description
OpenSSL was updated to fix several security issues.
* CVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed
by rejecting connections with DH parameters shorter than 1024 bits.
We now also generate 2048-bit DH parameters by default.
* CVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed.
* CVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent
was fixed.
* fixed a timing side channel in RSA decryption (bnc#929678)
Additional changes:
* In the default SSL cipher string EXPORT ciphers are now disabled.
This will only get active if applications get rebuilt and actually
use this string. (bnc#931698)
{"bulletinFamily": "unix", "id": "SUSE-SU-2015:1183-1", "lastseen": "2016-09-04T11:49:45", "description": "OpenSSL was updated to fix several security issues.\n\n * CVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed\n by rejecting connections with DH parameters shorter than 1024 bits.\n We now also generate 2048-bit DH parameters by default.\n * CVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed.\n * CVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent\n was fixed.\n * fixed a timing side channel in RSA decryption (bnc#929678)\n\n Additional changes:\n\n * In the default SSL cipher string EXPORT ciphers are now disabled.\n This will only get active if applications get rebuilt and actually\n use this string. (bnc#931698)\n\n Security Issues:\n\n * CVE-2015-1789\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789</a>>\n * CVE-2015-1790\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790</a>>\n * CVE-2015-4000\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000</a>>\n\n", "cvelist": ["CVE-2015-4000", "CVE-2015-1789", "CVE-2015-1790"], "viewCount": 1, "published": "2015-07-03T15:05:22", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html", "references": ["https://download.suse.com/patch/finder/?keywords=b18733973cc66be5941bc1514b5749d4", "https://download.suse.com/patch/finder/?keywords=988a9debe1ac4ac25cd6b815d5382398", "https://bugzilla.suse.com/934489", "https://bugzilla.suse.com/934491", "https://bugzilla.suse.com/929678", "https://bugzilla.suse.com/931698"], "reporter": "Suse", "edition": 1, "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "title": "Security update for OpenSSL (important)", "modified": "2015-07-03T15:05:22", "enchantments": {"score": {"value": 6.2, "vector": "NONE", "modified": "2016-09-04T11:49:45", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-1790", "CVE-2015-1789", "CVE-2015-4000"]}, {"type": "f5", "idList": ["F5:K16674", "SOL16898", "SOL16674", "F5:K16898", "F5:K16913", "SOL16913"]}, {"type": "nessus", "idList": ["SUSE_SU-2015-1183-2.NASL", "DEBIAN_DLA-247.NASL", "OPENSSL_1_0_2B.NASL", "ORACLELINUX_ELSA-2015-1197.NASL", "OPENSSL_1_0_1N.NASL", "CENTOS_RHSA-2015-1197.NASL", "REDHAT-RHSA-2015-1197.NASL", "WEBSPHERE_527817.NASL", "SUSE_SU-2015-1181-2.NASL", "SL_20150630_OPENSSL_ON_SL5_X.NASL"]}, {"type": "redhat", "idList": ["RHSA-2015:1115", "RHSA-2015:1197"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310123086", "OPENVAS:1361412562310851044", "OPENVAS:1361412562310850877", "OPENVAS:1361412562310869732", "OPENVAS:1361412562310882215", "OPENVAS:1361412562310105364", "OPENVAS:1361412562310105363", "OPENVAS:1361412562310869740", "OPENVAS:1361412562310120033", "OPENVAS:1361412562310871385"]}, {"type": "centos", "idList": ["CESA-2015:1115", "CESA-2015:1197"]}, {"type": "suse", "idList": ["SUSE-SU-2015:1183-2", "SUSE-SU-2015:1185-1", "SUSE-SU-2015:1181-2", "SUSE-SU-2015:1182-2", "OPENSUSE-SU-2015:1139-1", "SUSE-SU-2015:1182-1", "SUSE-SU-2015:1150-1", "SUSE-SU-2015:1184-2", "SUSE-SU-2015:1181-1", "SUSE-SU-2015:1184-1"]}, {"type": "citrix", "idList": ["CTX201114"]}, {"type": "archlinux", "idList": ["ASA-201506-3"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3287-1:1A401", "DEBIAN:DLA-247-1:99960"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-1197"]}, {"type": "fedora", "idList": ["FEDORA:D331C6087C6A", "FEDORA:13B146087AAB", "FEDORA:A69386143D9F"]}, {"type": "freebsd", "idList": ["8305E215-1080-11E5-8BA2-000C2980A9F3"]}, {"type": "amazon", "idList": ["ALAS-2015-550"]}, {"type": "gentoo", "idList": ["GLSA-201506-02"]}, {"type": "aix", "idList": ["OPENSSL_ADVISORY14.ASC"]}, {"type": "paloalto", "idList": ["PAN-SA-2016-0028"]}, {"type": "symantec", "idList": ["SMNTC-1325"]}, {"type": "slackware", "idList": ["SSA-2015-162-01"]}, {"type": "ubuntu", "idList": ["USN-2639-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14530"]}, {"type": "cisco", "idList": ["CISCO-SA-20150612-OPENSSL"]}], "modified": "2016-09-04T11:49:45", "rev": 2}, "vulnersScore": 6.2}, "type": "suse", "affectedPackage": [{"arch": "x86_64", "packageFilename": "compat-openssl097g-0.9.7g-146.22.31.1.x86_64.rpm", "OSVersion": "11.2", "operator": "lt", "packageName": "compat-openssl097g", "packageVersion": "0.9.7g-146.22.31.1", "OS": "SUSE Linux Enterprise for SAP Applications"}, {"arch": "x86_64", "packageFilename": "compat-openssl097g-32bit-0.9.7g-146.22.31.1.x86_64.rpm", "OSVersion": "11.1", "operator": "lt", "packageName": "compat-openssl097g-32bit", "packageVersion": "0.9.7g-146.22.31.1", "OS": "SUSE Linux Enterprise for SAP Applications"}, {"arch": "x86_64", "packageFilename": "compat-openssl097g-0.9.7g-146.22.31.1.x86_64.rpm", "OSVersion": "11.1", "operator": "lt", "packageName": "compat-openssl097g", "packageVersion": "0.9.7g-146.22.31.1", "OS": "SUSE Linux Enterprise for SAP Applications"}, {"arch": "x86_64", "packageFilename": "compat-openssl097g-32bit-0.9.7g-146.22.31.1.x86_64.rpm", "OSVersion": "11.2", "operator": "lt", "packageName": "compat-openssl097g-32bit", "packageVersion": "0.9.7g-146.22.31.1", "OS": "SUSE Linux Enterprise for SAP Applications"}]}
{"cve": [{"lastseen": "2020-12-09T20:03:01", "description": "The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.", "edition": 5, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2015-06-12T19:59:00", "title": "CVE-2015-1789", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1789"], "modified": "2017-11-15T02:29:00", "cpe": ["cpe:/a:openssl:openssl:0.9.8zf", "cpe:/a:openssl:openssl:1.0.0k", "cpe:/a:openssl:openssl:1.0.1a", "cpe:/a:openssl:openssl:1.0.1", "cpe:/a:openssl:openssl:1.0.1e", "cpe:/a:openssl:openssl:1.0.1d", "cpe:/a:openssl:openssl:1.0.0a", "cpe:/a:openssl:openssl:1.0.1g", "cpe:/a:openssl:openssl:1.0.2", "cpe:/a:openssl:openssl:1.0.0h", "cpe:/a:openssl:openssl:1.0.2a", "cpe:/a:openssl:openssl:1.0.1b", "cpe:/a:openssl:openssl:1.0.1h", "cpe:/a:openssl:openssl:1.0.0l", "cpe:/a:oracle:sparc-opl_service_processor:1121", "cpe:/a:openssl:openssl:1.0.0", "cpe:/a:openssl:openssl:1.0.0i", "cpe:/a:openssl:openssl:1.0.0f", "cpe:/a:openssl:openssl:1.0.1c", "cpe:/a:openssl:openssl:1.0.0e", "cpe:/a:openssl:openssl:1.0.0g", "cpe:/a:openssl:openssl:1.0.1i", "cpe:/a:openssl:openssl:1.0.1m", "cpe:/a:openssl:openssl:1.0.0o", "cpe:/a:openssl:openssl:1.0.0j", "cpe:/a:openssl:openssl:1.0.0b", "cpe:/a:openssl:openssl:1.0.0r", "cpe:/a:openssl:openssl:1.0.0d", "cpe:/a:openssl:openssl:1.0.1j", "cpe:/a:openssl:openssl:1.0.1f", "cpe:/a:openssl:openssl:1.0.0m", "cpe:/a:openssl:openssl:1.0.0n", "cpe:/a:openssl:openssl:1.0.0c", "cpe:/a:openssl:openssl:1.0.0q", "cpe:/a:openssl:openssl:1.0.0p", "cpe:/a:openssl:openssl:1.0.1l", "cpe:/a:openssl:openssl:1.0.1k"], "id": "CVE-2015-1789", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1789", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8zf:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:sparc-opl_service_processor:1121:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0q:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0p:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0r:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:03:01", "description": "The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data.\n<a href=\"http://cwe.mitre.org/data/definitions/476.html\">CWE-476: NULL Pointer Dereference</a>", "edition": 5, "cvss3": {}, "published": "2015-06-12T19:59:00", "title": "CVE-2015-1790", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1790"], "modified": "2017-10-20T01:29:00", "cpe": ["cpe:/a:openssl:openssl:0.9.8zf", "cpe:/a:openssl:openssl:1.0.0k", "cpe:/a:openssl:openssl:1.0.1a", "cpe:/a:openssl:openssl:1.0.1", "cpe:/a:openssl:openssl:1.0.1e", "cpe:/a:openssl:openssl:1.0.1d", "cpe:/a:openssl:openssl:1.0.0a", "cpe:/a:openssl:openssl:1.0.1g", "cpe:/a:openssl:openssl:1.0.2", "cpe:/a:openssl:openssl:1.0.0h", "cpe:/a:openssl:openssl:1.0.2a", "cpe:/a:openssl:openssl:1.0.1b", "cpe:/a:openssl:openssl:1.0.1h", "cpe:/a:openssl:openssl:1.0.0l", "cpe:/a:openssl:openssl:1.0.0", "cpe:/a:openssl:openssl:1.0.0i", "cpe:/a:openssl:openssl:1.0.0f", "cpe:/a:openssl:openssl:1.0.1c", "cpe:/a:openssl:openssl:1.0.0e", "cpe:/a:openssl:openssl:1.0.0g", "cpe:/a:openssl:openssl:1.0.1i", "cpe:/a:openssl:openssl:1.0.1m", "cpe:/a:openssl:openssl:1.0.0o", "cpe:/a:openssl:openssl:1.0.0j", "cpe:/a:openssl:openssl:1.0.0b", "cpe:/a:openssl:openssl:1.0.0r", "cpe:/a:openssl:openssl:1.0.0d", "cpe:/a:openssl:openssl:1.0.1j", "cpe:/a:openssl:openssl:1.0.1f", "cpe:/a:openssl:openssl:1.0.0m", "cpe:/a:openssl:openssl:1.0.0n", "cpe:/a:openssl:openssl:1.0.0c", "cpe:/a:openssl:openssl:1.0.0q", "cpe:/a:openssl:openssl:1.0.0p", "cpe:/a:openssl:openssl:1.0.1l", "cpe:/a:openssl:openssl:1.0.1k"], "id": "CVE-2015-1790", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1790", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8zf:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0q:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0p:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0r:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:03:04", "description": "The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the \"Logjam\" issue.", "edition": 8, "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 3.7, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 1.4}, "published": "2015-05-21T00:59:00", "title": "CVE-2015-4000", "type": "cve", "cwe": ["CWE-310"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-4000"], "modified": "2020-09-08T13:00:00", "cpe": ["cpe:/a:google:chrome:-", "cpe:/a:oracle:jre:1.6.0", "cpe:/o:suse:linux_enterprise_desktop:12", "cpe:/a:ibm:content_manager:8.5", "cpe:/o:suse:suse_linux_enterprise_server:12", "cpe:/o:canonical:ubuntu_linux:15.04", "cpe:/a:mozilla:firefox_esr:38.1.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/a:mozilla:seamonkey:2.35", "cpe:/a:openssl:openssl:1.0.2a", "cpe:/a:mozilla:firefox_esr:31.8", "cpe:/a:mozilla:thunderbird:31.8", "cpe:/a:oracle:jdk:1.6.0", "cpe:/o:suse:linux_enterprise_server:11.0", "cpe:/o:apple:iphone_os:8.3", "cpe:/a:oracle:sparc-opl_service_processor:1121", "cpe:/a:oracle:jre:1.8.0", "cpe:/a:oracle:jdk:1.7.0", "cpe:/o:suse:linux_enterprise_software_development_kit:12", "cpe:/o:canonical:ubuntu_linux:14.10", "cpe:/a:oracle:jrockit:r28.3.6", "cpe:/a:opera:opera_browser:-", "cpe:/a:openssl:openssl:1.0.1m", "cpe:/a:oracle:jre:1.7.0", "cpe:/a:mozilla:thunderbird:38.1", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:hp:hp-ux:b.11.31", "cpe:/o:apple:mac_os_x:10.10.3", "cpe:/a:mozilla:firefox:*", "cpe:/o:mozilla:firefox_os:2.2", "cpe:/a:microsoft:ie:*", "cpe:/a:oracle:jdk:1.8.0", "cpe:/a:apple:safari:*", "cpe:/a:mozilla:firefox:39.0", "cpe:/a:mozilla:network_security_services:3.19", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2015-4000", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4000", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11.0:sp4:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:8.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.8.0:update_45:*:*:*:*:*:*", "cpe:2.3:a:oracle:sparc-opl_service_processor:1121:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.8.0:update45:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.19:*:*:*:*:*:*:*", "cpe:2.3:o:hp:hp-ux:b.11.31:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update75:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_95:*:*:*:*:*:*", "cpe:2.3:a:ibm:content_manager:8.5:*:*:*:*:enterprise:*:*", "cpe:2.3:o:mozilla:firefox_os:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update_80:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:*:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:38.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:31.8:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update_80:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.8.0:update_33:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:-:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:39.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jrockit:r28.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.8.0:update_33:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:31.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update_75:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.35:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_95:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}], "f5": [{"lastseen": "2020-04-06T22:40:34", "bulletinFamily": "software", "cvelist": ["CVE-2015-1789"], "description": "\nF5 Product Development has assigned ID 527633 (BIG-IP and BIG-IQ), ID 529768 (Enterprise Manager), ID 528809 (FirePass), ID 410742 (ARX), and LRS-53645 (LineRate) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 11.0.0 - 11.6.0* \n10.1.0 - 10.2.4* | 12.0.0** | Low | OpenSSL \nBIG-IP AAM | 11.4.0 - 11.6.0* | 12.0.0** | Low | OpenSSL \nBIG-IP AFM | 11.3.0 - 11.6.0* | 12.0.0** | Low | OpenSSL \nBIG-IP Analytics | 11.0.0 - 11.6.0* | 12.0.0** | Low | OpenSSL \nBIG-IP APM | 11.0.0 - 11.6.0* \n10.1.0 - 10.2.4* | 12.0.0** | Low | OpenSSL \nBIG-IP ASM | 11.0.0 - 11.6.0* \n10.1.0 - 10.2.4* | 12.0.0** | Low | OpenSSL \nBIG-IP DNS | None | 12.0.0** | Not vulnerable | None \nBIG-IP Edge Gateway | 11.0.0 - 11.3.0* \n10.1.0 - 10.2.4* | None | Low | OpenSSL \nBIG-IP GTM | 11.0.0 - 11.6.0* \n10.1.0 - 10.2.4* | None | Low | OpenSSL \nBIG-IP Link Controller | 11.0.0 - 11.6.0* \n10.1.0 - 10.2.4* | 12.0.0** | Low | OpenSSL \nBIG-IP PEM | 11.3.0 - 11.6.0* | 12.0.0** | Low | OpenSSL \nBIG-IP PSM | 11.0.0 - 11.4.1* \n10.1.0 - 10.2.4* | None | Low | OpenSSL \nBIG-IP WebAccelerator | 11.0.0 - 11.3.0* \n10.1.0 - 10.2.4* | None | Low | OpenSSL \nBIG-IP WOM | 11.0.0 - 11.3.0* \n10.1.0 - 10.2.4* | None | Low | OpenSSL \nARX | 6.0.0 - 6.4.0 | None | Medium | ARX Manager GUI \nEnterprise Manager | 3.0.0 - 3.1.1* | None | Low | OpenSSL \nFirePass | 7.0.0 \n6.1.0 | None | Medium | OpenSSL \nBIG-IQ Cloud | 4.0.0 - 4.5.0* | None | Low | OpenSSL \nBIG-IQ Device | 4.2.0 - 4.5.0* | None | Low | OpenSSL \nBIG-IQ Security | 4.0.0 - 4.5.0* | None | Low | OpenSSL \nBIG-IQ ADC | 4.5.0* | None | Low | OpenSSL \nLineRate | 2.5.0 - 2.6.0*** | None | Medium | OpenSSL \nF5 WebSafe | None | 1.0.0 | Not vulnerable | None \nTraffix SDC | None | 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 | Not vulnerable | None \n \n**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the** Severity **value. Security Advisory articles published before this date do not list a** Severity** value.\n\n*For BIG-IP, BIG-IQ, and Enterprise Manager systems, the vulnerable code exists in the OpenSSL package; however, the code is not used in a way that would make an exploit possible. \n**While BIG-IP v12.0.0 ships with an OpenSSL version prior to 1.0.1n, the libraries necessary to fix the issue were merged with the BIG-IP system's OpenSSL implementation. \n***The default configuration of the LineRate system is not vulnerable; this vulnerability can only be exploited when the scripting feature is configured to make HTTPS requests to a compromised server.\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\n**ARX**\n\nTo mitigate this vulnerability, you should permit access to the ARX GUI only over a secure network.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "edition": 1, "modified": "2019-05-09T00:20:00", "published": "2015-09-16T04:16:00", "id": "F5:K16913", "href": "https://support.f5.com/csp/article/K16913", "title": "OpenSSL vulnerability CVE-2015-1789", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2016-09-26T17:23:18", "bulletinFamily": "software", "cvelist": ["CVE-2015-1789"], "edition": 1, "description": "* For BIG-IP, BIG-IQ, and Enterprise Manager systems, the vulnerable code exists in the OpenSSL package; however, the code is not used in a way that would make an exploit possible.\n\n** While BIG-IP v12.0.0 ships with an OpenSSL version prior to 1.0.1n, the libraries necessary to fix the issue were merged with the BIG-IP system's OpenSSL implementation.\n\n*** The default configuration of the LineRate system is not vulnerable; this vulnerability can only be exploited when the scripting feature is configured to make HTTPS requests to a compromised server.\n\nVulnerability Recommended Actions\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\n**ARX**\n\nTo mitigate this vulnerability, you should permit access to the ARX GUI only over a secure network.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2016-07-25T00:00:00", "published": "2015-07-07T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/900/sol16913.html", "id": "SOL16913", "type": "f5", "title": "SOL16913 - OpenSSL vulnerability CVE-2015-1789", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2020-01-22T20:28:29", "bulletinFamily": "software", "cvelist": ["CVE-2015-4000"], "description": "\nF5 Product Development has assigned ID 524279 (BIG-IP), ID 525279 (BIG-IQ), and ID 525280 (Enterprise Manager) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. In addition, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) lists Heuristic H524636 on the **Diagnostics** > **Identified** > **Medium** page.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 11.0.0 - 11.6.3 \n10.1.0 - 10.2.4 | 12.0.0 \n11.6.3.2 \n11.5.4 HF4 | Medium | Configuration utility1 \nClient SSL profile with COMPAT, EXP, or EXPORT ciphers enabled \nServer SSL profile or HTTPS health monitor using EXPORT or DHE cipher suites \nSSL Forward Proxy using EXPORT or DHE cipher suites \nBIG-IP AAM | 11.4.0 - 11.6.3 | 12.0.0 \n11.6.3.2 \n11.5.4 HF4 | Medium | Client SSL profile with COMPAT, EXP, or EXPORT ciphers enabled \nServer SSL profile or HTTPS health monitor using EXPORT or DHE cipher suites \nSSL Forward Proxy using EXPORT or DHE cipher suites \nBIG-IP AFM | 11.3.0 - 11.6.3 | 12.0.0 \n11.6.3.2 \n11.5.4 HF4 | Medium | Client SSL profile with COMPAT, EXP, or EXPORT ciphers enabled \nServer SSL profile or HTTPS health monitor using EXPORT or DHE cipher suites \nSSL Forward Proxy using EXPORT or DHE cipher suites \nBIG-IP Analytics | 11.0.0 - 11.6.3 | 12.0.0 \n11.6.3.2 \n11.5.4 HF4 | Medium | Client SSL profile with COMPAT, EXP, or EXPORT ciphers enabled \nServer SSL profile or HTTPS health monitor using EXPORT or DHE cipher suites \nSSL Forward Proxy using EXPORT or DHE cipher suites \nBIG-IP APM | 11.0.0 - 11.6.3 \n10.1.0 - 10.2.4 | 12.0.0 \n11.6.3.2 \n11.5.4 HF4 | Medium | Configuration utility1 \nClient SSL profile with COMPAT, EXP, or EXPORT ciphers enabled \nServer SSL profile or HTTPS health monitor using EXPORT or DHE cipher suites \nSSL Forward Proxy using EXPORT or DHE cipher suites \nBIG-IP ASM | 11.0.0 - 11.6.3 \n10.1.0 - 10.2.4 | 12.0.0 \n11.6.3.2 \n11.5.4 HF4 | Medium | Configuration utility1 \nClient SSL profile with COMPAT, EXP, or EXPORT ciphers enabled \nServer SSL profile or HTTPS health monitor using EXPORT or DHE cipher suites \nSSL Forward Proxy using EXPORT or DHE cipher suites \nBIG-IP DNS | None | 12.0.0 | Not vulnerable | None \nBIG-IP Edge Gateway | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | None | Medium | Configuration utility1 \nClient SSL profile with COMPAT, EXP, or EXPORT ciphers enabled \nServer SSL profile or HTTPS health monitor using EXPORT or DHE cipher suites \nSSL Forward Proxy using EXPORT or DHE cipher suites \nBIG-IP GTM | 11.0.0 - 11.6.3 \n10.1.0 - 10.2.4 | 11.6.3.2 \n11.5.4 HF4 | Medium | Configuration utility1 \nClient SSL profile with COMPAT, EXP, or EXPORT ciphers enabled \nServer SSL profile or HTTPS health monitor using EXPORT or DHE cipher suites \nSSL Forward Proxy using EXPORT or DHE cipher suites \nBIG-IP Link Controller | 11.0.0 - 11.6.3 \n10.1.0 - 10.2.4 | 12.0.0 \n11.6.3.2 \n11.5.4 HF4 | Medium | Configuration utility1 \nClient SSL profile with COMPAT, EXP, or EXPORT ciphers enabled \nServer SSL profile or HTTPS health monitor using EXPORT or DHE cipher suites \nSSL Forward Proxy using EXPORT or DHE cipher suites \nBIG-IP PEM | 11.3.0 - 11.6.3 | 12.0.0 \n11.6.3.2 \n11.5.4 HF4 | Medium | Client SSL profile with COMPAT, EXP, or EXPORT ciphers enabled \nServer SSL profile or HTTPS health monitor using EXPORT or DHE cipher suites \nSSL Forward Proxy using EXPORT or DHE cipher suites \nBIG-IP PSM | 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4 | None | Medium | Configuration utility1 \nClient SSL profile with COMPAT, EXP, or EXPORT ciphers enabled \nServer SSL profile or HTTPS health monitor using EXPORT or DHE cipher suites \nSSL Forward Proxy using EXPORT or DHE cipher suites \nBIG-IP WebAccelerator | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | None | Medium | Configuration utility1 \nClient SSL profile with COMPAT, EXP, or EXPORT ciphers enabled \nServer SSL profile or HTTPS health monitor using EXPORT or DHE cipher suites \nSSL Forward Proxy using EXPORT or DHE cipher suites \nBIG-IP WOM | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | None | Medium | Configuration utility1 \nClient SSL profile with COMPAT, EXP, or EXPORT ciphers enabled \nServer SSL profile or HTTPS health monitor using EXPORT or DHE cipher suites \nSSL Forward Proxy using EXPORT or DHE cipher suites \nARX | 6.0.0 - 6.4.0 | None | Medium | ARX GUI \nEnterprise Manager | 2.1.0 - 2.3.0 | 3.0.0 - 3.1.1 | Medium | Configuration utility \nFirePass | None | 7.0.0 \n6.0.0 - 6.1.0 | Not vulnerable | None \nBIG-IQ Cloud | None | 4.0.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Device | None | 4.2.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Security | None | 4.0.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ ADC | None | 4.5.0 | Not vulnerable | None \nLineRate | None | 2.4.0 - 2.6.0 | Not vulnerable | None \nF5 WebSafe | None | 1.0.0 | Not vulnerable | None \nTraffix SDC | 4.0.0 - 4.1.0 \n3.3.2 - 3.5.1 | None | Low | SDC configuration with EXPORT grade ciphers \nBIG-IP Edge Clients for Android | None | 2.0.0 - 2.0.7 | Not vulnerable | None \nBIG-IP Edge Clients for Apple iOS | None | 2.0.0 - 2.0.4 \n1.0.5 - 1.0.6 | Not vulnerable | None \nBIG-IP Edge Clients for Linux | None | 6035.x - 7110.x | Not vulnerable | None \nBIG-IP Edge Clients for MAC OS X | None | 6035.x - 7110.x | Not vulnerable | None \nBIG-IP Edge Clients for Windows | None | 6035.x - 7110.x | Not vulnerable | None \nBIG-IP Edge Clients Windows Phone 8.1 | None | 1.0.0 - 1.1.0 | Not vulnerable | None \nBIG-IP Edge Portal for Android | None | 1.0.0 - 1.0.2 | Not vulnerable | None \nBIG-IP Edge Portal for Apple iOS | None | 1.0.0 - 1.0.3 | Not vulnerable | None \n \n1 The Configuration utility is vulnerable in BIG-IP 10.1.0 through 10.2.4 only.\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nBIG-IP\n\n11.x\n\nClient SSL profiles are not vulnerable in a default configuration. If you have configured custom Client SSL profiles, you can mitigate this vulnerability by configuring your Client SSL profile to exclude COMPAT, EXP, and EXPORT ciphers. To do so, refer to [K13171: Configuring the cipher strength for SSL profiles (11.x)](<https://support.f5.com/csp/article/K13171>).\n\nBIG-IP systems configured with Server SSL profiles or HTTPS health monitors are vulnerable as a client, when using EXPORT or DHE cipher suites, when the backend server supports EXPORT ciphers. To mitigate this issue, disable the use of EXPORT and DHE cipher suites. Adding !EXPORT, !COMPAT, and !DHE to the cipher string that is in use will do this, however, if a custom cipher string is in use, it must disable the use of both export and non-export grade DHE to mitigate this issue.\n\nBIG-IP systems configured for SSL Forward Proxy are vulnerable as a client, when using EXPORT or DHE cipher suites, when the backend server supports EXPORT ciphers. To mitigate this issue, disable the use of EXPORT and DHE cipher suites. Adding !EXPORT, !COMPAT, and !DHE to the cipher string that is in use will do this, however, if a custom cipher string is in use, it must disable the use of both export and non-export grade DHE to mitigate this issue.\n\n10.x\n\nClient SSL profiles are not vulnerable in a default configuration. If you have configured custom Client SSL profiles, you can mitigate this vulnerability by configuring your Client SSL profile to exclude COMPAT, EXP, and EXPORT ciphers. To do so, refer to [K7815: Configuring the cipher strength for SSL profiles (9.x - 10.x)](<https://support.f5.com/csp/article/K7815>).\n\nBIG-IP systems configured with Server SSL profiles or HTTPS health monitors are vulnerable as a client, when using EXPORT or DHE cipher suites, when the backend server supports EXPORT ciphers. To mitigate this issue, disable the use of EXPORT and DHE cipher suites. Adding !EXPORT, !COMPAT, and !DHE to the cipher string that is in use will do this, however, if a custom cipher string is in use, it must disable the use of both export and non-export grade DHE to mitigate this issue.\n\nTo mitigate this vulnerability in the BIG-IP Configuration utility, you can modify the Apache server configuration to exclude EXP and EXPORT ciphers. For example, the default SSL cipher string in your configuration may appear similar to the following example:\n\nALL:!ADH:!EXPORT56:!eNULL:!MD5:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP\n\nYou can mitigate this vulnerability by excluding the EXPORT and EXP ciphers by using a string similar to the following example:\n\nALL:!ADH:**!EXPORT**:!eNULL:!MD5:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2\n\nFor more information about restricting ciphers for Configuration utility access, refer to [K6768: Restricting Configuration utility access to clients using high encryption SSL ciphers (9.x - 10.x)](<https://support.f5.com/csp/article/K6768>).\n\nEnterprise Manager\n\nTo mitigate this vulnerability in the Enterprise Manager Configuration utility, you can modify the Apache server configuration to exclude EXP and EXPORT ciphers. For example, the default SSL cipher string in your configuration may appear similar to the following example:\n\nALL:!ADH:!EXPORT56:!eNULL:!MD5:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP\n\nYou can mitigate this vulnerability by excluding the EXPORT and EXP ciphers by using a string similar to the following example:\n\nALL:!ADH:**!EXPORT**:**!EXP**:!eNULL:!MD5:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2\n\nFor more information about restricting ciphers for Configuration utility access, refer to [K6768: Restricting Configuration utility access to clients using high encryption SSL ciphers (9.x - 10.x)](<https://support.f5.com/csp/article/K6768>).\n\nARX\n\nTo mitigate this vulnerability, you can disable EXPORT grade SSL ciphers, such as SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA and SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, in the ARX GUI.\n\nTraffix SDC\n\nTraffix SDC configurations are not vulnerable with default cipher settings. To mitigate this vulnerability, do not configure EXPORT grade ciphers in the SDC configuration.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K10942: Installing OPSWAT hotfixes on BIG-IP APM systems (10.x - 11.3.0)](<https://support.f5.com/csp/article/K10942>)\n", "edition": 1, "modified": "2018-06-25T23:59:00", "published": "2015-05-22T01:25:00", "id": "F5:K16674", "href": "https://support.f5.com/csp/article/K16674", "title": "TLS vulnerability CVE-2015-4000", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-04-06T22:39:56", "bulletinFamily": "software", "cvelist": ["CVE-2015-1790"], "description": "\nF5 Product Development has assigned ID 527637 (BIG-IP and BIG-IQ), ID 529766 (Enterprise Manager), ID 410742 (ARX), and ID 528809 (FirePass) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 11.0.0 - 11.6.0 \n10.0.0 - 10.2.4 | 12.0.0** | Low | OpenSSL command line tools* \nBIG-IP AAM | 11.4.0 - 11.6.0 | 12.0.0** | Low | OpenSSL command line tools* \nBIG-IP AFM | 11.3.0 - 11.6.0 | 12.0.0** | Low | OpenSSL command line tools* \nBIG-IP Analytics | 11.0.0 - 11.6.0 | 12.0.0** | Low | OpenSSL command line tools* \nBIG-IP APM | 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 | 12.0.0** | Low | OpenSSL command line tools* \nBIG-IP ASM | 11.0.0 - 11.6.0 \n10.0.0 - 10.2.4 | 12.0.0** | Low | OpenSSL command line tools* \nBIG-IP DNS | None | 12.0.0** | Not vulnerable | None \nBIG-IP Edge Gateway | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | None | Low | OpenSSL command line tools* \nBIG-IP GTM | 11.0.0 - 11.6.0 \n10.0.0 - 10.2.4 | None | Low | OpenSSL command line tools* \nBIG-IP Link Controller | 11.0.0 - 11.6.0 \n10.0.0 - 10.2.4 | 12.0.0** | Low | OpenSSL command line tools* \nBIG-IP PEM | 11.3.0 - 11.6.0 | 12.0.0** | Low | OpenSSL command line tools* \nBIG-IP PSM | 11.0.0 - 11.4.1 \n10.0.0 - 10.2.4 | None | Low | OpenSSL command line tools* \nBIG-IP WebAccelerator | 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4 | None | Low | OpenSSL command line tools* \nBIG-IP WOM | 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4 | None | Low | OpenSSL command line tools* \nARX | 6.0.0 - 6.4.0 | None | Medium | OpenSSL \nEnterprise Manager | 3.0.0 - 3.1.1 \n2.1.0 - 2.3.0 | None | Low | OpenSSL command line tools* \nFirePass | 7.0.0 \n6.0.0 - 6.1.0 | None | Medium | OpenSSL \nBIG-IQ Cloud | 4.0.0 - 4.5.0 | None | Low | OpenSSL command line tools* \nBIG-IQ Device | 4.2.0 - 4.5.0 | None | Low | OpenSSL command line tools* \nBIG-IQ Security | 4.0.0 - 4.5.0 | None | Low | OpenSSL command line tools* \nBIG-IQ ADC | 4.5.0 | None | Low | OpenSSL command line tools* \nLineRate | None | 2.5.0 - 2.6.0 | Not vulnerable | None \nF5 WebSafe | None | 1.0.0 | Not vulnerable | None \nTraffix SDC | None | 4.0.0 - 4.1.0 \n3.3.2 - 3.5.1 | Not vulnerable | None \n \n*The BIG-IP data plane is not vulnerable to this CVE. The control plane is only vulnerable when a locally authenticated attacker uses the OpenSSL command line tool.\n\n**While BIG-IP 12.0.0 ships with an OpenSSL version prior to 1.0.1n, the libraries necessary to fix the issue were merged with the BIG-IP system's OpenSSL implementation.\n\n**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nTo mitigate this vulnerability, F5 recommends that you expose management access only on trusted networks.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "edition": 1, "modified": "2019-05-09T00:18:00", "published": "2015-09-16T04:20:00", "id": "F5:K16898", "href": "https://support.f5.com/csp/article/K16898", "title": "PKCS #7 vulnerability CVE-2015-1790", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2016-12-03T05:27:50", "bulletinFamily": "software", "cvelist": ["CVE-2015-4000"], "edition": 1, "description": "**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the **Severity** value. Security Advisory articles published before this date do not list a **Severity** value.\n\nVulnerability Recommended Actions\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\n**BIG-IP**\n\n**11.x**\n\nClient SSL profiles are not vulnerable in a default configuration. If you have configured custom Client SSL profiles, you can mitigate this vulnerability by configuring your Client SSL profile to exclude COMPAT, EXP, and EXPORT ciphers. To do so, refer to SOL13171: Configuring the cipher strength for SSL profiles (11.x).\n\nBIG-IP systems configured with Server SSL profiles or HTTPS health monitors are vulnerable as a client, when using EXPORT or DHE cipher suites, when the backend server supports EXPORT ciphers. To mitigate this issue, disable the use of EXPORT and DHE cipher suites. Adding !EXPORT, !COMPAT, and !DHE to the cipher string that is in use will do this, however, if a custom cipher string is in use, it must disable the use of both export and non-export grade DHE to mitigate this issue.\n\nBIG-IP systems configured for SSL Forward Proxy are vulnerable as a client, when using EXPORT or DHE cipher suites, when the backend server supports EXPORT ciphers. To mitigate this issue, disable the use of EXPORT and DHE cipher suites. Adding !EXPORT, !COMPAT, and !DHE to the cipher string that is in use will do this, however, if a custom cipher string is in use, it must disable the use of both export and non-export grade DHE to mitigate this issue.\n\n**10.x**\n\nClient SSL profiles are not vulnerable in a default configuration. If you have configured custom Client SSL profiles, you can mitigate this vulnerability by configuring your Client SSL profile to exclude COMPAT, EXP, and EXPORT ciphers.\u00c2 To do so, refer to SOL7815: Configuring the cipher strength for SSL profiles (9.x - 10.x).\n\nBIG-IP systems configured with Server SSL profiles or HTTPS health monitors are vulnerable as a client, when using EXPORT or DHE cipher suites, when the backend server supports EXPORT ciphers. To mitigate this issue, disable the use of EXPORT and DHE cipher suites. Adding !EXPORT, !COMPAT, and !DHE to the cipher string that is in use will do this, however, if a custom cipher string is in use, it must disable the use of both export and non-export grade DHE to mitigate this issue.\n\nTo mitigate this vulnerability in the BIG-IP Configuration utility, you can modify the Apache server configuration to exclude EXP and EXPORT ciphers. For example, the default SSL cipher string in your configuration may appear similar to the following example:\n\nALL:!ADH:!EXPORT56:!eNULL:!MD5:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP\n\nYou can mitigate this vulnerability by excluding the EXPORT and EXP ciphers by using a string similar to the following example:\n\nALL:!ADH:**!EXPORT**:!eNULL:!MD5:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2\n\nFor more information about restricting ciphers for Configuration utility access, refer to SOL6768: Restricting Configuration utility access to clients using high encryption SSL ciphers (9.x - 10.x).\n\n**Enterprise Manager**\n\nTo mitigate this vulnerability in the Enterprise Manager Configuration utility, you can modify the Apache server configuration to exclude EXP and EXPORT ciphers. For example, the default SSL cipher string in your configuration may appear similar to the following example:\n\nALL:!ADH:!EXPORT56:!eNULL:!MD5:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP\n\nYou can mitigate this vulnerability by excluding the EXPORT and EXP ciphers by using a string similar to the following example:\n\nALL:!ADH:**!EXPORT**:**!EXP**:!eNULL:!MD5:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2\n\nFor more information about restricting ciphers for Configuration utility access, refer to SOL6768: Restricting Configuration utility access to clients using high encryption SSL ciphers (9.x - 10.x).\n\n**ARX**\n\nTo mitigate this vulnerability, you can disable EXPORT grade SSL ciphers, such as SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA and SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, in the ARX GUI.\n\n**Traffix SDC**\n\nTraffix SDC configurations are not vulnerable with default cipher settings. To mitigate this vulnerability, do not configure EXPORT grade ciphers in the SDC configuration.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL10942: Installing OPSWAT hotfixes on BIG-IP APM systems\n", "modified": "2016-07-25T00:00:00", "published": "2015-05-21T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/600/sol16674.html", "id": "SOL16674", "title": "SOL16674 - TLS vulnerability CVE-2015-4000", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-26T17:23:03", "bulletinFamily": "software", "cvelist": ["CVE-2015-1790"], "edition": 1, "description": "*The BIG-IP data plane is not vulnerable to this CVE. The control plane is only vulnerable when a locally authenticated attacker uses the OpenSSL command line tool.\n\n** While BIG-IP v12.0.0 ships with an OpenSSL version prior to 1.0.1n, the libraries necessary to fix the issue were merged with the BIG-IP system's OpenSSL implementation.\n\n**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\nVulnerability Recommended Actions\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability, F5 recommends that you expose management access only on trusted networks.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n * SOL10025: Managing BIG-IP product hotfixes (10.x)\n * SOL9502: BIG-IP hotfix matrix\n", "modified": "2016-06-28T00:00:00", "published": "2015-07-07T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/800/sol16898.html", "id": "SOL16898", "title": "SOL16898 - PKCS #7 vulnerability CVE-2015-1790", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-01T05:05:34", "description": "Updated openssl packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nAn out-of-bounds read flaw was found in the X509_cmp_time() function\nof OpenSSL. A specially crafted X.509 certificate or a Certificate\nRevocation List (CRL) could possibly cause a TLS/SSL server or client\nusing OpenSSL to crash. (CVE-2015-1789)\n\nA NULL pointer dereference was found in the way OpenSSL handled\ncertain PKCS#7 inputs. A specially crafted PKCS#7 input with missing\nEncryptedContent data could cause an application using OpenSSL to\ncrash. (CVE-2015-1790)\n\nA flaw was found in the way the TLS protocol composes the\nDiffie-Hellman (DH) key exchange. A man-in-the-middle attacker could\nuse this flaw to force the use of weak 512 bit export-grade keys\nduring the key exchange, allowing them to decrypt all traffic.\n(CVE-2015-4000)\n\nNote: This update forces the TLS/SSL client implementation in OpenSSL\nto reject DH key sizes below 768 bits, which prevents sessions to be\ndowngraded to export-grade keys. Future updates may raise this limit\nto 1024 bits.\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2015-1789 and CVE-2015-1790. Upstream acknowledges Robert Swiecki\nand Hanno Bock as the original reporters of CVE-2015-1789, and Michal\nZalewski as the original reporter of CVE-2015-1790.\n\nAll openssl users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. For the\nupdate to take effect, all services linked to the OpenSSL library must\nbe restarted, or the system rebooted.", "edition": 27, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2015-06-30T00:00:00", "title": "RHEL 5 : openssl (RHSA-2015:1197) (Logjam)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4000", "CVE-2015-1789", "CVE-2015-1790"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo", "p-cpe:/a:redhat:enterprise_linux:openssl-perl", "p-cpe:/a:redhat:enterprise_linux:openssl", "p-cpe:/a:redhat:enterprise_linux:openssl-devel"], "id": "REDHAT-RHSA-2015-1197.NASL", "href": "https://www.tenable.com/plugins/nessus/84467", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1197. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84467);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2019/10/24 15:35:40\");\n\n script_cve_id(\"CVE-2015-1789\", \"CVE-2015-1790\", \"CVE-2015-4000\");\n script_xref(name:\"RHSA\", value:\"2015:1197\");\n\n script_name(english:\"RHEL 5 : openssl (RHSA-2015:1197) (Logjam)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssl packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nAn out-of-bounds read flaw was found in the X509_cmp_time() function\nof OpenSSL. A specially crafted X.509 certificate or a Certificate\nRevocation List (CRL) could possibly cause a TLS/SSL server or client\nusing OpenSSL to crash. (CVE-2015-1789)\n\nA NULL pointer dereference was found in the way OpenSSL handled\ncertain PKCS#7 inputs. A specially crafted PKCS#7 input with missing\nEncryptedContent data could cause an application using OpenSSL to\ncrash. (CVE-2015-1790)\n\nA flaw was found in the way the TLS protocol composes the\nDiffie-Hellman (DH) key exchange. A man-in-the-middle attacker could\nuse this flaw to force the use of weak 512 bit export-grade keys\nduring the key exchange, allowing them to decrypt all traffic.\n(CVE-2015-4000)\n\nNote: This update forces the TLS/SSL client implementation in OpenSSL\nto reject DH key sizes below 768 bits, which prevents sessions to be\ndowngraded to export-grade keys. Future updates may raise this limit\nto 1024 bits.\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2015-1789 and CVE-2015-1790. Upstream acknowledges Robert Swiecki\nand Hanno Bock as the original reporters of CVE-2015-1789, and Michal\nZalewski as the original reporter of CVE-2015-1790.\n\nAll openssl users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. For the\nupdate to take effect, all services linked to the OpenSSL library must\nbe restarted, or the system rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20150611.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:1197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4000\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1789\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1790\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/30\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1197\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"openssl-0.9.8e-36.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"openssl-debuginfo-0.9.8e-36.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"openssl-devel-0.9.8e-36.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"openssl-perl-0.9.8e-36.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"openssl-perl-0.9.8e-36.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"openssl-perl-0.9.8e-36.el5_11\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-06T09:30:12", "description": "Updated openssl packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nAn out-of-bounds read flaw was found in the X509_cmp_time() function\nof OpenSSL. A specially crafted X.509 certificate or a Certificate\nRevocation List (CRL) could possibly cause a TLS/SSL server or client\nusing OpenSSL to crash. (CVE-2015-1789)\n\nA NULL pointer dereference was found in the way OpenSSL handled\ncertain PKCS#7 inputs. A specially crafted PKCS#7 input with missing\nEncryptedContent data could cause an application using OpenSSL to\ncrash. (CVE-2015-1790)\n\nA flaw was found in the way the TLS protocol composes the\nDiffie-Hellman (DH) key exchange. A man-in-the-middle attacker could\nuse this flaw to force the use of weak 512 bit export-grade keys\nduring the key exchange, allowing them to decrypt all traffic.\n(CVE-2015-4000)\n\nNote: This update forces the TLS/SSL client implementation in OpenSSL\nto reject DH key sizes below 768 bits, which prevents sessions to be\ndowngraded to export-grade keys. Future updates may raise this limit\nto 1024 bits.\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2015-1789 and CVE-2015-1790. Upstream acknowledges Robert Swiecki\nand Hanno Bock as the original reporters of CVE-2015-1789, and Michal\nZalewski as the original reporter of CVE-2015-1790.\n\nAll openssl users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. For the\nupdate to take effect, all services linked to the OpenSSL library must\nbe restarted, or the system rebooted.", "edition": 29, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2015-07-06T00:00:00", "title": "CentOS 5 : openssl (CESA-2015:1197) (Logjam)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4000", "CVE-2015-1789", "CVE-2015-1790"], "modified": "2015-07-06T00:00:00", "cpe": ["p-cpe:/a:centos:centos:openssl-perl", "p-cpe:/a:centos:centos:openssl-devel", "p-cpe:/a:centos:centos:openssl", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2015-1197.NASL", "href": "https://www.tenable.com/plugins/nessus/84506", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1197 and \n# CentOS Errata and Security Advisory 2015:1197 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84506);\n script_version(\"2.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-1789\", \"CVE-2015-1790\", \"CVE-2015-4000\");\n script_bugtraq_id(74733, 75156, 75157);\n script_xref(name:\"RHSA\", value:\"2015:1197\");\n\n script_name(english:\"CentOS 5 : openssl (CESA-2015:1197) (Logjam)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssl packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nAn out-of-bounds read flaw was found in the X509_cmp_time() function\nof OpenSSL. A specially crafted X.509 certificate or a Certificate\nRevocation List (CRL) could possibly cause a TLS/SSL server or client\nusing OpenSSL to crash. (CVE-2015-1789)\n\nA NULL pointer dereference was found in the way OpenSSL handled\ncertain PKCS#7 inputs. A specially crafted PKCS#7 input with missing\nEncryptedContent data could cause an application using OpenSSL to\ncrash. (CVE-2015-1790)\n\nA flaw was found in the way the TLS protocol composes the\nDiffie-Hellman (DH) key exchange. A man-in-the-middle attacker could\nuse this flaw to force the use of weak 512 bit export-grade keys\nduring the key exchange, allowing them to decrypt all traffic.\n(CVE-2015-4000)\n\nNote: This update forces the TLS/SSL client implementation in OpenSSL\nto reject DH key sizes below 768 bits, which prevents sessions to be\ndowngraded to export-grade keys. Future updates may raise this limit\nto 1024 bits.\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2015-1789 and CVE-2015-1790. Upstream acknowledges Robert Swiecki\nand Hanno Bock as the original reporters of CVE-2015-1789, and Michal\nZalewski as the original reporter of CVE-2015-1790.\n\nAll openssl users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. For the\nupdate to take effect, all services linked to the OpenSSL library must\nbe restarted, or the system rebooted.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-July/021230.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4d8b9b4f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-1790\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/06\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"openssl-0.9.8e-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openssl-devel-0.9.8e-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openssl-perl-0.9.8e-36.el5_11\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-perl\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T14:22:46", "description": "OpenSSL was updated to fix several security issues.\n\nCVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by\nrejecting connections with DH parameters shorter than 1024 bits. We\nnow also generate 2048-bit DH parameters by default.\n\nCVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed.\n\nCVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was\nfixed.\n\nfixed a timing side channel in RSA decryption (bnc#929678)\n\nAdditional changes :\n\nIn the default SSL cipher string EXPORT ciphers are now disabled. This\nwill only get active if applications get rebuilt and actually use this\nstring. (bnc#931698)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 28, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2015-07-07T00:00:00", "title": "SUSE SLED11 / SLES10 Security Update : OpenSSL (SUSE-SU-2015:1183-2) (Logjam)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4000", "CVE-2015-1789", "CVE-2015-1790"], "modified": "2015-07-07T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:compat-openssl097g", "cpe:/o:novell:suse_linux:11", "cpe:/o:novell:suse_linux:10"], "id": "SUSE_SU-2015-1183-2.NASL", "href": "https://www.tenable.com/plugins/nessus/84560", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1183-2.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84560);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-1789\", \"CVE-2015-1790\", \"CVE-2015-4000\");\n script_bugtraq_id(74733, 75156, 75157);\n\n script_name(english:\"SUSE SLED11 / SLES10 Security Update : OpenSSL (SUSE-SU-2015:1183-2) (Logjam)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"OpenSSL was updated to fix several security issues.\n\nCVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by\nrejecting connections with DH parameters shorter than 1024 bits. We\nnow also generate 2048-bit DH parameters by default.\n\nCVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed.\n\nCVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was\nfixed.\n\nfixed a timing side channel in RSA decryption (bnc#929678)\n\nAdditional changes :\n\nIn the default SSL cipher string EXPORT ciphers are now disabled. This\nwill only get active if applications get rebuilt and actually use this\nstring. (bnc#931698)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=929678\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=931698\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=934489\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=934491\"\n );\n # https://download.suse.com/patch/finder/?keywords=31613a0a584dc47c4e6779e1a0a09b87\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?157a7562\"\n );\n # https://download.suse.com/patch/finder/?keywords=9cebc5e391114f90b2cb9133b6763127\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c5987976\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-1789/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-1790/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4000/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151183-2.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?36e9e59a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Desktop 11 SP3 :\n\nzypper in -t patch sledsp3-compat-openssl097g=10790\n\nSLES for SAP Applications :\n\nzypper in -t patch slesappsp3-compat-openssl097g=10790\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:compat-openssl097g\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/07\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED11|SLES10)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED11 / SLES10\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES10\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES10 SP4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED11\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED11 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"x86_64\", reference:\"compat-openssl097g-32bit-0.9.7g-13.31.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"s390x\", reference:\"compat-openssl097g-32bit-0.9.7g-13.31.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"compat-openssl097g-0.9.7g-13.31.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"compat-openssl097g-0.9.7g-146.22.31.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"compat-openssl097g-32bit-0.9.7g-146.22.31.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"compat-openssl097g-0.9.7g-146.22.31.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenSSL\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T12:49:59", "description": "From Red Hat Security Advisory 2015:1197 :\n\nUpdated openssl packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nAn out-of-bounds read flaw was found in the X509_cmp_time() function\nof OpenSSL. A specially crafted X.509 certificate or a Certificate\nRevocation List (CRL) could possibly cause a TLS/SSL server or client\nusing OpenSSL to crash. (CVE-2015-1789)\n\nA NULL pointer dereference was found in the way OpenSSL handled\ncertain PKCS#7 inputs. A specially crafted PKCS#7 input with missing\nEncryptedContent data could cause an application using OpenSSL to\ncrash. (CVE-2015-1790)\n\nA flaw was found in the way the TLS protocol composes the\nDiffie-Hellman (DH) key exchange. A man-in-the-middle attacker could\nuse this flaw to force the use of weak 512 bit export-grade keys\nduring the key exchange, allowing them to decrypt all traffic.\n(CVE-2015-4000)\n\nNote: This update forces the TLS/SSL client implementation in OpenSSL\nto reject DH key sizes below 768 bits, which prevents sessions to be\ndowngraded to export-grade keys. Future updates may raise this limit\nto 1024 bits.\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2015-1789 and CVE-2015-1790. Upstream acknowledges Robert Swiecki\nand Hanno Bock as the original reporters of CVE-2015-1789, and Michal\nZalewski as the original reporter of CVE-2015-1790.\n\nAll openssl users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. For the\nupdate to take effect, all services linked to the OpenSSL library must\nbe restarted, or the system rebooted.", "edition": 26, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2015-07-01T00:00:00", "title": "Oracle Linux 5 : openssl (ELSA-2015-1197) (Logjam)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4000", "CVE-2015-1789", "CVE-2015-1790"], "modified": "2015-07-01T00:00:00", "cpe": ["cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:openssl-devel", "p-cpe:/a:oracle:linux:openssl", "p-cpe:/a:oracle:linux:openssl-perl"], "id": "ORACLELINUX_ELSA-2015-1197.NASL", "href": "https://www.tenable.com/plugins/nessus/84485", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:1197 and \n# Oracle Linux Security Advisory ELSA-2015-1197 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84485);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-1789\", \"CVE-2015-1790\", \"CVE-2015-4000\");\n script_bugtraq_id(71937, 71939, 71942, 74733, 75156, 75157);\n script_xref(name:\"RHSA\", value:\"2015:1197\");\n\n script_name(english:\"Oracle Linux 5 : openssl (ELSA-2015-1197) (Logjam)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:1197 :\n\nUpdated openssl packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nAn out-of-bounds read flaw was found in the X509_cmp_time() function\nof OpenSSL. A specially crafted X.509 certificate or a Certificate\nRevocation List (CRL) could possibly cause a TLS/SSL server or client\nusing OpenSSL to crash. (CVE-2015-1789)\n\nA NULL pointer dereference was found in the way OpenSSL handled\ncertain PKCS#7 inputs. A specially crafted PKCS#7 input with missing\nEncryptedContent data could cause an application using OpenSSL to\ncrash. (CVE-2015-1790)\n\nA flaw was found in the way the TLS protocol composes the\nDiffie-Hellman (DH) key exchange. A man-in-the-middle attacker could\nuse this flaw to force the use of weak 512 bit export-grade keys\nduring the key exchange, allowing them to decrypt all traffic.\n(CVE-2015-4000)\n\nNote: This update forces the TLS/SSL client implementation in OpenSSL\nto reject DH key sizes below 768 bits, which prevents sessions to be\ndowngraded to export-grade keys. Future updates may raise this limit\nto 1024 bits.\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2015-1789 and CVE-2015-1790. Upstream acknowledges Robert Swiecki\nand Hanno Bock as the original reporters of CVE-2015-1789, and Michal\nZalewski as the original reporter of CVE-2015-1790.\n\nAll openssl users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. For the\nupdate to take effect, all services linked to the OpenSSL library must\nbe restarted, or the system rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-June/005186.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/01\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"openssl-0.9.8e-36.0.1.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"openssl-devel-0.9.8e-36.0.1.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"openssl-perl-0.9.8e-36.0.1.el5_11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-perl\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T13:48:48", "description": "An out-of-bounds read flaw was found in the X509_cmp_time() function\nof OpenSSL. A specially crafted X.509 certificate or a Certificate\nRevocation List (CRL) could possibly cause a TLS/SSL server or client\nusing OpenSSL to crash. (CVE-2015-1789)\n\nA NULL pointer dereference was found in the way OpenSSL handled\ncertain PKCS#7 inputs. A specially crafted PKCS#7 input with missing\nEncryptedContent data could cause an application using OpenSSL to\ncrash. (CVE-2015-1790)\n\nA flaw was found in the way the TLS protocol composes the\nDiffie-Hellman (DH) key exchange. A man-in-the-middle attacker could\nuse this flaw to force the use of weak 512 bit export-grade keys\nduring the key exchange, allowing them to decrypt all traffic.\n(CVE-2015-4000)\n\nNote: This update forces the TLS/SSL client implementation in OpenSSL\nto reject DH key sizes below 768 bits, which prevents sessions to be\ndowngraded to export-grade keys. Future updates may raise this limit\nto 1024 bits.\n\nFor the update to take effect, all services linked to the OpenSSL\nlibrary must be restarted, or the system rebooted.", "edition": 15, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2015-07-06T00:00:00", "title": "Scientific Linux Security Update : openssl on SL5.x i386/x86_64 (20150630) (Logjam)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4000", "CVE-2015-1789", "CVE-2015-1790"], "modified": "2015-07-06T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:openssl-devel", "p-cpe:/a:fermilab:scientific_linux:openssl-debuginfo", "p-cpe:/a:fermilab:scientific_linux:openssl", "p-cpe:/a:fermilab:scientific_linux:openssl-perl", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20150630_OPENSSL_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/84542", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84542);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-1789\", \"CVE-2015-1790\", \"CVE-2015-4000\");\n\n script_name(english:\"Scientific Linux Security Update : openssl on SL5.x i386/x86_64 (20150630) (Logjam)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An out-of-bounds read flaw was found in the X509_cmp_time() function\nof OpenSSL. A specially crafted X.509 certificate or a Certificate\nRevocation List (CRL) could possibly cause a TLS/SSL server or client\nusing OpenSSL to crash. (CVE-2015-1789)\n\nA NULL pointer dereference was found in the way OpenSSL handled\ncertain PKCS#7 inputs. A specially crafted PKCS#7 input with missing\nEncryptedContent data could cause an application using OpenSSL to\ncrash. (CVE-2015-1790)\n\nA flaw was found in the way the TLS protocol composes the\nDiffie-Hellman (DH) key exchange. A man-in-the-middle attacker could\nuse this flaw to force the use of weak 512 bit export-grade keys\nduring the key exchange, allowing them to decrypt all traffic.\n(CVE-2015-4000)\n\nNote: This update forces the TLS/SSL client implementation in OpenSSL\nto reject DH key sizes below 768 bits, which prevents sessions to be\ndowngraded to export-grade keys. Future updates may raise this limit\nto 1024 bits.\n\nFor the update to take effect, all services linked to the OpenSSL\nlibrary must be restarted, or the system rebooted.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1506&L=scientific-linux-errata&F=&S=&P=15584\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?aa970612\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/06\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 5.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"openssl-0.9.8e-36.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openssl-debuginfo-0.9.8e-36.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openssl-devel-0.9.8e-36.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openssl-perl-0.9.8e-36.el5_11\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T14:22:45", "description": "OpenSSL was updated to fix several security issues.\n\nCVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by\nrejecting connections with DH parameters shorter than 1024 bits. We\nnow also generate 2048-bit DH parameters by default.\n\nCVE-2015-1788: Malformed ECParameters could cause an infinite loop.\n\nCVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed.\n\nCVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was\nfixed.\n\nfixed a timing side channel in RSA decryption (bnc#929678)\n\nAdditional changes :\n\nIn the default SSL cipher string EXPORT ciphers are now disabled. This\nwill only get active if applications get rebuilt and actually use this\nstring. (bnc#931698)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 28, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2015-07-07T00:00:00", "title": "SUSE SLES10 Security Update : OpenSSL (SUSE-SU-2015:1181-2) (Logjam)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4000", "CVE-2015-1789", "CVE-2015-1788", "CVE-2015-1790"], "modified": "2015-07-07T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:openssl-doc", "p-cpe:/a:novell:suse_linux:openssl-devel", "p-cpe:/a:novell:suse_linux:openssl", "cpe:/o:novell:suse_linux:10"], "id": "SUSE_SU-2015-1181-2.NASL", "href": "https://www.tenable.com/plugins/nessus/84558", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1181-2.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84558);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-1788\", \"CVE-2015-1789\", \"CVE-2015-1790\", \"CVE-2015-4000\");\n script_bugtraq_id(74733, 75156, 75157, 75158);\n\n script_name(english:\"SUSE SLES10 Security Update : OpenSSL (SUSE-SU-2015:1181-2) (Logjam)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"OpenSSL was updated to fix several security issues.\n\nCVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by\nrejecting connections with DH parameters shorter than 1024 bits. We\nnow also generate 2048-bit DH parameters by default.\n\nCVE-2015-1788: Malformed ECParameters could cause an infinite loop.\n\nCVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed.\n\nCVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was\nfixed.\n\nfixed a timing side channel in RSA decryption (bnc#929678)\n\nAdditional changes :\n\nIn the default SSL cipher string EXPORT ciphers are now disabled. This\nwill only get active if applications get rebuilt and actually use this\nstring. (bnc#931698)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=929678\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=931698\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=934487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=934489\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=934491\"\n );\n # https://download.suse.com/patch/finder/?keywords=9f7ad0f893ed0c841ceae726daca55cd\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cfee53bc\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-1788/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-1789/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-1790/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4000/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151181-2.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?564cd0d6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected OpenSSL packages\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/07\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES10)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES10\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES10\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES10 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"x86_64\", reference:\"openssl-32bit-0.9.8a-18.92.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"x86_64\", reference:\"openssl-devel-32bit-0.9.8a-18.92.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"s390x\", reference:\"openssl-32bit-0.9.8a-18.92.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"s390x\", reference:\"openssl-devel-32bit-0.9.8a-18.92.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"openssl-0.9.8a-18.92.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"openssl-devel-0.9.8a-18.92.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"openssl-doc-0.9.8a-18.92.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenSSL\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-01T15:30:10", "description": "The IBM WebSphere Application Server running on the remote host is version 6.1.0.x through 6.1.0.47, 7.0.0.x prior to\n7.0.0.39, 8.0.0.x prior to 8.0.0.11, or 8.5.0.x prior to 8.5.5.7. It is, therefore, affected by an information\ndisclosure vulnerability due to a failure to properly convey a DHE_EXPORT ciphersuite choice (LogJam). A remote,\nunauthenticated attacker can exploit this, using man in the middle techniques, to force a downgrade to 512-bit export-\ngrade cipher in order to recover the session key and modify the contents of the traffic.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 3, "cvss3": {"score": 3.7, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "published": "2020-10-27T00:00:00", "title": "IBM WebSphere Application Server 6.1.0.x <= 6.1.0.47 / 7.0.0.x < 7.0.0.39 / 8.0.0.x < 8.0.0.11 / 8.5.x < 8.5.5.7 LogJam (CVE-2015-4000)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4000"], "modified": "2020-10-27T00:00:00", "cpe": ["cpe:/a:ibm:websphere_application_server"], "id": "WEBSPHERE_527817.NASL", "href": "https://www.tenable.com/plugins/nessus/141914", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141914);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/30\");\n\n script_cve_id(\"CVE-2015-4000\");\n\n script_name(english:\"IBM WebSphere Application Server 6.1.0.x <= 6.1.0.47 / 7.0.0.x < 7.0.0.39 / 8.0.0.x < 8.0.0.11 / 8.5.x < 8.5.5.7 LogJam (CVE-2015-4000)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web application server is affected by an information disclosure vulnerability\");\n script_set_attribute(attribute:\"description\", value:\n\"The IBM WebSphere Application Server running on the remote host is version 6.1.0.x through 6.1.0.47, 7.0.0.x prior to\n7.0.0.39, 8.0.0.x prior to 8.0.0.11, or 8.5.0.x prior to 8.5.5.7. It is, therefore, affected by an information\ndisclosure vulnerability due to a failure to properly convey a DHE_EXPORT ciphersuite choice (LogJam). A remote,\nunauthenticated attacker can exploit this, using man in the middle techniques, to force a downgrade to 512-bit export-\ngrade cipher in order to recover the session key and modify the contents of the traffic.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.ibm.com/support/pages/node/527817\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to IBM WebSphere Application Server 7.0.0.30, 8.0.0.11, 8.5.5.7, or later. Alternatively, upgrade to the\nminimal fix pack levels required by the interim fix and then apply Interim Fix and update recommended in the vendor\nadvisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-4000\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/27\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:websphere_application_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"websphere_detect.nasl\", \"ibm_enum_products.nbin\", \"ibm_websphere_application_server_nix_installed.nbin\");\n script_require_keys(\"installed_sw/IBM WebSphere Application Server\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\n# Not checking workarounds\nif (report_paranoia < 2)\n audit(AUDIT_PARANOID);\n\napp = 'IBM WebSphere Application Server';\nfix = 'Interim Fix ';\n\nget_install_count(app_name:app, exit_if_zero:TRUE);\napp_info = vcf::combined_get_app_info(app:app);\nvcf::check_granularity(app_info:app_info, sig_segments:4);\n\nif (app_info['version'] =~ \"^8\\.5\")\n{\n pi = 'PI42776';\n fix += pi;\n}\nelse if (app_info['version'] =~ \"^8\\.0\")\n{\n pi = 'PI42777';\n fix += pi;\n}\nelse if (app_info['version'] =~ \"^7\\.0\")\n{\n pi = 'PI42778';\n fix += pi;\n}\nelse if (app_info['version'] =~ \"^6\\.1\")\n{\n pi = 'PI42779';\n fix += pi;\n}\nelse\n audit(AUDIT_INST_VER_NOT_VULN, app, app_info['version']);\n\n# If the detection is only remote, Source will be set, and we should require paranoia\nif (!empty_or_null(app_info['Source']) && app_info['Source'] != 'unknown' && report_paranoia < 2)\n audit(AUDIT_PARANOID);\n\nif (pi >< app_info['Fixes'])\n audit(AUDIT_INST_VER_NOT_VULN, app);\n\nconstraints = [\n {'min_version':'6.1.0.0', 'max_version':'6.1.0.47', 'fixed_version':fix},\n {'min_version':'7.0.0.0', 'max_version':'7.0.0.37', 'fixed_version':'7.0.0.39 or ' + fix},\n {'min_version':'8.0.0.0', 'max_version':'8.0.0.10', 'fixed_version':'8.0.0.11 or ' + fix},\n {'min_version':'8.5.0.0', 'max_version':'8.5.5.6', 'fixed_version':'8.5.5.7 or ' + fix}\n];\n\nvcf::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_WARNING\n);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-01T04:33:04", "description": "According to its banner, the remote web server uses a version of\nOpenSSL 1.0.1 prior to 1.0.1n. The OpenSSL library is, therefore,\naffected by the following vulnerabilities :\n\n - A denial of service vulnerability exists when processing\n an ECParameters structure due to an infinite loop that\n occurs when a specified curve is over a malformed binary\n polynomial field. A remote attacker can exploit this to\n perform a denial of service against any system that\n processes public keys, certificate requests, or\n certificates. This includes TLS clients and TLS servers\n with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper\n validation of the content and length of the\n ASN1_TIME string by the X509_cmp_time() function. A\n remote attacker can exploit this, via a malformed\n certificate and CRLs of various sizes, to cause a\n segmentation fault, resulting in a denial of service\n condition. TLS clients that verify CRLs are affected.\n TLS clients and servers with client authentication\n enabled may be affected if they use custom verification\n callbacks. (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7\n parsing code due to incorrect handling of missing inner\n 'EncryptedContent'. This allows a remote attacker, via\n specially crafted ASN.1-encoded PKCS#7 blobs with\n missing content, to cause a denial of service condition\n or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that\n occurs when a NewSessionTicket is received by a\n multi-threaded client when attempting to reuse a\n previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code\n due to an infinite loop that occurs when verifying a\n signedData message. A remote attacker can exploit this\n to cause a denial of service condition. (CVE-2015-1792)\n\n - A man-in-the-middle vulnerability exists, known as\n Logjam, due to a flaw in the SSL/TLS protocol. A remote\n attacker can exploit this flaw to downgrade connections\n using ephemeral Diffie-Hellman key exchange to 512-bit\n export-grade cryptography. (CVE-2015-4000)", "edition": 24, "published": "2015-06-12T00:00:00", "title": "OpenSSL 1.0.1 < 1.0.1n Multiple Vulnerabilities (Logjam)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4000", "CVE-2015-1792", "CVE-2015-1789", "CVE-2015-1788", "CVE-2015-1790", "CVE-2015-1791"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_1_0_1N.NASL", "href": "https://www.tenable.com/plugins/nessus/84153", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84153);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/07/16 14:09:14\");\n\n script_cve_id(\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-4000\"\n );\n script_bugtraq_id(\n 74733,\n 75154,\n 75156,\n 75157,\n 75158,\n 75161\n );\n\n script_name(english:\"OpenSSL 1.0.1 < 1.0.1n Multiple Vulnerabilities (Logjam)\");\n script_summary(english:\"Performs a banner check.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote service is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote web server uses a version of\nOpenSSL 1.0.1 prior to 1.0.1n. The OpenSSL library is, therefore,\naffected by the following vulnerabilities :\n\n - A denial of service vulnerability exists when processing\n an ECParameters structure due to an infinite loop that\n occurs when a specified curve is over a malformed binary\n polynomial field. A remote attacker can exploit this to\n perform a denial of service against any system that\n processes public keys, certificate requests, or\n certificates. This includes TLS clients and TLS servers\n with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper\n validation of the content and length of the\n ASN1_TIME string by the X509_cmp_time() function. A\n remote attacker can exploit this, via a malformed\n certificate and CRLs of various sizes, to cause a\n segmentation fault, resulting in a denial of service\n condition. TLS clients that verify CRLs are affected.\n TLS clients and servers with client authentication\n enabled may be affected if they use custom verification\n callbacks. (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7\n parsing code due to incorrect handling of missing inner\n 'EncryptedContent'. This allows a remote attacker, via\n specially crafted ASN.1-encoded PKCS#7 blobs with\n missing content, to cause a denial of service condition\n or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that\n occurs when a NewSessionTicket is received by a\n multi-threaded client when attempting to reuse a\n previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code\n due to an infinite loop that occurs when verifying a\n signedData message. A remote attacker can exploit this\n to cause a denial of service condition. (CVE-2015-1792)\n\n - A man-in-the-middle vulnerability exists, known as\n Logjam, due to a flaw in the SSL/TLS protocol. A remote\n attacker can exploit this flaw to downgrade connections\n using ephemeral Diffie-Hellman key exchange to 512-bit\n export-grade cryptography. (CVE-2015-4000)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20150611.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://weakdh.org/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to OpenSSL 1.0.1n or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:'1.0.1n', min:\"1.0.1\", severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T04:33:05", "description": "According to its banner, the remote web server uses a version of\nOpenSSL 1.0.2 prior to 1.0.2b. The OpenSSL library is, therefore,\naffected by the following vulnerabilities :\n\n - A denial of service vulnerability exists when processing\n an ECParameters structure due to an infinite loop that\n occurs when a specified curve is over a malformed binary\n polynomial field. A remote attacker can exploit this to\n perform a denial of service against any system that\n processes public keys, certificate requests, or\n certificates. This includes TLS clients and TLS servers\n with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper\n validation of the content and length of the\n ASN1_TIME string by the X509_cmp_time() function. A\n remote attacker can exploit this, via a malformed\n certificate and CRLs of various sizes, to cause a\n segmentation fault, resulting in a denial of service\n condition. TLS clients that verify CRLs are affected.\n TLS clients and servers with client authentication\n enabled may be affected if they use custom verification\n callbacks. (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7\n parsing code due to incorrect handling of missing inner\n 'EncryptedContent'. This allows a remote attacker, via\n specially crafted ASN.1-encoded PKCS#7 blobs with\n missing content, to cause a denial of service condition\n or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that\n occurs when a NewSessionTicket is received by a\n multi-threaded client when attempting to reuse a\n previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code\n due to an infinite loop that occurs when verifying a\n signedData message. A remote attacker can exploit this\n to cause a denial of service condition. (CVE-2015-1792)\n\n - A man-in-the-middle vulnerability, known as Logjam,\n exists due to a flaw in the SSL/TLS protocol. A remote\n attacker can exploit this flaw to downgrade connections\n using ephemeral Diffie-Hellman key exchange to 512-bit\n export-grade cryptography. (CVE-2015-4000)", "edition": 24, "published": "2015-06-12T00:00:00", "title": "OpenSSL 1.0.2 < 1.0.2b Multiple Vulnerabilities (Logjam)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4000", "CVE-2015-1792", "CVE-2015-1789", "CVE-2015-1788", "CVE-2015-1790", "CVE-2015-1791"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_1_0_2B.NASL", "href": "https://www.tenable.com/plugins/nessus/84154", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84154);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/07/16 14:09:14\");\n\n script_cve_id(\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-4000\"\n );\n script_bugtraq_id(\n 74733,\n 75154,\n 75156,\n 75157,\n 75158,\n 75161\n );\n\n script_name(english:\"OpenSSL 1.0.2 < 1.0.2b Multiple Vulnerabilities (Logjam)\");\n script_summary(english:\"Performs a banner check.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote service is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote web server uses a version of\nOpenSSL 1.0.2 prior to 1.0.2b. The OpenSSL library is, therefore,\naffected by the following vulnerabilities :\n\n - A denial of service vulnerability exists when processing\n an ECParameters structure due to an infinite loop that\n occurs when a specified curve is over a malformed binary\n polynomial field. A remote attacker can exploit this to\n perform a denial of service against any system that\n processes public keys, certificate requests, or\n certificates. This includes TLS clients and TLS servers\n with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper\n validation of the content and length of the\n ASN1_TIME string by the X509_cmp_time() function. A\n remote attacker can exploit this, via a malformed\n certificate and CRLs of various sizes, to cause a\n segmentation fault, resulting in a denial of service\n condition. TLS clients that verify CRLs are affected.\n TLS clients and servers with client authentication\n enabled may be affected if they use custom verification\n callbacks. (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7\n parsing code due to incorrect handling of missing inner\n 'EncryptedContent'. This allows a remote attacker, via\n specially crafted ASN.1-encoded PKCS#7 blobs with\n missing content, to cause a denial of service condition\n or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that\n occurs when a NewSessionTicket is received by a\n multi-threaded client when attempting to reuse a\n previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code\n due to an infinite loop that occurs when verifying a\n signedData message. A remote attacker can exploit this\n to cause a denial of service condition. (CVE-2015-1792)\n\n - A man-in-the-middle vulnerability, known as Logjam,\n exists due to a flaw in the SSL/TLS protocol. A remote\n attacker can exploit this flaw to downgrade connections\n using ephemeral Diffie-Hellman key exchange to 512-bit\n export-grade cryptography. (CVE-2015-4000)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20150611.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://weakdh.org/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to OpenSSL 1.0.2b or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:'1.0.2b', min:\"1.0.2\", severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:43:32", "description": "Multiple vulnerabilities were discovered in OpenSSL, a Secure Sockets\nLayer toolkit.\n\nCVE-2014-8176\n\nPraveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that\nan invalid memory free could be triggered when buffering DTLS data.\nThis could allow remote attackers to cause a denial of service (crash)\nor potentially execute arbitrary code. This issue only affected the\noldstable distribution (wheezy).\n\nCVE-2015-1789\n\nRobert Swiecki and Hanno B??ck discovered that the X509_cmp_time\nfunction could read a few bytes out of bounds. This could allow remote\nattackers to cause a denial of service (crash) via crafted\ncertificates and CRLs.\n\nCVE-2015-1790\n\nMichal Zalewski discovered that the PKCS#7 parsing code did not\nproperly handle missing content which could lead to a NULL pointer\ndereference. This could allow remote attackers to cause a denial of\nservice (crash) via crafted ASN.1-encoded PKCS#7 blobs.\n\nCVE-2015-1791\n\nEmilia K??sper discovered that a race condition could occur due to\nincorrect handling of NewSessionTicket in a multi-threaded client,\nleading to a double free. This could allow remote attackers to cause a\ndenial of service (crash).\n\nCVE-2015-1792\n\nJohannes Bauer discovered that the CMS code could enter an infinite\nloop when verifying a signedData message, if presented with an unknown\nhash function OID. This could allow remote attackers to cause a denial\nof service.\n\nAdditionally OpenSSL will now reject handshakes using DH parameters\nshorter than 768 bits as a countermeasure against the Logjam attack\n(CVE-2015-4000).\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 17, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2015-06-18T00:00:00", "title": "Debian DLA-247-1 : openssl security update (Logjam)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4000", "CVE-2015-1792", "CVE-2015-1789", "CVE-2014-8176", "CVE-2015-1790", "CVE-2015-1791"], "modified": "2015-06-18T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:libssl0.9.8-dbg", "p-cpe:/a:debian:debian_linux:libssl-dev", "p-cpe:/a:debian:debian_linux:libcrypto0.9.8-udeb", "p-cpe:/a:debian:debian_linux:libssl0.9.8", "p-cpe:/a:debian:debian_linux:openssl"], "id": "DEBIAN_DLA-247.NASL", "href": "https://www.tenable.com/plugins/nessus/84253", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-247-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84253);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-8176\", \"CVE-2015-1789\", \"CVE-2015-1790\", \"CVE-2015-1791\", \"CVE-2015-1792\", \"CVE-2015-4000\");\n script_bugtraq_id(74733, 75154, 75156, 75157, 75159, 75161);\n\n script_name(english:\"Debian DLA-247-1 : openssl security update (Logjam)\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were discovered in OpenSSL, a Secure Sockets\nLayer toolkit.\n\nCVE-2014-8176\n\nPraveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that\nan invalid memory free could be triggered when buffering DTLS data.\nThis could allow remote attackers to cause a denial of service (crash)\nor potentially execute arbitrary code. This issue only affected the\noldstable distribution (wheezy).\n\nCVE-2015-1789\n\nRobert Swiecki and Hanno B??ck discovered that the X509_cmp_time\nfunction could read a few bytes out of bounds. This could allow remote\nattackers to cause a denial of service (crash) via crafted\ncertificates and CRLs.\n\nCVE-2015-1790\n\nMichal Zalewski discovered that the PKCS#7 parsing code did not\nproperly handle missing content which could lead to a NULL pointer\ndereference. This could allow remote attackers to cause a denial of\nservice (crash) via crafted ASN.1-encoded PKCS#7 blobs.\n\nCVE-2015-1791\n\nEmilia K??sper discovered that a race condition could occur due to\nincorrect handling of NewSessionTicket in a multi-threaded client,\nleading to a double free. This could allow remote attackers to cause a\ndenial of service (crash).\n\nCVE-2015-1792\n\nJohannes Bauer discovered that the CMS code could enter an infinite\nloop when verifying a signedData message, if presented with an unknown\nhash function OID. This could allow remote attackers to cause a denial\nof service.\n\nAdditionally OpenSSL will now reject handshakes using DH parameters\nshorter than 768 bits as a countermeasure against the Logjam attack\n(CVE-2015-4000).\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/06/msg00013.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/openssl\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcrypto0.9.8-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl0.9.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl0.9.8-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/17\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libcrypto0.9.8-udeb\", reference:\"0.9.8o-4squeeze21\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libssl-dev\", reference:\"0.9.8o-4squeeze21\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libssl0.9.8\", reference:\"0.9.8o-4squeeze21\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libssl0.9.8-dbg\", reference:\"0.9.8o-4squeeze21\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openssl\", reference:\"0.9.8o-4squeeze21\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:44:49", "bulletinFamily": "unix", "cvelist": ["CVE-2015-1789", "CVE-2015-1790", "CVE-2015-4000"], "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nAn out-of-bounds read flaw was found in the X509_cmp_time() function of\nOpenSSL. A specially crafted X.509 certificate or a Certificate Revocation\nList (CRL) could possibly cause a TLS/SSL server or client using OpenSSL\nto crash. (CVE-2015-1789)\n\nA NULL pointer dereference was found in the way OpenSSL handled certain\nPKCS#7 inputs. A specially crafted PKCS#7 input with missing\nEncryptedContent data could cause an application using OpenSSL to crash.\n(CVE-2015-1790)\n\nA flaw was found in the way the TLS protocol composes the Diffie-Hellman \n(DH) key exchange. A man-in-the-middle attacker could use this flaw to \nforce the use of weak 512 bit export-grade keys during the key exchange, \nallowing them to decrypt all traffic. (CVE-2015-4000)\n\nNote: This update forces the TLS/SSL client implementation in OpenSSL to \nreject DH key sizes below 768 bits, which prevents sessions to be \ndowngraded to export-grade keys. Future updates may raise this limit to \n1024 bits.\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2015-1789\nand CVE-2015-1790. Upstream acknowledges Robert Swiecki and Hanno Bock as\nthe original reporters of CVE-2015-1789, and Michal Zalewski as the\noriginal reporter of CVE-2015-1790.\n\nAll openssl users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library must be restarted, or\nthe system rebooted.\n", "modified": "2017-09-08T12:10:33", "published": "2015-06-30T04:00:00", "id": "RHSA-2015:1197", "href": "https://access.redhat.com/errata/RHSA-2015:1197", "type": "redhat", "title": "(RHSA-2015:1197) Moderate: openssl security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:25:40", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4000", "CVE-2015-1789", "CVE-2015-1790"], "description": "**CentOS Errata and Security Advisory** CESA-2015:1197\n\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nAn out-of-bounds read flaw was found in the X509_cmp_time() function of\nOpenSSL. A specially crafted X.509 certificate or a Certificate Revocation\nList (CRL) could possibly cause a TLS/SSL server or client using OpenSSL\nto crash. (CVE-2015-1789)\n\nA NULL pointer dereference was found in the way OpenSSL handled certain\nPKCS#7 inputs. A specially crafted PKCS#7 input with missing\nEncryptedContent data could cause an application using OpenSSL to crash.\n(CVE-2015-1790)\n\nA flaw was found in the way the TLS protocol composes the Diffie-Hellman \n(DH) key exchange. A man-in-the-middle attacker could use this flaw to \nforce the use of weak 512 bit export-grade keys during the key exchange, \nallowing them to decrypt all traffic. (CVE-2015-4000)\n\nNote: This update forces the TLS/SSL client implementation in OpenSSL to \nreject DH key sizes below 768 bits, which prevents sessions to be \ndowngraded to export-grade keys. Future updates may raise this limit to \n1024 bits.\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2015-1789\nand CVE-2015-1790. Upstream acknowledges Robert Swiecki and Hanno Bock as\nthe original reporters of CVE-2015-1789, and Michal Zalewski as the\noriginal reporter of CVE-2015-1790.\n\nAll openssl users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library must be restarted, or\nthe system rebooted.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-July/033268.html\n\n**Affected packages:**\nopenssl\nopenssl-devel\nopenssl-perl\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-1197.html", "edition": 3, "modified": "2015-07-02T12:10:41", "published": "2015-07-02T12:10:41", "href": "http://lists.centos.org/pipermail/centos-announce/2015-July/033268.html", "id": "CESA-2015:1197", "title": "openssl security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "suse": [{"lastseen": "2016-09-04T11:28:41", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4000", "CVE-2015-1789", "CVE-2015-1790"], "description": "OpenSSL was updated to fix several security issues.\n\n * CVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed\n by rejecting connections with DH parameters shorter than 1024 bits.\n We now also generate 2048-bit DH parameters by default.\n * CVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed.\n * CVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent\n was fixed.\n * fixed a timing side channel in RSA decryption (bnc#929678)\n\n Additional changes:\n\n * In the default SSL cipher string EXPORT ciphers are now disabled.\n This will only get active if applications get rebuilt and actually\n use this string. (bnc#931698)\n\n Security Issues:\n\n * CVE-2015-1789\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789</a>>\n * CVE-2015-1790\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790</a>>\n * CVE-2015-4000\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000</a>>\n\n", "edition": 1, "modified": "2015-07-03T20:08:44", "published": "2015-07-03T20:08:44", "id": "SUSE-SU-2015:1183-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00011.html", "type": "suse", "title": "Security update for OpenSSL (important)", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:37:04", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4000", "CVE-2015-1789", "CVE-2015-1788", "CVE-2015-1790"], "description": "OpenSSL was updated to fix several security issues.\n\n * CVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed\n by rejecting connections with DH parameters shorter than 1024 bits.\n We now also generate 2048-bit DH parameters by default.\n * CVE-2015-1788: Malformed ECParameters could cause an infinite loop.\n * CVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed.\n * CVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent\n was fixed.\n * fixed a timing side channel in RSA decryption (bnc#929678)\n\n Additional changes:\n\n In the default SSL cipher string EXPORT ciphers are now disabled. This will\n only get active if applications get rebuilt and actually use this string.\n (bnc#931698)\n\n Security Issues:\n\n * CVE-2015-1788\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788</a>>\n * CVE-2015-1789\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789</a>>\n * CVE-2015-1790\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790</a>>\n * CVE-2015-4000\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000</a>>\n\n\n", "edition": 1, "modified": "2015-07-03T14:05:21", "published": "2015-07-03T14:05:21", "id": "SUSE-SU-2015:1181-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html", "title": "Security update for OpenSSL (important)", "type": "suse", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:20:33", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4000", "CVE-2015-1789", "CVE-2015-1788", "CVE-2015-1790"], "description": "OpenSSL was updated to fix several security issues.\n\n * CVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed\n by rejecting connections with DH parameters shorter than 1024 bits.\n We now also generate 2048-bit DH parameters by default.\n * CVE-2015-1788: Malformed ECParameters could cause an infinite loop.\n * CVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed.\n * CVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent\n was fixed.\n * fixed a timing side channel in RSA decryption (bnc#929678)\n\n Additional changes:\n\n * In the default SSL cipher string EXPORT ciphers are now disabled.\n This will only get active if applications get rebuilt and actually\n use this string. (bnc#931698)\n\n Security Issues:\n\n * CVE-2015-1788\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788</a>>\n * CVE-2015-1789\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789</a>>\n * CVE-2015-1790\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790</a>>\n * CVE-2015-4000\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000</a>>\n\n\n", "edition": 1, "modified": "2015-07-03T20:06:29", "published": "2015-07-03T20:06:29", "id": "SUSE-SU-2015:1181-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00009.html", "type": "suse", "title": "Security update for OpenSSL (important)", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:38:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4000", "CVE-2015-1792", "CVE-2015-1789", "CVE-2015-1788", "CVE-2015-1790", "CVE-2015-3216", "CVE-2015-1791"], "description": "OpenSSL 0.9.8k was updated to fix several security issues:\n\n * CVE-2015-4000: The Logjam Attack (weakdh.org) has been addressed by\n rejecting connections with DH parameters shorter than 1024 bits.\n 2048-bit DH parameters are now generated by default.\n * CVE-2015-1788: Malformed ECParameters could cause an infinite loop.\n * CVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed.\n * CVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent\n was fixed.\n * CVE-2015-1792: A CMS verification infinite loop when using an\n unknown hash function was fixed.\n * CVE-2015-1791: Fixed a race condition in NewSessionTicket creation.\n * CVE-2015-3216: Fixed a potential crash in ssleay_rand_bytes due to\n locking regression.\n * Fixed a timing side channel in RSA decryption. (bsc#929678)\n\n Additional changes:\n\n * In the default SSL cipher string EXPORT ciphers are now disabled.\n This will only get active if applications get rebuilt and actually\n use this string. (bsc#931698)\n * Added the ECC ciphersuites to the DEFAULT cipher class. (bsc#879179)\n\n Security Issues:\n\n * CVE-2015-1788\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788</a>>\n * CVE-2015-1789\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789</a>>\n * CVE-2015-1790\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790</a>>\n * CVE-2015-1791\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791</a>>\n * CVE-2015-1792\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792</a>>\n * CVE-2015-3216\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3216\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3216</a>>\n * CVE-2015-4000\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000</a>>\n\n", "edition": 1, "modified": "2015-07-03T20:07:31", "published": "2015-07-03T20:07:31", "id": "SUSE-SU-2015:1182-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00010.html", "title": "Security update for OpenSSL (important)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:03:49", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4000", "CVE-2015-1792", "CVE-2015-1789", "CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1790", "CVE-2015-1791"], "description": "OpenSSL 1.0.1 was updated to fix several security issues:\n\n * CVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed\n by rejecting connections with DH parameters shorter than 1024 bits.\n 2048-bit DH parameters are now generated by default.\n * CVE-2015-1788: Malformed ECParameters could cause an infinite loop.\n * CVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed.\n * CVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent\n was fixed.\n * CVE-2015-1792: A CMS verification infinite loop when using an\n unknown hash function was fixed.\n * CVE-2015-1791: Fixed a race condition in NewSessionTicket creation.\n * CVE-2014-8176: Fixed an invalid free in DTLS.\n * Fixed a timing side channel in RSA decryption. (bsc#929678)\n\n Security Issues:\n\n * CVE-2014-8176\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8176\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8176</a>>\n * CVE-2015-1788\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788</a>>\n * CVE-2015-1789\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789</a>>\n * CVE-2015-1790\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790</a>>\n * CVE-2015-1791\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791</a>>\n * CVE-2015-1792\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792</a>>\n * CVE-2015-4000\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000</a>>\n\n", "edition": 1, "modified": "2015-07-03T16:06:39", "published": "2015-07-03T16:06:39", "id": "SUSE-SU-2015:1185-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html", "title": "Security update for OpenSSL (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:57:19", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4000", "CVE-2015-1792", "CVE-2015-1789", "CVE-2015-1788", "CVE-2015-1790", "CVE-2015-3216", "CVE-2015-1791"], "description": "This update of openssl fixes the following security issues:\n - CVE-2015-4000 (bsc#931698)\n * The Logjam Attack / weakdh.org\n * reject connections with DH parameters shorter than 1024 bits\n * generates 2048-bit DH parameters by default\n - CVE-2015-1788 (bsc#934487)\n * Malformed ECParameters causes infinite loop\n - CVE-2015-1789 (bsc#934489)\n * Exploitable out-of-bounds read in X509_cmp_time\n - CVE-2015-1790 (bsc#934491)\n * PKCS7 crash with missing EnvelopedContent\n - CVE-2015-1792 (bsc#934493)\n * CMS verify infinite loop with unknown hash function\n - CVE-2015-1791 (bsc#933911)\n * race condition in NewSessionTicket\n - CVE-2015-3216 (bsc#933898)\n * Crash in ssleay_rand_bytes due to locking regression\n - fix a timing side channel in RSA decryption (bnc#929678)\n\n", "edition": 1, "modified": "2015-06-25T18:05:48", "published": "2015-06-25T18:05:48", "id": "SUSE-SU-2015:1143-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html", "title": "Security update for openssl (important)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:49:41", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4000", "CVE-2015-1792", "CVE-2015-1789", "CVE-2015-1788", "CVE-2015-1790", "CVE-2015-3216", "CVE-2015-1791"], "description": "openssl was updated to fix six security issues.\n\n The following vulnerabilities were fixed:\n\n * CVE-2015-4000: The Logjam Attack / weakdh.org. Rject connections with DH\n parameters shorter than 768 bits, generates 2048-bit DH parameters by\n default. (boo#931698)\n * CVE-2015-1788: Malformed ECParameters causes infinite loop (boo#934487)\n * CVE-2015-1789: Exploitable out-of-bounds read in X509_cmp_time\n (boo#934489)\n * CVE-2015-1790: PKCS7 crash with missing EnvelopedContent (boo#934491)\n * CVE-2015-1792: CMS verify infinite loop with unknown hash function\n (boo#934493)\n * CVE-2015-1791: race condition in NewSessionTicket (boo#933911)\n * CVE-2015-3216: Crash in ssleay_rand_bytes due to locking regression\n (boo#933898)\n\n", "edition": 1, "modified": "2015-06-25T11:05:10", "published": "2015-06-25T11:05:10", "id": "OPENSUSE-SU-2015:1139-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html", "type": "suse", "title": "Security update for openssl (important)", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:57:12", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4000", "CVE-2015-1792", "CVE-2015-1789", "CVE-2015-1788", "CVE-2015-1790", "CVE-2015-3216", "CVE-2015-1791"], "edition": 1, "description": "OpenSSL 0.9.8j was updated to fix several security issues.\n\n * CVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed\n by rejecting connections with DH parameters shorter than 1024 bits.\n We now also generate 2048-bit DH parameters by default.\n * CVE-2015-1788: Malformed ECParameters could cause an infinite loop.\n * CVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed.\n * CVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent\n was fixed.\n * CVE-2015-1792: A CMS verification infinite loop when using an\n unknown hash function was fixed.\n * CVE-2015-1791: Fixed a race condition in NewSessionTicket creation.\n * CVE-2015-3216: Fixed a potential crash in ssleay_rand_bytes due to\n locking regression.\n * fixed a timing side channel in RSA decryption (bnc#929678)\n\n Additional changes:\n\n * In the default SSL cipher string EXPORT ciphers are now disabled.\n This will only get active if applications get rebuilt and actually\n use this string. (bnc#931698)\n * Added the ECC ciphersuites to the DEFAULT cipher class (bnc#879179)\n\n Security Issues:\n\n * CVE-2015-1788\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788</a>>\n * CVE-2015-1789\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789</a>>\n * CVE-2015-1790\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790</a>>\n * CVE-2015-1791\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791</a>>\n * CVE-2015-1792\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792</a>>\n * CVE-2015-3216\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3216\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3216</a>>\n * CVE-2015-4000\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000</a>>\n\n", "modified": "2015-07-03T16:05:24", "published": "2015-07-03T16:05:24", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html", "id": "SUSE-SU-2015:1184-1", "type": "suse", "title": "Security update for OpenSSL (important)", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:05:45", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4000", "CVE-2015-1792", "CVE-2015-1789", "CVE-2015-1788", "CVE-2015-1790", "CVE-2015-3216", "CVE-2015-1791"], "description": "OpenSSL 0.9.8j was updated to fix several security issues.\n\n * CVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed\n by rejecting connections with DH parameters shorter than 1024 bits.\n We now also generate 2048-bit DH parameters by default.\n * CVE-2015-1788: Malformed ECParameters could cause an infinite loop.\n * CVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed.\n * CVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent\n was fixed.\n * CVE-2015-1792: A CMS verification infinite loop when using an\n unknown hash function was fixed.\n * CVE-2015-1791: Fixed a race condition in NewSessionTicket creation.\n * CVE-2015-3216: Fixed a potential crash in ssleay_rand_bytes due to\n locking regression.\n * fixed a timing side channel in RSA decryption (bnc#929678)\n\n Additional changes:\n\n * In the default SSL cipher string EXPORT ciphers are now disabled.\n This will only get active if applications get rebuilt and actually\n use this string. (bnc#931698)\n * Added the ECC ciphersuites to the DEFAULT cipher class (bnc#879179)\n\n Security Issues:\n\n * CVE-2015-1788\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788</a>>\n * CVE-2015-1789\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789</a>>\n * CVE-2015-1790\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790</a>>\n * CVE-2015-1791\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791</a>>\n * CVE-2015-1792\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792</a>>\n * CVE-2015-3216\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3216\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3216</a>>\n * CVE-2015-4000\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000</a>>\n\n", "edition": 1, "modified": "2015-07-03T20:05:20", "published": "2015-07-03T20:05:20", "id": "SUSE-SU-2015:1184-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00008.html", "type": "suse", "title": "Security update for OpenSSL (important)", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:09:51", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4000", "CVE-2015-1792", "CVE-2015-1789", "CVE-2015-1788", "CVE-2015-1790", "CVE-2015-3216", "CVE-2015-1791"], "description": "This update fixes the following security issues:\n\n - CVE-2015-4000 (boo#931698)\n * The Logjam Attack / weakdh.org\n * reject connections with DH parameters shorter than 1024 bits\n * generates 2048-bit DH parameters by default\n - CVE-2015-1788 (boo#934487)\n * Malformed ECParameters causes infinite loop\n - CVE-2015-1789 (boo#934489)\n * Exploitable out-of-bounds read in X509_cmp_time\n - CVE-2015-1790 (boo#934491)\n * PKCS7 crash with missing EnvelopedContent\n - CVE-2015-1792 (boo#934493)\n * CMS verify infinite loop with unknown hash function\n - CVE-2015-1791 (boo#933911)\n * race condition in NewSessionTicket\n - CVE-2015-3216 (boo#933898)\n * Crash in ssleay_rand_bytes due to locking regression\n * modified openssl-1.0.1i-fipslocking.patch\n - fix timing side channel in RSA decryption (bnc#929678)\n - add ECC ciphersuites to DEFAULT (bnc#879179)\n - Disable EXPORT ciphers by default (bnc#931698, comment #3)\n\n", "edition": 1, "modified": "2015-06-26T13:05:09", "published": "2015-06-26T13:05:09", "id": "SUSE-SU-2015:1150-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html", "title": "Security update for compat-openssl098 (important)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2019-05-29T18:36:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4000", "CVE-2015-1789", "CVE-2015-1790"], "description": "Oracle Linux Local Security Checks ELSA-2015-1197", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123086", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123086", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-1197", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-1197.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123086\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 13:59:12 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-1197\");\n script_tag(name:\"insight\", value:\"ELSA-2015-1197 - openssl security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-1197\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-1197.html\");\n script_cve_id(\"CVE-2015-4000\", \"CVE-2015-1789\", \"CVE-2015-1790\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8e~36.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~0.9.8e~36.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~0.9.8e~36.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-31T18:37:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4000", "CVE-2015-1789", "CVE-2015-1790"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2015-10-16T00:00:00", "id": "OPENVAS:1361412562310851044", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851044", "type": "openvas", "title": "SUSE: Security Advisory for OpenSSL (SUSE-SU-2015:1183-2)", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851044\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 18:53:41 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2015-1789\", \"CVE-2015-1790\", \"CVE-2015-4000\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for OpenSSL (SUSE-SU-2015:1183-2)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'OpenSSL'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"OpenSSL was updated to fix several security issues.\n\n * CVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed\n by rejecting connections with DH parameters shorter than 1024 bits.\n We now also generate 2048-bit DH parameters by default.\n\n * CVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed.\n\n * CVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent\n was fixed.\n\n * fixed a timing side channel in RSA decryption (bnc#929678)\n\n Additional changes:\n\n * In the default SSL cipher string EXPORT ciphers are now disabled.\n This will only get active if applications get rebuilt and actually\n use this string. (bnc#931698)\");\n\n script_tag(name:\"affected\", value:\"OpenSSL on SUSE Linux Enterprise Desktop 11 SP3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"SUSE-SU\", value:\"2015:1183-2\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLED11\\.0SP3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLED11.0SP3\") {\n if(!isnull(res = isrpmvuln(pkg:\"compat-openssl097g\", rpm:\"compat-openssl097g~0.9.7g~146.22.31.1\", rls:\"SLED11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"compat-openssl097g-32bit\", rpm:\"compat-openssl097g-32bit~0.9.7g~146.22.31.1\", rls:\"SLED11.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4000", "CVE-2015-1789", "CVE-2015-1790"], "description": "Check the version of openssl", "modified": "2019-03-08T00:00:00", "published": "2015-07-03T00:00:00", "id": "OPENVAS:1361412562310882215", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882215", "type": "openvas", "title": "CentOS Update for openssl CESA-2015:1197 centos5", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for openssl CESA-2015:1197 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882215\");\n script_version(\"$Revision: 14058 $\");\n script_cve_id(\"CVE-2015-1789\", \"CVE-2015-1790\", \"CVE-2015-4000\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-03 06:11:00 +0200 (Fri, 03 Jul 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for openssl CESA-2015:1197 centos5\");\n script_tag(name:\"summary\", value:\"Check the version of openssl\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the\n Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nAn out-of-bounds read flaw was found in the X509_cmp_time() function of\nOpenSSL. A specially crafted X.509 certificate or a Certificate Revocation\nList (CRL) could possibly cause a TLS/SSL server or client using OpenSSL\nto crash. (CVE-2015-1789)\n\nA NULL pointer dereference was found in the way OpenSSL handled certain\nPKCS#7 inputs. A specially crafted PKCS#7 input with missing\nEncryptedContent data could cause an application using OpenSSL to crash.\n(CVE-2015-1790)\n\nA flaw was found in the way the TLS protocol composes the Diffie-Hellman\n(DH) key exchange. A man-in-the-middle attacker could use this flaw to\nforce the use of weak 512 bit export-grade keys during the key exchange,\nallowing them to decrypt all traffic. (CVE-2015-4000)\n\nNote: This update forces the TLS/SSL client implementation in OpenSSL to\nreject DH key sizes below 768 bits, which prevents sessions to be\ndowngraded to export-grade keys. Future updates may raise this limit to\n1024 bits.\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2015-1789\nand CVE-2015-1790. Upstream acknowledges Robert Swiecki and Hanno Bock as\nthe original reporters of CVE-2015-1789, and Michal Zalewski as the\noriginal reporter of CVE-2015-1790.\n\nAll openssl users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library must be restarted, or\nthe system rebooted.\");\n script_tag(name:\"affected\", value:\"openssl on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:1197\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-July/021230.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8e~36.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~0.9.8e~36.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~0.9.8e~36.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4000", "CVE-2015-1789", "CVE-2015-1790"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2015-07-01T00:00:00", "id": "OPENVAS:1361412562310871385", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871385", "type": "openvas", "title": "RedHat Update for openssl RHSA-2015:1197-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for openssl RHSA-2015:1197-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871385\");\n script_version(\"$Revision: 12497 $\");\n script_cve_id(\"CVE-2015-1789\", \"CVE-2015-1790\", \"CVE-2015-4000\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-01 06:28:09 +0200 (Wed, 01 Jul 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for openssl RHSA-2015:1197-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nAn out-of-bounds read flaw was found in the X509_cmp_time() function of\nOpenSSL. A specially crafted X.509 certificate or a Certificate Revocation\nList (CRL) could possibly cause a TLS/SSL server or client using OpenSSL\nto crash. (CVE-2015-1789)\n\nA NULL pointer dereference was found in the way OpenSSL handled certain\nPKCS#7 inputs. A specially crafted PKCS#7 input with missing\nEncryptedContent data could cause an application using OpenSSL to crash.\n(CVE-2015-1790)\n\nA flaw was found in the way the TLS protocol composes the Diffie-Hellman\n(DH) key exchange. A man-in-the-middle attacker could use this flaw to\nforce the use of weak 512 bit export-grade keys during the key exchange,\nallowing them to decrypt all traffic. (CVE-2015-4000)\n\nNote: This update forces the TLS/SSL client implementation in OpenSSL to\nreject DH key sizes below 768 bits, which prevents sessions to be\ndowngraded to export-grade keys. Future updates may raise this limit to\n1024 bits.\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2015-1789\nand CVE-2015-1790. Upstream acknowledges Robert Swiecki and Hanno Bock as\nthe original reporters of CVE-2015-1789, and Michal Zalewski as the\noriginal reporter of CVE-2015-1790.\n\nAll openssl users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library must be restarted, or\nthe system rebooted.\");\n script_tag(name:\"affected\", value:\"openssl on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:1197-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-June/msg00042.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8e~36.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~0.9.8e~36.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~0.9.8e~36.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~0.9.8e~36.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-04-07T18:45:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1789"], "description": "The remote host is missing a security patch.", "modified": "2020-04-03T00:00:00", "published": "2015-09-18T00:00:00", "id": "OPENVAS:1361412562310105364", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105364", "type": "openvas", "title": "F5 BIG-IP - SOL16913 - OpenSSL vulnerability CVE-2015-1789", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# F5 BIG-IP - SOL16913 - OpenSSL vulnerability CVE-2015-1789\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/h:f5:big-ip\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105364\");\n script_cve_id(\"CVE-2015-1789\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_version(\"2020-04-03T06:15:47+0000\");\n\n script_name(\"F5 BIG-IP - SOL16913 - OpenSSL vulnerability CVE-2015-1789\");\n\n script_xref(name:\"URL\", value:\"https://support.f5.com/kb/en-us/solutions/public/16000/900/sol16913.html?sr=48315687\");\n\n script_tag(name:\"impact\", value:\"An attacker can exploit this vulnerability by using crafted malformed certificates and Certificate Revocation Lists (CRLs). Applications may stop responding when attempting to verify the malformed certificates or CRLs.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback. (CVE-2015-1789)\");\n\n script_tag(name:\"solution\", value:\"See the referenced vendor advisory for a solution.\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing a security patch.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"last_modification\", value:\"2020-04-03 06:15:47 +0000 (Fri, 03 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-09-18 15:05:03 +0200 (Fri, 18 Sep 2015)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"F5 Local Security Checks\");\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_dependencies(\"gb_f5_big_ip_version.nasl\");\n script_mandatory_keys(\"f5/big_ip/version\", \"f5/big_ip/active_modules\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"list_array_func.inc\");\ninclude(\"f5.inc\");\n\nif( ! version = get_app_version( cpe:CPE ) )\n exit( 0 );\n\ncheck_f5['LTM'] = make_array( 'affected', '11.0.0-11.6.0;10.1.0-10.2.4;',\n 'unaffected', '12.0.0;' );\n\ncheck_f5['AAM'] = make_array( 'affected', '11.4.0-11.6.0;',\n 'unaffected', '12.0.0;' );\n\ncheck_f5['AFM'] = make_array( 'affected', '11.3.0-11.6.0;',\n 'unaffected', '12.0.0;' );\n\ncheck_f5['AVR'] = make_array( 'affected', '11.0.0-11.6.0;',\n 'unaffected', '12.0.0;' );\n\ncheck_f5['APM'] = make_array( 'affected', '11.0.0-11.6.0;10.1.0-10.2.4;',\n 'unaffected', '12.0.0;' );\n\ncheck_f5['ASM'] = make_array( 'affected', '11.0.0-11.6.0;10.1.0-10.2.4;',\n 'unaffected', '12.0.0;' );\n\ncheck_f5['LC'] = make_array( 'affected', '11.0.0-11.6.0;10.1.0-10.2.4;',\n 'unaffected', '12.0.0;' );\n\ncheck_f5['PEM'] = make_array( 'affected', '11.3.0-11.6.0;',\n 'unaffected', '12.0.0;' );\n\nif( report = f5_is_vulnerable( ca:check_f5, version:version ) ) {\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-04-07T18:46:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1790"], "description": "The remote host is missing a security patch.", "modified": "2020-04-03T00:00:00", "published": "2015-09-18T00:00:00", "id": "OPENVAS:1361412562310105363", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105363", "type": "openvas", "title": "F5 BIG-IP - SOL16898 - PKCS #7 vulnerability CVE-2015-1790", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# F5 BIG-IP - SOL16898 - PKCS #7 vulnerability CVE-2015-1790\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/h:f5:big-ip\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105363\");\n script_cve_id(\"CVE-2015-1790\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_version(\"2020-04-03T06:15:47+0000\");\n\n script_name(\"F5 BIG-IP - SOL16898 - PKCS #7 vulnerability CVE-2015-1790\");\n\n script_xref(name:\"URL\", value:\"https://support.f5.com/kb/en-us/solutions/public/16000/800/sol16898.html?sr=48315687\");\n\n script_tag(name:\"impact\", value:\"An attacker may be able to craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing.Note: This vulnerability is exploitable only through the BIG-IP control plane (non-Traffic Management Microkernel (TMM) related tasks).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data. (CVE-2015-1790)\");\n\n script_tag(name:\"solution\", value:\"See the referenced vendor advisory for a solution.\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing a security patch.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"last_modification\", value:\"2020-04-03 06:15:47 +0000 (Fri, 03 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-09-18 15:02:10 +0200 (Fri, 18 Sep 2015)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"F5 Local Security Checks\");\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_dependencies(\"gb_f5_big_ip_version.nasl\");\n script_mandatory_keys(\"f5/big_ip/version\", \"f5/big_ip/active_modules\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"list_array_func.inc\");\ninclude(\"f5.inc\");\n\nif( ! version = get_app_version( cpe:CPE ) )\n exit( 0 );\n\ncheck_f5['LTM'] = make_array( 'affected', '11.0.0-11.6.0;10.0.0-10.2.4;',\n 'unaffected', '12.0.0;' );\n\ncheck_f5['AAM'] = make_array( 'affected', '11.4.0-11.6.0;',\n 'unaffected', '12.0.0;' );\n\ncheck_f5['AFM'] = make_array( 'affected', '11.3.0-11.6.0;',\n 'unaffected', '12.0.0;' );\n\ncheck_f5['AVR'] = make_array( 'affected', '11.0.0-11.6.0;',\n 'unaffected', '12.0.0;' );\n\ncheck_f5['APM'] = make_array( 'affected', '11.0.0-11.6.0;10.1.0-10.2.4;',\n 'unaffected', '12.0.0;' );\n\ncheck_f5['ASM'] = make_array( 'affected', '11.0.0-11.6.0;10.0.0-10.2.4;',\n 'unaffected', '12.0.0;' );\n\ncheck_f5['LC'] = make_array( 'affected', '11.0.0-11.6.0;10.0.0-10.2.4;',\n 'unaffected', '12.0.0;' );\n\ncheck_f5['PEM'] = make_array( 'affected', '11.3.0-11.6.0;',\n 'unaffected', '12.0.0;' );\n\nif( report = f5_is_vulnerable( ca:check_f5, version:version ) ) {\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4000", "CVE-2015-1792", "CVE-2015-1789", "CVE-2015-0209", "CVE-2015-1790", "CVE-2015-1791"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-07-07T00:00:00", "id": "OPENVAS:1361412562310869732", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869732", "type": "openvas", "title": "Fedora Update for openssl FEDORA-2015-10047", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2015-10047\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869732\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-07 06:41:07 +0200 (Tue, 07 Jul 2015)\");\n script_cve_id(\"CVE-2015-1789\", \"CVE-2015-1790\", \"CVE-2015-1791\", \"CVE-2015-1792\",\n \"CVE-2015-0209\", \"CVE-2015-4000\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for openssl FEDORA-2015-10047\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"openssl on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-10047\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1k~10.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4000", "CVE-2015-1792", "CVE-2015-1793", "CVE-2015-1789", "CVE-2015-0209", "CVE-2015-1790", "CVE-2015-1791"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-07-14T00:00:00", "id": "OPENVAS:1361412562310869740", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869740", "type": "openvas", "title": "Fedora Update for openssl FEDORA-2015-11475", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2015-11475\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869740\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-14 06:35:46 +0200 (Tue, 14 Jul 2015)\");\n script_cve_id(\"CVE-2015-1793\", \"CVE-2015-1789\", \"CVE-2015-1790\", \"CVE-2015-1791\",\n \"CVE-2015-1792\", \"CVE-2015-0209\", \"CVE-2015-4000\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for openssl FEDORA-2015-11475\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"openssl on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-11475\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-July/161782.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1k~11.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:38:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4000", "CVE-2015-1792", "CVE-2015-1789", "CVE-2015-1788", "CVE-2015-1790", "CVE-2015-3216", "CVE-2015-1791"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2015-10-13T00:00:00", "id": "OPENVAS:1361412562310850749", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850749", "type": "openvas", "title": "SUSE: Security Advisory for OpenSSL (SUSE-SU-2015:1182-2)", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850749\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-13 14:25:01 +0530 (Tue, 13 Oct 2015)\");\n script_cve_id(\"CVE-2015-1788\", \"CVE-2015-1789\", \"CVE-2015-1790\", \"CVE-2015-1791\",\n \"CVE-2015-1792\", \"CVE-2015-3216\", \"CVE-2015-4000\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for OpenSSL (SUSE-SU-2015:1182-2)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'OpenSSL'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"OpenSSL 0.9.8k was updated to fix several security issues:\n\n * CVE-2015-4000: The Logjam Attack (weakdh.org) has been addressed by\n rejecting connections with DH parameters shorter than 1024 bits.\n 2048-bit DH parameters are now generated by default.\n\n * CVE-2015-1788: Malformed ECParameters could cause an infinite loop.\n\n * CVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed.\n\n * CVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent\n was fixed.\n\n * CVE-2015-1792: A CMS verification infinite loop when using an\n unknown hash function was fixed.\n\n * CVE-2015-1791: Fixed a race condition in NewSessionTicket creation.\n\n * CVE-2015-3216: Fixed a potential crash in ssleay_rand_bytes due to\n locking regression.\n\n * Fixed a timing side channel in RSA decryption. (bsc#929678)\n\n Additional changes:\n\n * In the default SSL cipher string EXPORT ciphers are now disabled.\n This will only get active if applications get rebuilt and actually\n use this string. (bsc#931698)\n\n * Added the ECC ciphersuites to the DEFAULT cipher class. (bsc#879179)\n\n Security Issues:\n\n * CVE-2015-1788\n\n * CVE-2015-1789\n\n * CVE-2015-1790\n\n * CVE-2015-1791\n\n * CVE-2015-1792\n\n * CVE-2015-3216\n\n * CVE-2015-4000\");\n\n script_tag(name:\"affected\", value:\"OpenSSL on SUSE Linux Enterprise Server 11 SP3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"SUSE-SU\", value:\"2015:1182-2\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLES11\\.0SP3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLES11.0SP3\") {\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl0_9_8\", rpm:\"libopenssl0_9_8~0.9.8j~0.72.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl0_9_8-hmac\", rpm:\"libopenssl0_9_8-hmac~0.9.8j~0.72.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8j~0.72.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~0.9.8j~0.72.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl0_9_8-32bit\", rpm:\"libopenssl0_9_8-32bit~0.9.8j~0.72.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl0_9_8-hmac-32bit\", rpm:\"libopenssl0_9_8-hmac-32bit~0.9.8j~0.72.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl0_9_8-x86\", rpm:\"libopenssl0_9_8-x86~0.9.8j~0.72.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4000", "CVE-2015-1792", "CVE-2015-1789", "CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1790", "CVE-2015-1791"], "description": "Gentoo Linux Local Security Checks GLSA 201506-02", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121379", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121379", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201506-02", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201506-02.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121379\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:28:51 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201506-02\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been found in OpenSSL. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201506-02\");\n script_cve_id(\"CVE-2014-8176\", \"CVE-2015-1788\", \"CVE-2015-1789\", \"CVE-2015-1790\", \"CVE-2015-1791\", \"CVE-2015-1792\", \"CVE-2015-4000\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201506-02\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 1.0.1o\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p7\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(), vulnerable: make_list(\"lt 1.0.1o\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "citrix": [{"lastseen": "2020-11-18T15:29:40", "bulletinFamily": "software", "cvelist": ["CVE-2015-4000"], "description": "<section class=\"article-content\" data-swapid=\"ArticleContent\">\n<div class=\"content-block\" data-swapid=\"ContentBlock\"><div>\n<div>\n<h2> Overview</h2>\n<div>\n<div>\n<div>\n<p>A TLS protocol vulnerability has been recently disclosed that could result in attackers being able to intercept and modify SSL/TLS encrypted traffic to servers that support Diffie-Hellman based export cipher suites. </p>\n<p>This vulnerability is known as 'LogJam' and has been assigned the following CVE number:</p>\n<ul>\n<li>CVE-2015-4000: <a href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000</a></li>\n</ul>\n</div>\n</div>\n</div>\n</div>\n<div>\n<h2> What Customers Should Do</h2>\n<div>\n<div>\n<div>\n<p>Citrix has completed an assessment of this issue. As this is a flaw in the TLS protocol, rather than a specific implementation issue, Citrix recommends that customers disable all Diffie-Hellman based export ciphers on SSL/TLS server end-points.</p>\n<p>For further information on configuring cipher selection on Citrix products to remove Diffie-Hellman based export ciphers, please contact your normal Citrix Support representative or review the relevant product documentation. This can be found on the Citrix website at the following address:</p>\n<p> <a href=\"http://docs.citrix.com/\">http://docs.citrix.com/</a></p>\n<p>Please continue to monitor this document for any future updates.</p>\n</div>\n</div>\n</div>\n</div>\n<div>\n<h2> What Citrix Is Doing</h2>\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at <u> <a href=\"http://support.citrix.com/\">http://support.citrix.com/</a></u>.</p>\n</div>\n</div>\n</div>\n</div>\n</div>\n</div>\n<div>\n<h2> Obtaining Support on This Issue</h2>\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at <u> <a href=\"https://www.citrix.com/support/open-a-support-case.html\">https://www.citrix.com/support/open-a-support-case.html</a></u>. </p>\n</div>\n</div>\n</div>\n</div>\n</div>\n</div>\n<div>\n<h2> Reporting Security Vulnerabilities</h2>\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 \u2013 <a href=\"http://support.citrix.com/article/CTX081743\">Reporting Security Issues to Citrix</a></p>\n</div>\n</div>\n</div>\n</div>\n</div>\n</div>\n</div></div>\n</section>", "edition": 2, "modified": "2019-08-15T04:00:00", "published": "2015-05-22T04:00:00", "id": "CTX201114", "href": "https://support.citrix.com/article/CTX201114", "title": "CVE-2015-4000 - Citrix Security Advisory for DHE_EXPORT TLS Vulnerability", "type": "citrix", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "debian": [{"lastseen": "2020-11-11T13:11:49", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4000", "CVE-2015-1792", "CVE-2015-1789", "CVE-2014-8176", "CVE-2015-1790", "CVE-2015-1791"], "description": "Package : openssl\nVersion : 0.9.8o-4squeeze21\nCVE ID : CVE-2014-8176 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 \n CVE-2015-1792 CVE-2015-4000\n\nMultiple vulnerabilities were discovered in OpenSSL, a Secure Sockets\nLayer toolkit.\n\nCVE-2014-8176\n\n Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered\n that an invalid memory free could be triggered when buffering DTLS\n data. This could allow remote attackers to cause a denial of service\n (crash) or potentially execute arbitrary code. This issue only\n affected the oldstable distribution (wheezy).\n\nCVE-2015-1789\n\n Robert Swiecki and Hanno B??ck discovered that the X509_cmp_time\n function could read a few bytes out of bounds. This could allow remote\n attackers to cause a denial of service (crash) via crafted\n certificates and CRLs.\n\nCVE-2015-1790\n\n Michal Zalewski discovered that the PKCS#7 parsing code did not\n properly handle missing content which could lead to a NULL pointer\n dereference. This could allow remote attackers to cause a denial of\n service (crash) via crafted ASN.1-encoded PKCS#7 blobs.\n\nCVE-2015-1791\n\n Emilia K??sper discovered that a race condition could occur due to\n incorrect handling of NewSessionTicket in a multi-threaded client,\n leading to a double free. This could allow remote attackers to cause\n a denial of service (crash).\n\nCVE-2015-1792\n\n Johannes Bauer discovered that the CMS code could enter an infinite\n loop when verifying a signedData message, if presented with an\n unknown hash function OID. This could allow remote attackers to cause\n a denial of service.\n\nAdditionally OpenSSL will now reject handshakes using DH parameters\nshorter than 768 bits as a countermeasure against the Logjam attack\n(CVE-2015-4000).\n\n\n\n", "edition": 11, "modified": "2015-06-17T21:47:09", "published": "2015-06-17T21:47:09", "id": "DEBIAN:DLA-247-1:99960", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201506/msg00013.html", "title": "[SECURITY] [DLA 247-1] openssl security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-12T01:07:45", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4000", "CVE-2015-1792", "CVE-2015-1789", "CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1790", "CVE-2015-1791"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3287-1 security@debian.org\nhttps://www.debian.org/security/ Alessandro Ghedini\nJune 13, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openssl\nCVE ID : CVE-2014-8176 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790\n CVE-2015-1791 CVE-2015-1792 CVE-2015-4000\n\nMultiple vulnerabilities were discovered in OpenSSL, a Secure Sockets\nLayer toolkit.\n\nCVE-2014-8176\n\n Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered\n that an invalid memory free could be triggered when buffering DTLS\n data. This could allow remote attackers to cause a denial of service\n (crash) or potentially execute arbitrary code. This issue only\n affected the oldstable distribution (wheezy).\n\nCVE-2015-1788\n\n Joseph Barr-Pixton discovered that an infinite loop could be triggered\n due to incorrect handling of malformed ECParameters structures. This\n could allow remote attackers to cause a denial of service.\n\nCVE-2015-1789\n\n Robert Swiecki and Hanno B\u00c3\u00b6ck discovered that the X509_cmp_time\n function could read a few bytes out of bounds. This could allow remote\n attackers to cause a denial of service (crash) via crafted\n certificates and CRLs.\n\nCVE-2015-1790\n\n Michal Zalewski discovered that the PKCS#7 parsing code did not\n properly handle missing content which could lead to a NULL pointer\n dereference. This could allow remote attackers to cause a denial of\n service (crash) via crafted ASN.1-encoded PKCS#7 blobs.\n\nCVE-2015-1791\n\n Emilia K\u00c3\u00a4sper discovered that a race condition could occur due to\n incorrect handling of NewSessionTicket in a multi-threaded client,\n leading to a double free. This could allow remote attackers to cause\n a denial of service (crash).\n\nCVE-2015-1792\n\n Johannes Bauer discovered that the CMS code could enter an infinite\n loop when verifying a signedData message, if presented with an\n unknown hash function OID. This could allow remote attackers to cause\n a denial of service.\n\nAdditionally OpenSSL will now reject handshakes using DH parameters\nshorter than 768 bits as a countermeasure against the Logjam attack\n(CVE-2015-4000).\n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1.0.1e-2+deb7u17.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.0.1k-3+deb8u1.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 1.0.2b-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.2b-1.\n\nWe recommend that you upgrade your openssl packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 11, "modified": "2015-06-13T14:33:16", "published": "2015-06-13T14:33:16", "id": "DEBIAN:DSA-3287-1:1A401", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00182.html", "title": "[SECURITY] [DSA 3287-1] openssl security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:35", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4000", "CVE-2014-3572", "CVE-2015-1789", "CVE-2014-3571", "CVE-2014-3570", "CVE-2015-1790"], "description": "[0.9.8e-36.0.1]\n- Backport openssl 08-Jan-2015 security fixes (John Haxby) [orabug 20409893]\n- fix CVE-2014-3570 - Bignum squaring may produce incorrect results\n- fix CVE-2014-3571 - DTLS segmentation fault in dtls1_get_record\n- fix CVE-2014-3572 - ECDHE silently downgrades to ECDH [Client]\n[0.9.8e-36]\n- also change the default DH parameters in s_server to 1024 bits\n[0.9.8e-35]\n- fix CVE-2015-1789 - out-of-bounds read in X509_cmp_time\n- fix CVE-2015-1790 - PKCS7 crash with missing EncryptedContent\n- fix CVE-2015-4000 - prevent the logjam attack on client - restrict\n the DH key size to at least 768 bits (limit will be increased in future)", "edition": 4, "modified": "2015-06-30T00:00:00", "published": "2015-06-30T00:00:00", "id": "ELSA-2015-1197", "href": "http://linux.oracle.com/errata/ELSA-2015-1197.html", "title": "openssl security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:38", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4000", "CVE-2015-1792", "CVE-2015-1789", "CVE-2015-1788", "CVE-2015-1790", "CVE-2015-1791"], "description": "- CVE-2015-1788 (denial of service)\n\nWhen processing an ECParameters structure OpenSSL enters an infinite\nloop if the curve specified is over a specially malformed binary\npolynomial field.\nThis can be used to perform denial of service against any system which\nprocesses public keys, certificate requests or certificates. This\nincludes TLS clients and TLS servers with client authentication enabled.\n\n- CVE-2015-1789 (out-of-bounds read)\n\nX509_cmp_time does not properly check the length of the ASN1_TIME string\nand can read a few bytes out of bounds. In addition, X509_cmp_time\naccepts an arbitrary number of fractional seconds in the time string.\nAn attacker can use this to craft malformed certificates and CRLs of\nvarious sizes and potentially cause a segmentation fault, resulting in a\nDoS on applications that verify certificates or CRLs. TLS clients that\nverify CRLs are affected. TLS clients and servers with client\nauthentication enabled may be affected if they use custom verification\ncallbacks.\n\n- CVE-2015-1790 (denial of service)\n\nThe PKCS#7 parsing code does not handle missing inner EncryptedContent\ncorrectly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs\nwith missing content and trigger a NULL pointer dereference on parsing.\nApplications that decrypt PKCS#7 data or otherwise parse PKCS#7\nstructures from untrusted sources are affected. OpenSSL clients and\nservers are not affected.\n\n- CVE-2015-1791 (double free)\n\nIf a NewSessionTicket is received by a multi-threaded client when\nattempting to reuse a previous ticket then a race condition can occur\npotentially leading to a double free of the ticket data.\n\n- CVE-2015-1792 (denial of service)\n\nWhen verifying a signedData message the CMS code can enter an infinite\nloop if presented with an unknown hash function OID.\nThis can be used to perform denial of service against any system which\nverifies signedData messages using the CMS code.\n\n- CVE-2015-4000 (cipher downgrade)\n\nA vulnerability in the TLS protocol allows a man-in-the-middle attacker\nto downgrade vulnerable TLS connections using ephemeral Diffie-Hellman\nkey exchange to 512-bit export-grade cryptography. This vulnerability is\nknown as Logjam.\nOpenSSL has added protection for TLS clients by rejecting handshakes\nwith DH parameters shorter than 768 bits. This limit will be increased\nto 1024 bits in a future release.", "modified": "2015-06-12T00:00:00", "published": "2015-06-12T00:00:00", "id": "ASA-201506-3", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-June/000344.html", "type": "archlinux", "title": "openssl: multiple issues", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0209", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-4000"], "description": "The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. ", "modified": "2015-06-21T00:19:25", "published": "2015-06-21T00:19:25", "id": "FEDORA:A69386143D9F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: openssl-1.0.1k-10.fc22", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0209", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-1793", "CVE-2015-4000"], "description": "The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. ", "modified": "2015-07-13T19:18:15", "published": "2015-07-13T19:18:15", "id": "FEDORA:D331C6087C6A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: openssl-1.0.1k-11.fc22", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0289", "CVE-2015-0293", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-4000"], "description": "The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. ", "modified": "2015-06-24T15:57:49", "published": "2015-06-24T15:57:49", "id": "FEDORA:13B146087AAB", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: openssl-1.0.1k-10.fc21", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:14", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4000", "CVE-2015-1792", "CVE-2015-1789", "CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1790", "CVE-2015-1791"], "description": "\nThe OpenSSL team reports:\n\n\nMissing DHE man-in-the-middle protection (Logjam)\n\t (CVE-2015-4000)\nMalformed ECParameters causes infinite loop (CVE-2015-1788)\nExploitable out-of-bounds read in X509_cmp_time\n\t (CVE-2015-1789)\nPKCS#7 crash with missing EnvelopedContent (CVE-2015-1790)\nCMS verify infinite loop with unknown hash function\n\t (CVE-2015-1792)\nRace condition handling NewSessionTicket (CVE-2015-1791)\nInvalid free in DTLS (CVE-2014-8176)\n\n\n", "edition": 5, "modified": "2016-08-09T00:00:00", "published": "2015-06-11T00:00:00", "id": "8305E215-1080-11E5-8BA2-000C2980A9F3", "href": "https://vuxml.freebsd.org/freebsd/8305e215-1080-11e5-8ba2-000c2980a9f3.html", "title": "openssl -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2020-11-10T12:37:22", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4000", "CVE-2015-1792", "CVE-2015-1789", "CVE-2014-8176", "CVE-2015-1790", "CVE-2015-3216", "CVE-2015-1791"], "description": "**Issue Overview:**\n\nLOGJAM: A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange (for both export and non-export grade cipher suites). An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lead to a passive man-in-the-middle attack in which the attacker is able to decrypt all traffic. ([CVE-2015-4000 __](<https://access.redhat.com/security/cve/CVE-2015-4000>))\n\nAn out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL, which is used to test the expiry dates of SSL/TLS certificates. An attacker could possibly use a specially-crafted SSL/TLS certificate or CRL (Certificate Revocation List), which when parsed by an application would cause that application to crash. ([CVE-2015-1789 __](<https://access.redhat.com/security/cve/CVE-2015-1789>))\n\nA NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. An attacker able to make an application using OpenSSL verify, decrypt, or parse a specially crafted PKCS#7 input could cause that application to crash. TLS/SSL clients and servers using OpenSSL were not affected by this flaw. ([CVE-2015-1790 __](<https://access.redhat.com/security/cve/CVE-2015-1790>))\n\nA race condition was found in the session handling code of OpenSSL. An attacker could cause a multi-threaded SSL/TLS server to crash. ([CVE-2015-1791 __](<https://access.redhat.com/security/cve/CVE-2015-1791>))\n\nA denial of service flaw was found in OpenSSL in the way it verified certain signed messages using CMS (Cryptographic Message Syntax). A remote attacker could cause an application using OpenSSL to use excessive amounts of memory by sending a specially-crafted message for verification. ([CVE-2015-1792 __](<https://access.redhat.com/security/cve/CVE-2015-1792>))\n\nAn invalid-free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could send a specially-crafted message to the peer, which could cause the application to crash or potentially cause arbitrary code execution. ([CVE-2014-8176 __](<https://access.redhat.com/security/cve/CVE-2014-8176>))\n\nA regression was found in the ssleay_rand_bytes() function. This could lead a multi-threaded application to crash. ([CVE-2015-3216 __](<https://access.redhat.com/security/cve/CVE-2015-3216>))\n\n \n**Affected Packages:** \n\n\nopenssl\n\n \n**Issue Correction:** \nRun _yum update openssl_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n openssl-devel-1.0.1k-10.86.amzn1.i686 \n openssl-static-1.0.1k-10.86.amzn1.i686 \n openssl-1.0.1k-10.86.amzn1.i686 \n openssl-perl-1.0.1k-10.86.amzn1.i686 \n openssl-debuginfo-1.0.1k-10.86.amzn1.i686 \n \n src: \n openssl-1.0.1k-10.86.amzn1.src \n \n x86_64: \n openssl-1.0.1k-10.86.amzn1.x86_64 \n openssl-static-1.0.1k-10.86.amzn1.x86_64 \n openssl-devel-1.0.1k-10.86.amzn1.x86_64 \n openssl-debuginfo-1.0.1k-10.86.amzn1.x86_64 \n openssl-perl-1.0.1k-10.86.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2015-06-16T11:29:00", "published": "2015-06-16T11:29:00", "id": "ALAS-2015-550", "href": "https://alas.aws.amazon.com/ALAS-2015-550.html", "title": "Medium: openssl", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "paloalto": [{"lastseen": "2019-05-29T23:19:22", "bulletinFamily": "software", "cvelist": ["CVE-2015-4000", "CVE-2015-1792", "CVE-2015-1789", "CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1790", "CVE-2015-1791"], "description": "The OpenSSL library has been found to contain several vulnerabilities CVE-2015-4000, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1792, CVE-2015-1791, CVE-2014-8176. Palo Alto Networks software makes use of the vulnerable library. (Ref # PAN-48954/81411)\n", "edition": 4, "modified": "2016-10-18T00:00:00", "published": "2016-10-18T00:00:00", "id": "PAN-SA-2016-0028", "href": "https://securityadvisories.paloaltonetworks.com/Home/Detail/61", "title": "OpenSSL Vulnerabilities", "type": "paloalto", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "aix": [{"lastseen": "2019-05-29T19:19:11", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4000", "CVE-2015-1792", "CVE-2015-1789", "CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1790", "CVE-2015-1791"], "description": "IBM SECURITY ADVISORY\n\nFirst Issued: Wed Jul 15 00:20:05 CDT 2015\n| Updated: Wed Aug 12 05:13:23 CDT 2015\n| Update: A new ifix for Power8 machines having OpenSSL v1.0.1.514 has been added\n| Update: \"A. FIXES\" section. \n\nThe most recent version of this document is available here:\n\nhttp://aix.software.ibm.com/aix/efixes/security/openssl_advisory14.asc\nhttps://aix.software.ibm.com/aix/efixes/security/openssl_advisory14.asc\nftp://aix.software.ibm.com/aix/efixes/security/openssl_advisory14.asc\n===============================================================================\n VULNERABILITY SUMMARY\n\n1. VULNERABILITY:A vulnerability in the TLS protocol allows a man-in-the-middle\n\t\t\tattacker to downgrade vulnerable TLS connections using ephemeral\n\t\t\tDiffie-Hellman key exchange to 512-bit export-grade cryptography. \n\t\t\tThis vulnerability is known as Logjam.\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2015-4000\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n2.VULNERABILITY:When processing an ECParameters structure OpenSSL enters an infinite \n\t\t\tloop if the curve specified is over a specially malformed binary \n\t\t\tpolynomial field.\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2015-1788\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n3. VULNERABILITY:X509_cmp_time does not properly check the length of the ASN1_TIME\n\t\t\tstring and can read a few bytes out of bounds. In addition,\n\t\t\tX509_cmp_time accepts an arbitrary number of fractional seconds in \n\t\t\tthe time string.\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2015-1789\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n4. VULNERABILITY:The PKCS#7 parsing code does not handle missing inner EncryptedContent\n\t\t\tcorrectly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs\n\t\t\twith missing content and trigger a NULL pointer dereference on parsing.\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2015-1790\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n5. VULNERABILITY:If a NewSessionTicket is received by a multi-threaded client when attempting \n\t\t\tto reuse a previous ticket then a race condition can occur potentially leading \n\t\t\tto a double free of the ticket data.\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2015-1791\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n6. VULNERABILITY:When verifying a signedData message the CMS code can enter an infinite\t\t \n\t\t\tloop if presented with an unknown hash function OID.\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2015-1792\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n\n7. VULNERABILITY:If a DTLS peer receives application data between the ChangeCipherSpec\n\t\t\tand Finished messages, buffering of such data may cause an invalid free, \n\t\t\tresulting in a segmentation fault or potentially, memory corruption.\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-8176\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n===============================================================================\n DETAILED INFORMATION\n\nI. DESCRIPTION \n \n 1. CVE-2015-4000\n \tA vulnerability in the TLS protocol allows a man-in-the-middle attacker to \n\tdowngrade vulnerable TLS connections using ephemeral Diffie-Hellman key \n\texchange to 512-bit export-grade cryptography.This vulnerability is known \n\tas Logjam.\n\n 2. CVE-2015-1788\n\tWhen processing an ECParameters structure OpenSSL enters an infinite loop \n\tif the curve specified is over a specially malformed binary polynomial field.\n\n 3. CVE-2015-1789\n X509_cmp_time does not properly check the length of the ASN1_TIME string and \n\tcan read a few bytes out of bounds. In addition, X509_cmp_time accepts an \n\tarbitrary number of fractional seconds in the time string.\n\n 4. CVE-2015-1790\n The PKCS#7 parsing code does not handle missing inner EncryptedContent correctly. \n \tAn attacker can craft malformed ASN.1-encoded PKCS#7 blobs with missing content \n\tand trigger a NULL pointer dereference on parsing.\n\n 5. CVE-2015-1791\n If a NewSessionTicket is received by a multi-threaded client when attempting \n\tto reuse a previous ticket then a race condition can occur potentially leading \n\tto a double free of the ticket data.\n\n\n 6. CVE-2015-1792\n When verifying a signedData message the CMS code can enter an infinite loop if \n\tpresented with an unknown hash function OID.\n\n 7. CVE-2014-8176\n If a DTLS peer receives application data between the ChangeCipherSpec and Finished \n\tmessages, buffering of such data may cause an invalid free,resulting in a segmentation\n\tfault or potentially, memory corruption.\n\n\t\n\n\nII. CVSS\n\n 1. CVE-2015-4000\n CVSS Base Score: 4.3\n CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/103294\n CVSS Environmental Score*: Undefined\n CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N \n\n 2. CVE-2015-1788\n CVSS Base Score: 5\n CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/103778\n CVSS Environmental Score*: Undefined\n CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P\n\n 3. CVE-2015-1789\n CVSS Base Score: 5\n CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/103779\n CVSS Environmental Score*: Undefined\n CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P\n\n 4. CVE-2015-1790\n CVSS Base Score: 5\n CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/103780\n CVSS Environmental Score*: Undefined\n CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P\n\n 5. CVE-2015-1791\n CVSS Base Score: 5\n CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/103609\n CVSS Environmental Score*: Undefined\n CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P\n\n 6. CVE-2015-1792\n CVSS Base Score: 5\n CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/103781\n CVSS Environmental Score*: Undefined\n CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P\n\n 7. CVE-2014-8176\n CVSS Base Score: 6.5\n CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/103782\n CVSS Environmental Score*: Undefined\n CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P\n\n\nIII. PLATFORM VULNERABILITY ASSESSMENT\n\n To determine if your system is vulnerable, execute the following\n command:\n\n lslpp -L openssl.base\n \n The following fileset levels are vulnerable:\n\n AIX Fileset Lower Level Upper Level \n ------------------------------------------\n openssl.base 1.0.1.500 1.0.1.514\n openssl.base 0.9.8.401 0.9.8.2505\n openssl.base 12.9.8.1100 12.9.8.2505\n\n\tNote, 0.9.8.401 and 12.9.8.1100 are the Lowest OpenSSL version\n\tavailable in aix web download site. Even OpenSSL versions below \n\tthis are impacted\n\n\nIV. SOLUTIONS\n\n A. FIXES\n\n Fix is available. The fix can be downloaded from:\n \n ftp://aix.software.ibm.com/aix/efixes/security/openssl_fix14.tar\n\thttps://aix.software.ibm.com/aix/efixes/security/openssl_fix14.tar\n\n The link above is to a tar file containing this signed\n advisory, fix packages, and OpenSSL signatures for each package.\n The fixes below include prerequisite checking. This will\n enforce the correct mapping between the fixes and AIX\n releases.\n\n\tNote that the tar file contains Interim fixes that are based on OpenSSL version\n as given below - \n\n Note: You must be on the 'prereq for installation' level before applying the interim fix. \n This may require installing a new level(prereq version) first.\n\n|\t\tCustomers using Power8 machines reported an issue with SSH after applying the ifix \n|\t\tIV74809s9a.150710.epkg.Z . To fix this issue, the new ifix IV75570m9a.150729.epkg.Z should\n|\t\tbe applied after removing the old ifix IV74809s9a.150710.epkg.Z .The old ifix IV74809s9a.150710.epkg.Z\n|\t\tworks fine for non-Power8 machines without creating any compatibility issue with SSH.\n\n\n AIX Level Interim Fix (*.Z) Fileset Name(prereq for installation)\n ---------------------------------------------------------------------------------\n 5.3, 6.1, 7.1 IV74809s9a.150710.epkg.Z openssl.base(1.0.1.514 version)\n| 5.3, 6.1, 7.1 IV75570m9a.150729.epkg.Z openssl.base(1.0.1.514 version)\n 5.3, 6.1, 7.1 IV74809s9b.150710.epkg.Z openssl.base(0.9.8.2505 version)\n 5.3, 6.1, 7.1 IV74809s9c.150710.epkg.Z openssl.base(12.9.8.2505 version)\n\n VIOS Level Interim Fix (*.Z)\t Fileset Name(prereq for installation)\n ---------------------------------------------------------------------------------\n 2.2.* \tIV74809s9a.150710.epkg.Z openssl.base(1.0.1.514 version)\n| \t\t2.2.*\t\t\tIV75570m9a.150729.epkg.Z\topenssl.base(1.0.1.514 version)\n 2.2.* \tIV74809s9b.150710.epkg.Z openssl.base(0.9.8.2505 version)\n 2.2.* \tIV74809s9c.150710.epkg.Z openssl.base(12.9.8.2505 version)\n\n\n To extract the fix from the tar file:\n\n tar xvf openssl_fix14.tar\n cd openssl_fix14\n\n Verify you have retrieved the fix intact:\n\n The checksums below were generated using the\n \"openssl dgst -sha256 file\" command is the followng:\n\n openssl dgst -sha256 \t\t\t\t\t\tfilename\t \n ----------------------------------------------------------------------------------------------\n \td99db3c726bcc26cf8a7233725bc47125c15d68844d08a8ab598440d8a2912cf IV74809s9a.150710.epkg.Z\n|\t\t281235d549dae9533600958647766789f889af6ab12d0a8283b17f679fb20186\t\tIV75570m9a.150729.epkg.Z\n \tb33daadfecd61c2b0f03b3b9b87a3fcb3435a7aa52c29c18445f79579265bf67 IV74809s9b.150710.epkg.Z\n \tb5a0396ad25278547da61349cdf008fc424836ed0c7087dbc0e554af86d8974f IV74809s9c.150710.epkg.Z\n \n \tThese sums should match exactly. The OpenSSL signatures in the tarfile \n\tand on this advisory can also be used to verify the integrity of the fixes. \n\tIf the sums or signatures cannot be confirmed, contact IBM AIX Security at\n security-alert@austin.ibm.com and describe the discrepancy.\n \n Published advisory OpenSSL signature file location:\n\n http://aix.software.ibm.com/aix/efixes/security/openssl_advisory14.asc.sig\n https://aix.software.ibm.com/aix/efixes/security/openssl_advisory14.asc.sig\n ftp://aix.software.ibm.com/aix/efixes/security/openssl_advisory14.asc.sig \n\n\topenssl dgst -sha1 -verify <pubkey_file> -signature <advisory_file>.sig <advisory_file>\n\n openssl dgst -sha1 -verify <pubkey_file> -signature <ifix_file>.sig <ifix_file>\n\n\n NOTE -\n\t\t1.for CVE-2015-4000: As the length of the server default DH key group size has been increased \n from 512 to 768 bits, the amount of CPU required for full TLS/SSL handshake can significantly \n increase. Please carefully test and assess the impact to your CPU requirements to ensure \n sufficient CPU resources, otherwise the system availability may be impacted.\n\n 2.For CVE-2015-4000: IBM recommends that you review your entire environment to identify \n other areas where you have enabled the Diffie-Hellman key-exchange protocol used in TLS and \n take appropriate mitigation and remediation actions.\n \n B. FIX AND INTERIM FIX INSTALLATION\n\n IMPORTANT: If possible, it is recommended that a mksysb backup\n of the system be created. Verify it is both bootable and\n readable before proceeding.\n\n To preview a fix installation:\n\n installp -a -d fix_name -p all # where fix_name is the name of the\n # fix package being previewed.\n To install a fix package:\n\n installp -a -d fix_name -X all # where fix_name is the name of the\n # fix package being installed.\n\n Interim fixes have had limited functional and regression\n testing but not the full regression testing that takes place\n for Service Packs; however, IBM does fully support them.\n\n Interim fix management documentation can be found at:\n\n http://www14.software.ibm.com/webapp/set2/sas/f/aix.efixmgmt/home.html\n\n To preview an interim fix installation:\n\n emgr -e ipkg_name -p # where ipkg_name is the name of the\n # interim fix package being previewed.\n\n To install an interim fix package:\n\n emgr -e ipkg_name -X # where ipkg_name is the name of the\n # interim fix package being installed.\n\n\nV. WORKAROUNDS\n \n No Workarounds.\n \n\nVI. CONTACT US:\n\n If you would like to receive AIX Security Advisories via email,\n please visit \"My Notifications\":\n\n http://www.ibm.com/support/mynotifications\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n \n Comments regarding the content of this announcement can be\n directed to:\n\n security-alert@austin.ibm.com\n\n To obtain the OpenSSL public key that can be used to verify the\n signed advisories and ifixes:\n\n Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pubkey.txt\n\n To obtain the PGP public key that can be used to communicate\n securely with the AIX Security Team via security-alert@austin.ibm.com you\n can either:\n\n A. Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pgppubkey.txt\n\n B. Download the key from a PGP Public Key Server. The key ID is:\n\n 0x28BFAA12\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n\n\nVII. REFERENCES:\n\n Note: Keywords labeled as KEY in this document are used for parsing purposes.\n\n eServer is a trademark of International Business Machines\n Corporation. IBM, AIX and pSeries are registered trademarks of\n International Business Machines Corporation. All other trademarks\n are property of their respective holders.\n\n Complete CVSS Guide: http://www.first.org/cvss/cvss-guide.html\n On-line Calculator V2: http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2\n\n X-Force Vulnerability Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/103294\n X-Force Vulnerability Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/103778\n X-Force Vulnerability Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/103779\n X-Force Vulnerability Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/103780\n X-Force Vulnerability Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/103609\n X-Force Vulnerability Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/103781\n X-Force Vulnerability Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/103782\n CVE-2015-4000 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000\n CVE-2015-1788 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788\n CVE-2015-1789 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789\n CVE-2015-1790 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790\n CVE-2015-1791 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791\n CVE-2015-1792 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792\n CVE-2014-8176 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8176\n\n *The CVSS Environment Score is customer environment specific and will\n ultimately impact the Overall CVSS Score. Customers can evaluate the\n impact of this vulnerability in their environments by accessing the links\n in the Reference section of this Flash.\n\n Note: According to the Forum of Incident Response and Security Teams\n (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry\n open standard designed to convey vulnerability severity and help to\n determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES\n \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF\n MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE\n RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY\n VULNERABILITY.\n\n", "edition": 4, "modified": "2015-08-12T05:13:23", "published": "2015-07-15T00:20:05", "id": "OPENSSL_ADVISORY14.ASC", "href": "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory14.asc", "title": "Multiple Security vulnerabilities in AIX OpenSSL", "type": "aix", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:21", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4000", "CVE-2015-1792", "CVE-2015-1789", "CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1790", "CVE-2015-1791"], "edition": 1, "description": "### Background\n\nOpenSSL is an Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security as well as a general purpose cryptography library. \n\n### Description\n\nMultiple vulnerabilities have been found in OpenSSL. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker can cause Denial of Service and information disclosure. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll OpenSSL 1.0.1 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/openssl-1.0.1o\"\n \n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/openssl-0.9.8z_p7\"", "modified": "2016-02-26T00:00:00", "published": "2015-06-22T00:00:00", "id": "GLSA-201506-02", "href": "https://security.gentoo.org/glsa/201506-02", "type": "gentoo", "title": "OpenSSL: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "symantec": [{"lastseen": "2020-12-24T10:42:02", "bulletinFamily": "software", "cvelist": ["CVE-2014-1789", "CVE-2014-8175", "CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-4000"], "description": "### SUMMARY\n\nBlue Coat products using affected versions of OpenSSL 1.0.2, 1.0.1, 1.0.0, and 0.9.8 are vulnerable to multiple vulnerabilities. A remote attacker may exploit these vulnerabilities to cause a denial of service, memory corruption, application crash, or downgrade in the Diffie-Hellman ephemeral (DHE) key size. \n \n\n\n### AFFECTED PRODUCTS\n\nThe following products are vulnerable to multiple vulnerabilities:\n\n**Android Mobile Agent** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2015-4000 | 1.3 | Upgrade to 1.3.8. \n \n \n\n**BCAAA** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nAll CVEs | 6.1 (only when a Novell SSO realm is used) | A fix will not be provided. An updated Novell SSO SDK is no longer available. Please, contact Novell for more information. \n \n \n\n**CacheFlow** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2015-1789, CVE-2015-1792 | 3.x | Upgrade to 3.4.2.3. \nCVE-2015-4000 | 3.x | Upgrade to 3.4.2.8. \nCVE-2015-1790 | 3.x (not vulnerable to known vectors of attack) | Upgrade to 3.4.2.3. \nCVE-2014-8176, CVE-2015-1788 | 3.x (not vulnerable to known vectors of attack) | Upgrade to 3.4.2.5. \nAll CVEs except CVE-2015-1791 | 2.x | Upgrade to later release with fixes. \n \n \n\n**Client Connector** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nAll CVEs | 1.6 | Upgrade to latest release of Unified Agent with fixes. \n \n \n\n**Content Analysis System (CAS)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nAll CVEs except CVE-2015-1788 | 2.1 and later | Not vulnerable, fixed in 2.1.1.1 \nCVE-2014-8176, CVE-2015-1789, \nCVE-2015-1790, CVE-2015-1791, \nCVE-2015-1792 | 1.3 | Not vulnerable, fixed in 1.3.1.1 \n1.2 | Upgrade to 1.2.3.1. \n1.1 | Upgrade to 1.1.5.6. \nCVE-2015-4000 | 1.3 | Upgrade to 1.3.7.3. \n1.1, 1.2 | Upgrade to later release with fixes. \n \n \n\n**Director** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2015-1788, CVE-2015-1789, \nCVE-2015-1790, CVE-2015-1791, \nCVE-2015-1792 | 6.1 | Upgrade to 6.1.20.1. \nCVE-2015-4000 | 6.1 | Upgrade to 6.1.21.2. \n \n \n\n**Malware Analysis Appliance (MAA)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2014-8176, CVE-2015-1788, \nCVE-2015-1789, CVE-2015-1791, \nCVE-2015-4000 | 4.2 | Upgrade to 4.2.6. \n \n \n\n**Malware Analyzer G2 (MAG2)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2014-8176, CVE-2015-1788, \nCVE-2015-1789, CVE-2015-1791, \nCVE-2015-4000 | All versions | Upgrade to latest release of MAA with fixes. \n \n \n\n**Management Center (MC)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2015-1788, CVE-2014-1789, \nCVE-2015-1790, CVE0215-1792, \nCVE-2015-4000 | 1.5 and later | Not vulnerable, fixed in 1.5.1.1 \n1.4 | Upgrade to 1.4.2.1. \n1.x prior to 1.4 | Upgrade to later release with fixes. \n \n \n\n**Norman Shark Industrial Control System Protection (ICSP)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2014-8176, CVE-2015-1788, \nCVE-2015-1789, CVE-2015-1791, \nCVE-2015-4000 | 5.3 | Upgrade to 5.3.5. \n \n \n\n**Norman Shark Network Protection (NNP)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2014-8176, CVE-2015-1788, \nCVE-2015-1789, CVE-2015-1791, \nCVE-2015-4000 | 5.3 | Upgrade to 5.3.5. \n \n \n\n**Norman Shark SCADA Protection (NSP)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2014-8176, CVE-2015-1788, \nCVE-2015-1789, CVE-2015-1791, \nCVE-2015-4000 | 5.3 | Upgrade to 5.3.5. \n \n \n\n**PacketShaper (PS)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2015-1788, CVE-2015-1791 | 9.2 | Upgrade to 9.2.13p1. \nCVE-2015-4000 | 9.2 | Upgrade to 9.2.13p2. \n \n \n\n**PacketShaper (PS) S-Series** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nAll CVEs except CVE-2015-4000 | 11.4 and later | Not vulnerable, fixed in 11.4.1.1 \n11.2, 11.3 | Upgrade to later release with fixes. \nCVE-2015-4000 | 11.6 and later | Not vulnerable, fixed in 11.6.1.1 \n11.5 | Upgrade to 11.5.3.2. \n11.1, 11.2, 11.3, 11.4 | Upgrade to later release with fixes. \n \n \n\n**PolicyCenter (PC)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2015-1788, CVE-2015-1791 | 9.2 | Upgrade to 9.2.13p1. \nCVE-2015-4000 | 9.2 | Upgrade to 9.2.13p2. \n \n \n\n**ProxyAV** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nAll CVEs except CVE-2015-4000 | 3.5 | Upgrade to 3.5.3.3. \n3.4 | Upgrade to 3.4.3.1. \nCVE-2015-4000 | 3.4, 3.5 | Upgrade to a version of CAS with the fix. \n \n \n\n**ProxyClient** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nAll CVEs | 3.4 | Upgrade to latest release of Unified Agent with fixes. \n \n \n\n**ProxySG** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nAll CVEs | 6.7 and later | Not vulnerable, fixed in 6.7.1.1 \nCVE-2015-1788 | 6.6 | Upgrade to 6.6.2.1. \n6.5 | Upgrade to 6.5.7.7. \nCVE-2015-1789 | 6.6 | Upgrade to 6.6.2.1. \n6.5 | Upgrade to 6.5.7.7. \n6.2 | Upgrade to 6.2.16.6. \nCVE-2015-4000 | 6.6 | Upgrade to 6.6.2.1. \n6.5 | Upgrade to 6.5.7.7. \n6.2 | Upgrade to later release with fixes. \n \n \n\n**Reporter** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2015-1791 | 10.3 and later | Not vulnerable, fixed \n9.4, 9.5, 10.1, 10.2 | Upgrade to later release with fixes. \nCVE-2015-4000 | 10.5 | Upgrade to 10.5.2.1. \n10.2, 10.3, 10.4 | Upgrade to later release with fixes. \n10.1 | Not vulnerable \n9.4, 9.5 | Upgrade to later release with fixes. \n \n \n\n**Security Analytics Platform** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nAll CVEs | 7.2 and later | Not vulnerable, fixed in 7.2.1 \nCVE-2014-8176 | 7.1 | Upgrade to 7.1.5. \n7.0 | Upgrade to later release with fixes. \n6.6 | Upgrade to 6.6.10. \nCVE-2015-1789, CVE-2015-1790, \nCVE-2015-1791, CVE-2015-1792 | 7.1 | Upgrade to 7.1.9. \n6.6, 7.0 | Upgrade to later release with fixes. \nCVE-2015-4000 | 6.6, 7.0, 7.1 | Upgrade to later release with fixes. \n \n \n\n**SSL Visibility** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2015-1788, CVE-2015-1789, \nCVE-2015-1790, CVE-2015-1791, \nCVE-2015-1792 | 3.9 and later | Not vulnerable, fixed in 3.9.1.1 \n3.8.4FC | Not vulnerable, fixed in 3.8.4FC-17. \n3.8 | Upgrade to 3.8.5. \nCVE-2014-8176 | 3.9 and later | Not vulnerable, fixed in 3.9.1.1 \n3.8.4FC | Not vulnerable, fixed in 3.8.4FC-17 \n3.8 (not vulnerable to known vectors of attack) | Upgrade to 3.8.5. \nCVE-2015-4000 | 3.10 and later | Not vulnerable, fixed in 3.10.1.1. \n3.9 | Upgrade to 3.9.7.1. \n3.8.4FC | Upgrade to 3.8.4FC-55. \n3.8 | Upgrade to later release with fixes. \n \n \n\n**Unified Agent** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2015-4000 | 4.7 and later | Not vulnerable, fixed in 4.7.1 \n4.6 | Upgrade to 4.6.2. \n4.1 | Upgrade to later release with fixes. \n \n \n\n**X-Series XOS** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2015-1790, CVE-2015-1792 | 11.0 | Not available at this time \n10.0 | Not avaialble at this time \n9.7 | Upgrade to later release with fixes. \n \n### \nADDITIONAL PRODUCT INFORMATION\n\nBlue Coat products may act as both client and server in SSL/TLS connections, and may use application functionality for cryptographic operations. Blue Coat products act as a client when connecting to Blue Coat services such as WebPulse, DRTR, and licensing and subscription services. Products should be considered vulnerable in all interfaces that provide SSL/TLS connections for data and management interfaces unless the CVE is specific to SSL/TLS client or server functionality (as noted in the descriptions above) or unless otherwise stated below:\n\n * **CAS:** CVE-2015-4000 (Logjam) only affects SSL/TLS clients and the secure ICAP server.\n * **Security Analytics:** CVE-2015-4000 (Logjam) only affects the web UI and VPN connections between CMC and sensors.\n * **SSLV:** CVE-2015-1789 affects data and management planes, connections to Blue Coat, and connections to an HSM; CVE-2015-1790 and CVE-2015-1792 affect management connections when importing PKCS#7 and signed CMS formatted data; CVE-2015-1791 affects connections to Blue Coat and to an HSM; CVE-2015-4000 affects management connections, connections to Blue Coat, and connections to an HSM\n\nBlue Coat products that use a native installation of OpenSSL but do not install or maintain that implementation are not vulnerable to any of these CVEs. However, the underlying platform or application that installs and maintains OpenSSL may be vulnerable. Blue Coat urges our customers to update the versions of OpenSSL that are natively installed for Reporter on Linux, Unified Agent on Linux, and ProxyClient.\n\nBlue Coat products do not enable or use all functionality within OpenSSL. Products that do not utilize or enable the functionality described in a CVE are not vulnerable to that CVE. However, fixes for those CVEs will be included in the patches that are provided. The following products include vulnerable versions of OpenSSL, but do not use the functionality described in the CVEs and are not known to be vulnerable.\n\n * **Android Mobile Agent:** CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, and CVE-2015-1792\n * **CacheFlow:** CVE-2014-8176, CVE-2015-1788, and CVE-2015-1790 (only signed and validated content is accepted)\n * **Director:** CVE-2014-8176\n * **MAA and MAG2:** CVE-2015-1790 and CVE-2015-1792\n * **MC:** CVE-2014-8176 and CVE-2015-1791\n * **ICSP:** CVE-2015-1790 and CVE-2015-1792\n * **NNP:** CVE-2015-1790 and CVE-2015-1792\n * **NSP:** CVE-2015-1790 and CVE-2015-1792\n * **PacketShaper:** CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, and CVE-2015-1792\n * **PacketShaper S-Series:** CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, and CVE-2015-1792\n * **PolicyCenter:** CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, and CVE-2015-1792\n * **ProxySG:** CVE-2014-8176, CVE-2015-1790 and CVE-2015-1792 (only signed and validated content is accepted), and CVE-2015-1791\n * **Reporter: **CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, and CVE-2015-1792\n * **SA:** CVE-2014-8176 and CVE-2015-1788\n * **SSLV:** CVE-2014-8175 and CVE-2015-1788\n * **Unified Agent:** CVE-2014-8176 (4.1 only), CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, and CVE-2015-1792\n * **XOS:** CVE-2014-8176, CVE-2015-1789, CVE-2015-1791, and CVE-2015-4000 (Logjam).\n\nThe following products are not vulnerable: \n**Advanced Secure Gateway \nAuth Connector \nCloud Data Protection for Salesforce \nCloud Data Protection for Salesforce Analytics \nCloud Data Protection for ServiceNow \nCloud Data Protection for Oracle CRM On Demand \nCloud Data Protection for Oracle Field Service Cloud \nCloud Data Protection for Oracle Sales Cloud \nCloud Data Protection Integration Server \nCloud Data Protection Communication Server \nCloud Data Protection Policy Builder \nGeneral Auth Connector Login Application \nK9 \n****Mail Threat Defense \nPolicyCenter S-Series**** \nProxyAV ConLog and ConLogXP \nWeb Isolation** \n \n\nThe following products are under investigation: \n**IntelligenceCenter** \n**Reporter**\n\nBlue Coat no longer provides vulnerability information for the following products:\n\n**DLP** \nPlease, contact Digital Guardian technical support regarding vulnerability information for DLP. \n \n\n\n### ISSUES\n\n**CVE-2014-8176** \n--- \n**Severity / CVSSv2** | High / 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n**References** | SecurityFocus: [BID 75159](<https://www.securityfocus.com/bid/75159>) / NVD: [CVE-2014-8176](<https://nvd.nist.gov/vuln/detail/CVE-2014-8176>) \n**Impact** | Denial of service, unspecified other impact \n**Description** | A flaw in DTLS allows an attacker sending unexpected application data to cause memory corruption, application crashes, denial of service, or other unspecified impacts. This vulnerability affects Blue Coat products that support DTLS. \n \n \n\n**CVE-2015-1788** \n--- \n**Severity / CVSSv2** | Medium / 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 75158](<https://www.securityfocus.com/bid/75158>) / NVD: [CVE-2015-1788](<https://nvd.nist.gov/vuln/detail/CVE-2015-1788>) \n**Impact** | Denial of service \n**Description** | A flaw in the handling of elliptic curve (EC) parameters allows an attacker to sending malformed parameters to cause the product or application to enter an infinite loop resulting in a denial of service. This vulnerability affects Blue Coat products that Support elliptic curve cryptography. \n \n \n\n**CVE-2015-1789** \n--- \n**Severity / CVSSv2** | Medium / 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 75156](<https://www.securityfocus.com/bid/75156>) / NVD: [CVE-2015-1789](<https://nvd.nist.gov/vuln/detail/CVE-2015-1789>) \n**Impact** | Denial of service \n**Description** | A flaw in the time comparison function allows an attacker sending a crafted ASN.1 time data to cause a crash and denial of service. This vulnerability affects Blue Coat products that act as a TLS client. \n \n \n\n**CVE-2015-1790** \n--- \n**Severity / CVSSv2** | Medium / 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 75157](<https://www.securityfocus.com/bid/75157>) / NVD: [CVE-2015-1790](<https://nvd.nist.gov/vuln/detail/CVE-2015-1790>) \n**Impact** | Denial of service \n**Description** | A flaw in PKCS#7 parsing allows an attacker sending crafted PKCS#7 data to cause a crash and a denial of service. This vulnerability affects Blue Coat products that decrypt or parse PKCS#7 data outside of the TLS protocol. \n \n \n\n**CVE-2015-1791** \n--- \n**Severity / CVSSv2** | Medium / 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) \n**References** | SecurityFocus: [BID 75161](<https://www.securityfocus.com/bid/75161>) / NVD: [CVE-2015-1791](<https://nvd.nist.gov/vuln/detail/CVE-2015-1791>) \n**Impact** | Denial of service, unspecified other impact \n**Description** | A race condition in multi-threaded clients allows an attacker to send an unexpected new session ticket and cause a crash, denial of service, and other unspecified impacts. This vulnerability affects Blue Coat products that have a multi-threaded client and use session tickets. \n \n \n\n**CVE-2015-1792** \n--- \n**Severity / CVSSv2** | Medium / 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 75154](<https://www.securityfocus.com/bid/75154>) / NVD: [CVE-2015-1792](<https://nvd.nist.gov/vuln/detail/CVE-2015-1792>) \n**Impact** | Denial of service \n**Description** | A flaw in CMS allows an attacker to send an unexpected OID value and cause an infinite loop and a denial of service. This vulnerability affects Blue Coat products that use CMS functionality. \n \n \n\n**CVE-2015-4000 (Logjam)** \n--- \n**Severity / CVSSv2** | Medium / 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n**References** | SecurityFocus: [BID 74733](<https://www.securityfocus.com/bid/74733>) / NVD: [CVE-2015-4000](<https://nvd.nist.gov/vuln/detail/CVE-2015-4000>) \n**Impact** | Information disclosure, unauthorized modification of data \n**Description** | A flaw in the TLS protocol that allows a man-in-the-middle attacker to downgrade vulnerable TLS connections using ephemeral Diffie-Hellman key exchange to 512-bit export grade cryptography. There also exists a related pre-computation attack against DH parameters of size 1024 bits or less. Blue Coat products that act as a TLS client or server, support ephemeral DH key exchange, and use DH parameters of size 1024 bits or less are vulnerable. \n \n### \nMITIGATION\n\nThere are no known workarounds or remediation for CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, or CVE-2015-1791. Customers should apply the patch.\n\nCVE-2015-1790 can be remediated by ensuring that PKCS#7 content always comes from a trusted source.\n\nCVE-2015-1792 can be remediated by ensuring that data signed using CMS always comes from a trusted source.\n\nCVE-2015-4000 can be partially remediated by ensuring that export grade ciphers are always disabled for all interfaces, or to not use DHE ciphers. A full remediation is not possible because strong Diffie-Hellman parameters are not configurable. \n \n\n\n### REFERENCES\n\nOpenSSL Security Advisory - <https://www.openssl.org/news/secadv/20150611.txt> \nLogjam attack - <https://weakdh.org/> \nOpenSSL changes for Logjam - <https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/> \n \n\n\n### REVISION\n\n2020-05-06 A fix for CVE-2015-4000 in Reporter 10.5 is available in 10.5.2.1. Advisory status changed to Closed. \n2020-04-20 Reporter 10.5 is vulnerable to CVE-2015-4000. \n2020-04-03 Reporter 10.3 and later versions are not vulnerable to CVE-2015-1791 because a fix is available in 10.3.1.1. A fix for CVE-2015-4000 in Reporter 10.3 will not be provided. Please upgrade to a later version with the vulnerability fixes. Reporter 10.5 is not vulnerable to CVE-2015-4000 because a fix is available in 10.5.1.1. \n2020-01-15 A fix for CVE-2015-4000 in ProxyAV will not be provided. Please upgrade to a version of CAS with the vulnerability fix. \n2019-10-02 Web Isolation is not vulnerable. \n2019-08-28 Reporter 10.2, 10.3, and 10.4 are vulnerable to CVE-2015-4000 (Logjam). \n2018-04-25 A fix for XOS 9.7 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2018-04-22 PacketShaper S-Series 11.10 is not vulnerable. \n2017-08-02 SSLV 4.1 is not vulnerable. \n2017-07-24 PacketShaper S-Series 11.9 is not vulnerable. \n2017-07-20 MC 1.10 is not vulnerable. \n2017-06-22 Security Analytics 7.3 is not vulnerable. \n2017-06-05 PS S-Series 11.6, 11.7, and 11.8 are not vulnerable. \n2017-05-29 A fix for Android Mobile Agent is available in 1.3.8. A fix for CVE-2015-4000 (Logjam) in Security Analytics 6.6 will not be provided. Please upgrade to a later version with the vulnerability fix. \n2017-05-17 CAS 2.1 is not vulnerable. \n2017-04-29 A fix for CVE-2015-4000 (Logjam) in CacheFlow 3.4 is available in 3.4.2.8. \n2017-03-30 MC 1.9 is not vulnerable. \n2017-03-16 PacketShaper S-Series 11.2, 11.3, 11.4, and 11.5 are vulnerable to CVE-2015-4000 (Logjam). A fix for PS S-Series 11.5 is available in 11.5.3.2. \n2017-03-06 MC 1.8 is not vulnerable. ProxySG 6.7 is not vulnerable. SSLV 4.0 is not vulnerable. Vulnerability inquiries for DLP should be addressed to Digital Guardian technical support. \n2017-01-24 A fix for CVE-2015-4000 (Logjam) in CAS 1.3 is available in 1.3.7.3. \n2017-01-13 A fix for CVE-2015-4000 (Logjam) in SSLV 3.9 is available in 3.9.7.1. \n2016-12-04 A fix for CVE-2015-4000 (Logjam) is available in SSLV 3.10.1.1 and 3.11.1.1. \n2016-11-17 Cloud Data Protection for Oracle Field Service Cloud is not vulnerable. \n2016-11-15 MC 1.6 and 1.7 are not vulnerable. \n2016-11-11 SSLV 3.10 is not vulnerable. \n2016-11-03 A fix for CVE-2015-4000 (Logjam) in PacketShaper 9.2 is available in 9.2.13p2. A fix for CVE-2015-4000 (Logjam) in PolicyCenter 9.2 is available in 9.2.13p2. \n2016-09-23 A fix for CVE-2015-1789, CVE-2015-1790, and CVE-2015-1792 in CacheFlow 3.4 is available in 3.4.2.3. A fix for CVE-2014-8176 and CVE-2015-1788 in CacheFlow 3.4 is available in 3.4.2.5. \n2016-09-15 Advanced Secure Gateway is not vulnerable. \n2016-09-01 A fix for SSLV 3.8.4FC is available in 3.8.4FC-55. \n2016-08-12 Security Analytics 7.2 is not vulnerable because a fix for all CVEs is available in 7.2.1. \n2016-08-10 Unified Agent 4.7 is not vulnerable. \n2016-07-24 A fix for CVE-2015-4000 (Logjam) in ProxySG is available in 6.5.7.7 and 6.6.2.1. A fix for Logjam in ProxySG 6.2 will not be provided. Please upgrade to a later version with the Logjam vulnerability fix. \n2016-07-15 XOS 9.7, 10.0, and 11.0 are vulnerable to CVE-2015-1790 and CVE-2015-1792. They also have vulnerable code for CVE-2014-8176, CVE-2015-1789, CVE-2015-1791, and CVE-2015-4000 (Logjam). A fix for all CVEs in XOS 10.0 is available in 10.0.6. A fix for all CVEs in XOS 11.0 is available in 11.0.2. \n2016-07-15 A fix for CVE-2015-4000 (Logjam) will not be provided in SSLV 3.8. Please upgrade to a later version with the vulnerability fix. \n2016-06-16 Security Analytics 6.6, 7.0, and 7.1 are vulnerable to CVE-2015-4000 (Logjam). A fix is not avaialble at this time. \n2016-06-15 MAA 4.x prior to 4.2.6 is vulnerable to CVE-2015-4000 (Logjam). A fix for all CVEs is available in 4.2.6. \n2016-06-11 PolicyCenter S-Series is not vulnerable. \n2016-06-07 BCAAA 6.1 is vulnerable when a Novell SSO realm is used. A fix will not be provided. An updated Novell SSO SDK is no longer available. Please, contact Novell for more information. \n2016-05-31 MC 1.x prior to 1.4.2.1 is vulnerable. MC 1.5 is not vulnerable. \n2016-05-27 ICSP, NNP, and NSP 5.x are vulnerable. Fixes are available in ICSP, NNP, and NSP 5.3.5. \n2016-05-24 Android Mobile Agent, Client Connector for Windows, ProxyClient for Windows, and Unified Agent are vulnerable. Fixes for Client Connector and ProxyClient will not be provided - customers should upgrade to the latest version of Unified Agent with vulnerability fixes. Fixes for Unified Agent are available in 4.6.2. \n2016-05-22 CAS 1.1, 1.2, and 1.3 are vulnerable to CVE-2015-4000 (Logjam). A fix will not be provided for CAS 1.1. and 1.2. ProxyAV 3.4 and 3.5 are vulnerable to CVE-2015-4000 (Logjam). A fix will not be provided for ProxyAV 3.4. \n2016-05-22 The complete fix for CVE-2015-4000 (Logjam) in Director 6.1 is available in 6.1.21.2, not as was previously reported in 6.1.22.1. \n2016-05-21 General Auth Connector Login Application is not vulnerable. \n2016-05-12 A complete fix for CVE-2015-4000 (Logjam) in SSLV is not available at this time. \n2016-05-11 No Cloud Data Protection products are vulnerable. \n2016-05-06 A fix for all CVEs except CVE-2015-4000 (Logjam) in PolicyCenter 9.2 is available in 9.2.13p1. \n2016-05-06 A fix for all CVEs except CVE-2015-4000 (Logjam) in PacketShaper 9.2 is available in 9.2.13p1. \n2016-04-27 Mail Threat Defense is not vulnerable. \n2016-03-17 The complete fix for CVE-2015-4000 (Logjam) in Director 6.1 is available in 6.1.22.1. \n2016-02-26 OPIC was removed as the product is no longer supported. \n2016-01-23 PacketShaper S-Series does not have vulnerable code for CVE-2015-1788. A fix for CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, and CVE-2015-1792 are available in 11.4.1.1 and 11.5.1.1. CVE-2015-4000 (Logjam) is under investigation. \n2016-01-16 PacketShaper S-Series has vulnerable, but not used, code for CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, and CVE-2015-1792. CVE-2015-4000 (Logjam) is under investigation. \n2016-01-15 PacketShaper 9.2 and PolicyCenter 9.2 are vulnerable to CVE-2015-1788, CVE-2015-1791, and CVE-2015-4000. They also have vulnerable, but not used, code for CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, and CVE-2015-1792. \n2015-12-18 Director 6.1.20.1 does not contain a complete fix for CVE-2015-4000 (Logjam). Other Blue Coat products are under investigation for CVE-2015-4000. \n2015-12-02 All fixes are available for Security Analytics \n2015-10-02 Fixes are available for ProxyAV 3.4 and 3.5 \n2015-10-01 Fixes are available for ProxySG 6.2 and 6.6; fix is available for SSLV; SSLV is also vulnerable to CVE-2014-8176 \n2015-09-30 CAS is vulnerable and fixes are available for 1.1 and 1.2 \n2015-08-05 Reporter for Windows is not vulnerable to CVE-2015-1791 \n2015-08-02 Reporter is only vulnerable to CVE-2015-4000 (Logjam) if export grade cipher suites are enabled. \n2015-07-25 a fix is available for Director; a fix is available in SGOS 6.5; ProxyAV is vulnerable; Reporter is vulnerable \n2015-06-18 added CVEs for Management Center \n2015-06-17 initial public release\n", "modified": "2020-10-30T20:49:15", "published": "2015-06-17T08:00:00", "id": "SMNTC-1325", "href": "", "type": "symantec", "title": "SA98 : OpenSSL Security Advisory 11-June-2015", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "slackware": [{"lastseen": "2020-10-25T16:36:11", "bulletinFamily": "unix", "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792"], "description": "New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\nand -current to fix security issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/openssl-1.0.1n-i486-1_slack14.1.txz: Upgraded.\n Fixes several bugs and security issues:\n o Malformed ECParameters causes infinite loop (CVE-2015-1788)\n o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)\n o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)\n o CMS verify infinite loop with unknown hash function (CVE-2015-1792)\n o Race condition handling NewSessionTicket (CVE-2015-1791)\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791\n (* Security fix *)\npatches/packages/openssl-solibs-1.0.1n-i486-1_slack14.1.txz: Upgraded.\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zg-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zg-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zg-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1n-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1n-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1n-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1n-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1n-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1n-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1n-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1n-i586-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1n-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1n-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 packages:\n383ecfed6bfef1440a44d7082745848a openssl-0.9.8zg-i486-1_slack13.0.txz\nfb186187ffa200e22d9450a9d0e321f6 openssl-solibs-0.9.8zg-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\neb52318ed52fef726402f0b2a74745c5 openssl-0.9.8zg-x86_64-1_slack13.0.txz\n9447927b960a01b21149e28a9783021f openssl-solibs-0.9.8zg-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n37f46f6b4fe2acbe217eaf7c0b33b704 openssl-0.9.8zg-i486-1_slack13.1.txz\n986de2e71676f61d788a59a1e0c8de1f openssl-solibs-0.9.8zg-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\n6b160ce817dcde3ae5b3a861b284387b openssl-0.9.8zg-x86_64-1_slack13.1.txz\n503d891680c711162386ea7e3daadca8 openssl-solibs-0.9.8zg-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n5e7501b1d73d01d3d87704c3cfd3a888 openssl-0.9.8zg-i486-1_slack13.37.txz\n874f0b59870dd3f259640c9930a02f99 openssl-solibs-0.9.8zg-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\nb6d91614458040d461dff3c3eab45206 openssl-0.9.8zg-x86_64-1_slack13.37.txz\nbe106df5e59c2be7fa442df8ba85ad0b openssl-solibs-0.9.8zg-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\nee7c3937e6a6d7ac7537f751af7da7b9 openssl-1.0.1n-i486-1_slack14.0.txz\n758662437d33f99ec0a686cedeb1919e openssl-solibs-1.0.1n-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n2dfdc4729e93cf460018e9e30a6223dc openssl-1.0.1n-x86_64-1_slack14.0.txz\n9cb4b34e97e60f6bfe4c843aabeae954 openssl-solibs-1.0.1n-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n5a9bf08d55615cfc097109c2e3786f7b openssl-1.0.1n-i486-1_slack14.1.txz\nfb1c05468e5c38d51a8ff6ac435e3a20 openssl-solibs-1.0.1n-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\n1ef5cede3f954c3e4741012ffa76b750 openssl-1.0.1n-x86_64-1_slack14.1.txz\nea22c288c60ae1d7ea8c5b3a1608462b openssl-solibs-1.0.1n-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n56db8712d653c060f910e8915a8f8656 a/openssl-solibs-1.0.1n-i586-1.txz\n6d6264c9943e27240db5c8f5ec342e27 n/openssl-1.0.1n-i586-1.txz\n\nSlackware x86_64 -current packages:\ne73f7aff5aa0ad14bc06428544f99ae2 a/openssl-solibs-1.0.1n-x86_64-1.txz\n91b550b9eb0ac0c580e158375a93c0e4 n/openssl-1.0.1n-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg openssl-1.0.1n-i486-1_slack14.1.txz openssl-solibs-1.0.1n-i486-1_slack14.1.txz", "modified": "2015-06-11T23:01:09", "published": "2015-06-11T23:01:09", "id": "SSA-2015-162-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.750596", "type": "slackware", "title": "[slackware-security] openssl", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:59", "bulletinFamily": "software", "cvelist": ["CVE-2015-1792", "CVE-2015-1789", "CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1790", "CVE-2015-1791"], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2639-1\r\nJune 11, 2015\r\n\r\nopenssl vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 15.04\r\n- Ubuntu 14.10\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\nSeveral security issues were fixed in OpenSSL.\r\n\r\nSoftware Description:\r\n- openssl: Secure Socket Layer (SSL) cryptographic library and tools\r\n\r\nDetails:\r\n\r\nPraveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that\r\nOpenSSL incorrectly handled memory when buffering DTLS data. A remote\r\nattacker could use this issue to cause OpenSSL to crash, resulting in a\r\ndenial of service, or possibly execute arbitrary code. (CVE-2014-8176)\r\n\r\nJoseph Barr-Pixton discovered that OpenSSL incorrectly handled malformed\r\nECParameters structures. A remote attacker could use this issue to cause\r\nOpenSSL to hang, resulting in a denial of service. (CVE-2015-1788)\r\n\r\nRobert Swiecki and Hanno Bock discovered that OpenSSL incorrectly handled\r\ncertain ASN1_TIME strings. A remote attacker could use this issue to cause\r\nOpenSSL to crash, resulting in a denial of service. (CVE-2015-1789)\r\n\r\nMichal Zalewski discovered that OpenSSL incorrectly handled missing content\r\nwhen parsing ASN.1-encoded PKCS#7 blobs. A remote attacker could use this\r\nissue to cause OpenSSL to crash, resulting in a denial of service.\r\n(CVE-2015-1790)\r\n\r\nEmilia Kasper discovered that OpenSSL incorrectly handled NewSessionTicket\r\nwhen being used by a multi-threaded client. A remote attacker could use\r\nthis issue to cause OpenSSL to crash, resulting in a denial of service.\r\n(CVE-2015-1791)\r\n\r\nJohannes Bauer discovered that OpenSSL incorrectly handled verifying\r\nsignedData messages using the CMS code. A remote attacker could use this\r\nissue to cause OpenSSL to hang, resulting in a denial of service.\r\n(CVE-2015-1792)\r\n\r\nAs a security improvement, this update also modifies OpenSSL behaviour to\r\nreject DH key sizes below 768 bits, preventing a possible downgrade\r\nattack.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 15.04:\r\n libssl1.0.0 1.0.1f-1ubuntu11.4\r\n\r\nUbuntu 14.10:\r\n libssl1.0.0 1.0.1f-1ubuntu9.8\r\n\r\nUbuntu 14.04 LTS:\r\n libssl1.0.0 1.0.1f-1ubuntu2.15\r\n\r\nUbuntu 12.04 LTS:\r\n libssl1.0.0 1.0.1-4ubuntu5.31\r\n\r\nAfter a standard system update you need to reboot your computer to make\r\nall the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2639-1\r\n CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790,\r\n CVE-2015-1791, CVE-2015-1792\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu11.4\r\n https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu9.8\r\n https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.15\r\n https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.31\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "edition": 1, "modified": "2015-06-13T00:00:00", "published": "2015-06-13T00:00:00", "id": "SECURITYVULNS:DOC:32203", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32203", "title": "[USN-2639-1] OpenSSL vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
