| nessus
via4
|
| NASL family | Web Servers | | NASL id | OPENSSL_0_9_8T.NASL | | description | According to its banner, the remote web server uses OpenSSL version
0.9.8s. This version has a flaw in the fix for CVE-2011-4108 such
that Datagram Transport Layer Security (DTLS) applications that use it
are vulnerable to a denial of service attack. | | last seen | 2019-01-16 | | modified | 2018-11-15 | | plugin id | 57711 | | published | 2012-01-27 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=57711 | | title | OpenSSL 0.9.8s DTLS Denial of Service |
| NASL family | Fedora Local Security Checks | | NASL id | FEDORA_2012-0702.NASL | | description | A new upstream package fixing a security vulnerability (DoS)
regression in DTLS introduced by the previous update.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | | last seen | 2019-01-16 | | modified | 2015-10-20 | | plugin id | 57671 | | published | 2012-01-25 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=57671 | | title | Fedora 15 : openssl-1.0.0g-1.fc15 (2012-0702) |
| NASL family | OracleVM Local Security Checks | | NASL id | ORACLEVM_OVMSA-2014-0008.NASL | | description | The remote OracleVM system is missing necessary patches to address
critical security updates :
- fix for CVE-2014-0224 - SSL/TLS MITM vulnerability
- replace expired GlobalSign Root CA certificate in
ca-bundle.crt
- fix for CVE-2013-0169 - SSL/TLS CBC timing attack
(#907589)
- fix for CVE-2013-0166 - DoS in OCSP signatures checking
(#908052)
- enable compression only if explicitly asked for or
OPENSSL_DEFAULT_ZLIB environment variable is set (fixes
CVE-2012-4929 #857051)
- use __secure_getenv everywhere instead of getenv
(#839735)
- fix for CVE-2012-2333 - improper checking for record
length in DTLS (#820686)
- fix for CVE-2012-2110 - memory corruption in
asn1_d2i_read_bio (#814185)
- fix problem with the SGC restart patch that might
terminate handshake incorrectly
- fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7
code (#802725)
- fix for CVE-2012-1165 - NULL read dereference on bad
MIME headers (#802489)
- fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext
recovery vulnerability and additional DTLS fixes
(#771770)
- fix for CVE-2011-4109 - double free in policy checks
(#771771)
- fix for CVE-2011-4576 - uninitialized SSL 3.0 padding
(#771775)
- fix for CVE-2011-4619 - SGC restart DoS attack (#771780)
- add known answer test for SHA2 algorithms (#740866)
- make default private key length in certificate Makefile
2048 bits (can be changed with PRIVATE_KEY_BITS setting)
(#745410)
- fix incorrect return value in parse_yesno (#726593)
- added DigiCert CA certificates to ca-bundle (#735819)
- added a new section about error states to README.FIPS
(#628976)
- add missing DH_check_pub_key call when DH key is
computed (#698175)
- presort list of ciphers available in SSL (#688901)
- accept connection in s_server even if getaddrinfo fails
(#561260)
- point to openssl dgst for list of supported digests
(#608639)
- fix handling of future TLS versions (#599112)
- added VeriSign Class 3 Public Primary Certification
Authority - G5 and StartCom Certification Authority
certs to ca-bundle (#675671, #617856)
- upstream fixes for the CHIL engine (#622003, #671484)
- add SHA-2 hashes in SSL_library_init (#676384)
- fix CVE-2010-4180 - completely disable code for
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (#659462)
- fix CVE-2009-3245 - add missing bn_wexpand return checks
(#570924)
- fix CVE-2010-0433 - do not pass NULL princ to
krb5_kt_get_entry which in the RHEL-5 and newer versions
will crash in such case (#569774)
- fix CVE-2009-3555 - support the safe renegotiation
extension and do not allow legacy renegotiation on the
server by default (#533125)
- fix CVE-2009-2409 - drop MD2 algorithm from EVP tables
(#510197)
- fix CVE-2009-4355 - do not leak memory when
CRYPTO_cleanup_all_ex_data is called prematurely by
application (#546707) | | last seen | 2019-01-16 | | modified | 2018-07-24 | | plugin id | 79532 | | published | 2014-11-26 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=79532 | | title | OracleVM 3.2 : onpenssl (OVMSA-2014-0008) |
| NASL family | Web Servers | | NASL id | OPENSSL_1_0_0G.NASL | | description | According to its banner, the remote web server is running OpenSSL
version 1.0.0f. This version has a flaw in the fix for CVE-2011-4108
such that Datagram Transport Layer Security (DTLS) applications that
use it are vulnerable to a denial of service attack. | | last seen | 2019-01-16 | | modified | 2018-11-15 | | plugin id | 57712 | | published | 2012-01-27 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=57712 | | title | OpenSSL 1.0.0f DTLS Denial of Service |
| NASL family | VMware ESX Local Security Checks | | NASL id | VMWARE_VMSA-2012-0013.NASL | | description | a. vCenter and ESX update to JRE 1.6.0 Update 31
The Oracle (Sun) JRE is updated to version 1.6.0_31, which
addresses multiple security issues. Oracle has documented the
CVE identifiers that are addressed by this update in the Oracle
Java SE Critical Patch Update Advisory of February 2012.
b. vCenter Update Manager update to JRE 1.5.0 Update 36
The Oracle (Sun) JRE is updated to 1.5.0_36 to address multiple
security issues. Oracle has documented the CVE identifiers that
are addressed in JRE 1.5.0_36 in the Oracle Java SE Critical
Patch Update Advisory for June 2012.
c. Update to ESX/ESXi userworld OpenSSL library
The ESX/ESXi userworld OpenSSL library is updated from version
0.9.8p to version 0.9.8t to resolve multiple security issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2010-4180, CVE-2010-4252,
CVE-2011-0014, CVE-2011-4108, CVE-2011-4109, CVE-2011-4576,
CVE-2011-4577, CVE-2011-4619, and CVE-2012-0050 to these issues.
d. Update to ESX service console OpenSSL RPM
The service console OpenSSL RPM is updated to version
0.9.8e-22.el5_8.3 to resolve a security issue.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2012-2110 to this issue.
e. Update to ESX service console kernel
The ESX service console kernel is updated to resolve multiple
security issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2011-1833, CVE-2011-2484,
CVE-2011-2496, CVE-2011-3188, CVE-2011-3209, CVE-2011-3363,
CVE-2011-4110, CVE-2011-1020, CVE-2011-4132, CVE-2011-4324,
CVE-2011-4325, CVE-2012-0207, CVE-2011-2699, and CVE-2012-1583
to these issues.
f. Update to ESX service console Perl RPM
The ESX service console Perl RPM is updated to
perl-5.8.8.32.1.8999.vmw to resolve multiple security issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2010-2761, CVE-2010-4410, and
CVE-2011-3597 to these issues.
g. Update to ESX service console libxml2 RPMs
The ESX service console libmxl2 RPMs are updated to
libxml2-2.6.26-2.1.15.el5_8.2 and
libxml2-python-2.6.26-2.1.15.el5_8.2 to resolve a security
issue.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2012-0841 to this issue.
h. Update to ESX service console glibc RPM
The ESX service console glibc RPM is updated to version
glibc-2.5-81.el5_8.1 to resolve multiple security issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2009-5029, CVE-2009-5064,
CVE-2010-0830, CVE-2011-1089, CVE-2011-4609, and CVE-2012-0864
to these issue.
i. Update to ESX service console GnuTLS RPM
The ESX service console GnuTLS RPM is updated to version
1.4.1-7.el5_8.2 to resolve multiple security issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2011-4128, CVE-2012-1569, and
CVE-2012-1573 to these issues.
j. Update to ESX service console popt, rpm, rpm-libs,
and rpm-python RPMS
The ESX service console popt, rpm, rpm-libs, and rpm-python RPMS
are updated to the following versions to resolve multiple
security issues :
- popt-1.10.2.3-28.el5_8
- rpm-4.4.2.3-28.el5_8
- rpm-libs-4.4.2.3-28.el5_8
- rpm-python-4.4.2.3-28.el5_8
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2012-0060, CVE-2012-0061, and
CVE-2012-0815 to these issues.
k. Vulnerability in third-party Apache Struts component
The version of Apache Struts in vCenter Operations has been
updated to 2.3.4 which addresses an arbitrary file overwrite
vulnerability. This vulnerability allows an attacker to create
a denial of service by overwriting arbitrary files without
authentication. The attacker would need to be on the same network
as the system where vCOps is installed.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2012-0393 to this issue.
Note: Apache struts 2.3.4 addresses the following issues as well :
CVE-2011-5057, CVE-2012-0391, CVE-2012-0392, CVE-2012-0394. It
was found that these do not affect vCOps.
VMware would like to thank Alexander Minozhenko from ERPScan for
reporting this issue to us. | | last seen | 2019-01-16 | | modified | 2018-09-06 | | plugin id | 61747 | | published | 2012-08-31 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=61747 | | title | VMSA-2012-0013 : VMware vSphere and vCOps updates to third-party libraries |
| NASL family | MacOS X Local Security Checks | | NASL id | MACOSX_10_8_4.NASL | | description | The remote host is running a version of Mac OS X 10.8.x that is prior
to 10.8.4. The newer version contains multiple security-related fixes
for the following components :
- CFNetwork
- CoreAnimation
- CoreMedia Playback
- CUPS
- Disk Management
- OpenSSL
- QuickDraw Manager
- QuickTime
- SMB | | last seen | 2019-01-16 | | modified | 2018-07-14 | | plugin id | 66808 | | published | 2013-06-05 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=66808 | | title | Mac OS X 10.8.x < 10.8.4 Multiple Vulnerabilities |
| NASL family | Mandriva Local Security Checks | | NASL id | MANDRIVA_MDVSA-2012-011.NASL | | description | A vulnerability has been found and corrected in openssl :
OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications,
which allows remote attackers to cause a denial of service via
unspecified vectors. NOTE: this vulnerability exists because of an
incorrect fix for CVE-2011-4108 (CVE-2012-0050).
The updated packages have been patched to correct this issue.
The openssl0.9.8 packages for 2010.2 have been upgraded to the 0.9.8t
version which is not vulnerable to this issue. | | last seen | 2019-01-16 | | modified | 2018-07-19 | | plugin id | 57724 | | published | 2012-01-30 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=57724 | | title | Mandriva Linux Security Advisory : openssl (MDVSA-2012:011) |
| NASL family | Fedora Local Security Checks | | NASL id | FEDORA_2012-0708.NASL | | description | A new upstream package fixing a security vulnerability (DoS)
regression in DTLS introduced by the previous update.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | | last seen | 2019-01-16 | | modified | 2015-10-20 | | plugin id | 57627 | | published | 2012-01-23 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=57627 | | title | Fedora 16 : openssl-1.0.0g-1.fc16 (2012-0708) |
| NASL family | Misc. | | NASL id | VMWARE_ESXI_5_0_BUILD_912577_REMOTE.NASL | | description | The remote VMware ESXi 5.0 host is affected by Multiple
Vulnerabilities :
- An integer overflow condition exists in the
__tzfile_read() function in the glibc library. An
unauthenticated, remote attacker can exploit this, via
a crafted timezone (TZ) file, to cause a denial of
service or the execution of arbitrary code.
(CVE-2009-5029)
- ldd in the glibc library is affected by a privilege
escalation vulnerability due to the omission of certain
LD_TRACE_LOADED_OBJECTS checks in a crafted executable
file. Note that this vulnerability is disputed by the
library vendor. (CVE-2009-5064)
- A remote code execution vulnerability exists in the
glibc library due to an integer signedness error in the
elf_get_dynamic_info() function when the '--verify'
option is used. A remote attacker can exploit this by
using a crafted ELF program with a negative value for a
certain d_tag structure member in the ELF header.
(CVE-2010-0830)
- A flaw exists in OpenSSL due to a failure to properly
prevent modification of the ciphersuite in the session
cache when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is
enabled. A remote attacker can exploit this to force a
downgrade to an unintended cipher by intercepting the
network traffic to discover a session identifier.
(CVE-2010-4180)
- A flaw exists in OpenSSL due to a failure to properly
validate the public parameters in the J-PAKE protocol
when J-PAKE is enabled. A remote attacker can exploit
this, by sending crafted values in each round of the
protocol, to bypass the need for knowledge of the shared
secret. (CVE-2010-4252)
- A out-of-bounds memory error exists in OpenSSL that
allows a remote attacker to cause a denial of service or
possibly obtain sensitive information by using a
malformed ClientHello handshake message. This is also
known as the 'OCSP stapling vulnerability'.
(CVE-2011-0014)
- A flaw exists in the addmntent() function in the glibc
library due to a failure to report the error status for
failed attempts to write to the /etc/mtab file. A local
attacker can exploit this to corrupt the file by using
writes from a process with a small RLIMIT_FSIZE value.
(CVE-2011-1089)
- A flaw exists in the png_set_text_2() function in the
file pngset.c in the libpng library due to a failure to
properly allocate memory. An unauthenticated, remote
attacker can exploit this, via a crafted text chunk in a
PNG image file, to trigger a heap-based buffer overflow,
resulting in denial of service or the execution of
arbitrary code. (CVE-2011-3048)
- A flaw exists in the DTLS implementation in OpenSSL due
to performing a MAC check only if certain padding is
valid. A remote attacker can exploit this, via a padding
oracle attack, to recover the plaintext. (CVE-2011-4108)
- A double-free error exists in OpenSSL when the
X509_V_FLAG_POLICY_CHECK is enabled. A remote attacker
can exploit this by triggering a policy check failure,
resulting in an unspecified impact. (CVE-2011-4109)
- A flaw exists in OpenSSL in the SSL 3.0 implementation
due to improper initialization of data structures used
for block cipher padding. A remote attacker can exploit
this, by decrypting the padding data sent by an SSL
peer, to obtain sensitive information. (CVE-2011-4576)
- A denial of service vulnerability exists in OpenSSL when
RFC 3779 support is enabled. A remote attacker can
exploit this to cause an assertion failure, by using an
X.509 certificate containing certificate extension data
associated with IP address blocks or Autonomous System
(AS) identifiers. (CVE-2011-4577)
- A denial of service vulnerability exists in the RPC
implementation in the glibc library due to a flaw in the
svc_run() function. A remote attacker can exploit this,
via large number of RPC connections, to exhaust CPU
resources. (CVE-2011-4609)
- A denial of service vulnerability exists in the Server
Gated Cryptography (SGC) implementation in OpenSSL due
to a failure to properly handle handshake restarts. A
remote attacker can exploit this, via unspecified
vectors, to exhaust CPU resources. (CVE-2011-4619)
- A denial of service vulnerability exists in OpenSSL due
to improper support of DTLS applications. A remote
attacker can exploit this, via unspecified vectors
related to an out-of-bounds read error. Note that this
vulnerability exists because of an incorrect fix for
CVE-2011-4108. (CVE-2012-0050)
- A security bypass vulnerability exists in the glibc
library due to an integer overflow condition in the
vfprintf() function in file stdio-common/vfprintf.c. An
attacker can exploit this, by using a large number of
arguments, to bypass the FORTIFY_SOURCE protection
mechanism, allowing format string attacks or writing to
arbitrary memory. (CVE-2012-0864)
- A denial of service vulnerability exists in the glibc
library in the vfprintf() function in file
stdio-common/vfprintf.c due to a failure to properly
calculate a buffer length. An attacker can exploit this,
via a format string that uses positional parameters and
many format specifiers, to bypass the FORTIFY_SOURCE
format-string protection mechanism, thus causing stack
corruption and a crash. (CVE-2012-3404)
- A denial of service vulnerability exists in the glibc
library in the vfprintf() function in file
stdio-common/vfprintf.c due to a failure to properly
calculate a buffer length. An attacker can exploit this,
via a format string with a large number of format
specifiers, to bypass the FORTIFY_SOURCE format-string
protection mechanism, thus triggering desynchronization
within the buffer size handling, resulting in a
segmentation fault and crash. (CVE-2012-3405)
- A flaw exists in the glibc library in the vfprintf()
function in file stdio-common/vfprintf.c due to a
failure to properly restrict the use of the alloca()
function when allocating the SPECS array. An attacker
can exploit this, via a crafted format string using
positional parameters and a large number of format
specifiers, to bypass the FORTIFY_SOURCE format-string
protection mechanism, thus triggering a denial of
service or the possible execution of arbitrary code.
(CVE-2012-3406)
- A flaw exists in the glibc library due to multiple
integer overflow conditions in the strtod(), strtof(),
strtold(), strtod_l(), and other unspecified related
functions. A local attacker can exploit these to trigger
a stack-based buffer overflow, resulting in an
application crash or the possible execution of arbitrary
code. (CVE-2012-3480)
- A privilege escalation vulnerability exists in the
Virtual Machine Communication Interface (VMCI) due to a
failure by control code to properly restrict memory
allocation. A local attacker can exploit this, via
unspecified vectors, to gain privileges. (CVE-2013-1406)
- An error exists in the implementation of the Network
File Copy (NFC) protocol. A man-in-the-middle attacker
can exploit this, by modifying the client-server data
stream, to cause a denial of service or the execution
of arbitrary code. (CVE-2013-1659) | | last seen | 2019-01-16 | | modified | 2018-11-15 | | plugin id | 70885 | | published | 2013-11-13 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=70885 | | title | ESXi 5.0 < Build 912577 Multiple Vulnerabilities (remote check) |
| NASL family | Debian Local Security Checks | | NASL id | DEBIAN_DSA-2392.NASL | | description | Antonio Martin discovered a denial-of-service vulnerability in
OpenSSL, an implementation of TLS and related protocols. A malicious
client can cause the DTLS server implementation to crash. Regular,
TCP-based TLS is not affected by this issue. | | last seen | 2019-01-16 | | modified | 2018-11-10 | | plugin id | 57643 | | published | 2012-01-24 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=57643 | | title | Debian DSA-2392-1 : openssl - out-of-bounds read |
| NASL family | Misc. | | NASL id | VMWARE_VMSA-2012-0013_REMOTE.NASL | | description | The remote VMware ESX / ESXi host is missing a security-related patch.
It is, therefore, affected by multiple vulnerabilities, including
remote code execution vulnerabilities, in several third-party
libraries :
- Apache Struts
- glibc
- GnuTLS
- JRE
- kernel
- libxml2
- OpenSSL
- Perl
- popt and rpm | | last seen | 2019-01-16 | | modified | 2018-08-16 | | plugin id | 89038 | | published | 2016-02-29 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=89038 | | title | VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2012-0013) (remote check) |
| NASL family | SuSE Local Security Checks | | NASL id | OPENSUSE-2012-99.NASL | | description | fix regression introduced in previous openssl update that could lead
to a DoS | | last seen | 2019-01-16 | | modified | 2014-06-13 | | plugin id | 74859 | | published | 2014-06-13 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=74859 | | title | openSUSE Security Update : openssl (openSUSE-2012-99) |
| NASL family | Gentoo Local Security Checks | | NASL id | GENTOO_GLSA-201203-12.NASL | | description | The remote host is affected by the vulnerability described in GLSA-201203-12
(OpenSSL: Multiple vulnerabilities)
Multiple vulnerabilities have been found in OpenSSL:
Timing differences for decryption are exposed by CBC mode encryption
in OpenSSL’s implementation of DTLS (CVE-2011-4108).
A policy check failure can result in a double-free error when
X509_V_FLAG_POLICY_CHECK is set (CVE-2011-4109).
Clients and servers using SSL 3.0 handshakes do not clear the block
cipher padding, allowing a record to contain up to 15 bytes of
uninitialized memory, which could include sensitive information
(CVE-2011-4576).
Assertion errors can occur during the handling of malformed X.509
certificates when OpenSSL is built with RFC 3779 support
(CVE-2011-4577).
A resource management error can occur when OpenSSL’s server gated
cryptography (SGC) does not properly handle handshake restarts
(CVE-2011-4619).
Invalid parameters in the GOST block cipher are not properly handled
by the GOST ENGINE(CVE-2012-0027).
An incorrect fix for CVE-2011-4108 creates an unspecified
vulnerability for DTLS applications using OpenSSL (CVE-2012-0050).
Impact :
A remote attacker may be able to cause a Denial of Service or obtain
sensitive information, including plaintext passwords.
Workaround :
There is no known workaround at this time. | | last seen | 2019-01-16 | | modified | 2018-07-11 | | plugin id | 58222 | | published | 2012-03-06 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=58222 | | title | GLSA-201203-12 : OpenSSL: Multiple vulnerabilities |
| NASL family | Ubuntu Local Security Checks | | NASL id | UBUNTU_USN-1357-1.NASL | | description | It was discovered that the elliptic curve cryptography (ECC) subsystem
in OpenSSL, when using the Elliptic Curve Digital Signature Algorithm
(ECDSA) for the ECDHE_ECDSA cipher suite, did not properly implement
curves over binary fields. This could allow an attacker to determine
private keys via a timing attack. This issue only affected Ubuntu 8.04
LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1945)
Adam Langley discovered that the ephemeral Elliptic Curve
Diffie-Hellman (ECDH) functionality in OpenSSL did not ensure thread
safety while processing handshake messages from clients. This could
allow a remote attacker to cause a denial of service via out-of-order
messages that violate the TLS protocol. This issue only affected
Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04.
(CVE-2011-3210)
Nadhem Alfardan and Kenny Paterson discovered that the Datagram
Transport Layer Security (DTLS) implementation in OpenSSL performed a
MAC check only if certain padding is valid. This could allow a remote
attacker to recover plaintext. (CVE-2011-4108)
Antonio Martin discovered that a flaw existed in the fix to address
CVE-2011-4108, the DTLS MAC check failure. This could allow a remote
attacker to cause a denial of service. (CVE-2012-0050)
Ben Laurie discovered a double free vulnerability in OpenSSL that
could be triggered when the X509_V_FLAG_POLICY_CHECK flag is enabled.
This could allow a remote attacker to cause a denial of service. This
issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10
and Ubuntu 11.04. (CVE-2011-4109)
It was discovered that OpenSSL, in certain circumstances involving
ECDH or ECDHE cipher suites, used an incorrect modular reduction
algorithm in its implementation of the P-256 and P-384 NIST elliptic
curves. This could allow a remote attacker to obtain the private key
of a TLS server via multiple handshake attempts. This issue only
affected Ubuntu 8.04 LTS. (CVE-2011-4354)
Adam Langley discovered that the SSL 3.0 implementation in OpenSSL did
not properly initialize data structures for block cipher padding. This
could allow a remote attacker to obtain sensitive information.
(CVE-2011-4576)
Andrew Chi discovered that OpenSSL, when RFC 3779 support is enabled,
could trigger an assert when handling an X.509 certificate containing
certificate-extension data associated with IP address blocks or
Autonomous System (AS) identifiers. This could allow a remote attacker
to cause a denial of service. (CVE-2011-4577)
Adam Langley discovered that the Server Gated Cryptography (SGC)
implementation in OpenSSL did not properly handle handshake restarts.
This could allow a remote attacker to cause a denial of service.
(CVE-2011-4619)
Andrey Kulikov discovered that the GOST block cipher engine in OpenSSL
did not properly handle invalid parameters. This could allow a remote
attacker to cause a denial of service via crafted data from a TLS
client. This issue only affected Ubuntu 11.10. (CVE-2012-0027).
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | | last seen | 2019-01-16 | | modified | 2018-12-01 | | plugin id | 57887 | | published | 2012-02-10 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=57887 | | title | Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : openssl vulnerabilities (USN-1357-1) |
| NASL family | Solaris Local Security Checks | | NASL id | SOLARIS11_OPENSSL_20120404.NASL | | description | The remote Solaris system is missing necessary patches to address
security updates :
- The DTLS implementation in OpenSSL before 0.9.8s and 1.x
before 1.0.0f performs a MAC check only if certain
padding is valid, which makes it easier for remote
attackers to recover plaintext via a padding oracle
attack. (CVE-2011-4108)
- Double free vulnerability in OpenSSL 0.9.8 before
0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows
remote attackers to have an unspecified impact by
triggering failure of a policy check. (CVE-2011-4109)
- The SSL 3.0 implementation in OpenSSL before 0.9.8s and
1.x before 1.0.0f does not properly initialize data
structures for block cipher padding, which might allow
remote attackers to obtain sensitive information by
decrypting the padding data sent by an SSL peer.
(CVE-2011-4576)
- OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC
3779 support is enabled, allows remote attackers to
cause a denial of service (assertion failure) via an
X.509 certificate containing certificate-extension data
associated with (1) IP address blocks or (2) Autonomous
System (AS) identifiers. (CVE-2011-4577)
- The Server Gated Cryptography (SGC) implementation in
OpenSSL before 0.9.8s and 1.x before 1.0.0f does not
properly handle handshake restarts, which allows remote
attackers to cause a denial of service (CPU consumption)
via unspecified vectors. (CVE-2011-4619)
- The GOST ENGINE in OpenSSL before 1.0.0f does not
properly handle invalid parameters for the GOST block
cipher, which allows remote attackers to cause a denial
of service (daemon crash) via crafted data from a TLS
client. (CVE-2012-0027)
- OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS
applications, which allows remote attackers to cause a
denial of service (crash) via unspecified vectors
related to an out-of-bounds read. NOTE: this
vulnerability exists because of an incorrect fix for
CVE-2011-4108. (CVE-2012-0050) | | last seen | 2019-01-16 | | modified | 2018-11-15 | | plugin id | 80715 | | published | 2015-01-19 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=80715 | | title | Oracle Solaris Third-Party Patch Update : openssl (cve_2012_0050_denial_of) |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_OPENSSL-7961.NASL | | description | This update of OpenSSL fixes a Denial of Services issue that could be
triggered via unspecified vectors. (CVE-2012-0050) | | last seen | 2019-01-16 | | modified | 2012-05-17 | | plugin id | 58033 | | published | 2012-02-20 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=58033 | | title | SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 7961) |
| NASL family | MacOS X Local Security Checks | | NASL id | MACOSX_SECUPD2013-002.NASL | | description | The remote host is running a version of Mac OS X 10.6 or 10.7 that
does not have Security Update 2013-002 applied. This update contains
numerous security-related fixes for the following components :
- CoreMedia Playback (10.7 only)
- Directory Service (10.6 only)
- OpenSSL
- QuickDraw Manager
- QuickTime
- Ruby (10.6 only)
- SMB (10.7 only) | | last seen | 2019-01-16 | | modified | 2018-07-14 | | plugin id | 66809 | | published | 2013-06-05 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=66809 | | title | Mac OS X Multiple Vulnerabilities (Security Update 2013-002) |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_11_LIBOPENSSL-DEVEL-120209.NASL | | description | This update of OpenSSL fixes a Denial of Services issue that could be
triggered via unspecified vectors. (CVE-2012-0050)
Also, the SHA256 and SHA512 algorithms are now enabled by default. | | last seen | 2019-01-16 | | modified | 2013-10-25 | | plugin id | 58031 | | published | 2012-02-20 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=58031 | | title | SuSE 11.1 Security Update : libopenssl (SAT Patch Number 5808) |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_11_4_LIBOPENSSL-DEVEL-120206.NASL | | description | This update of OpenSSL fixes a Denial of Services issue
(CVE-2012-0050). | | last seen | 2019-01-16 | | modified | 2018-11-10 | | plugin id | 75909 | | published | 2014-06-13 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=75909 | | title | openSUSE Security Update : libopenssl-devel (openSUSE-SU-2012:0266-1) |
| NASL family | SuSE Local Security Checks | | NASL id | OPENSUSE-2013-153.NASL | | description | openssl was updated to 1.0.0k security release to fix bugs and
security issues. (bnc#802648 bnc#802746) The version was upgraded to
avoid backporting the large fixes for SSL, TLS and DTLS Plaintext
Recovery Attack (CVE-2013-0169) TLS 1.1 and 1.2 AES-NI crash
(CVE-2012-2686) OCSP invalid key DoS issue (CVE-2013-0166)
Also the following bugfix was included: bnc#757773 -
c_rehash to accept more filename extensions | | last seen | 2019-01-16 | | modified | 2018-11-10 | | plugin id | 74901 | | published | 2014-06-13 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=74901 | | title | openSUSE Security Update : openssl (openSUSE-SU-2013:0336-1) |
| NASL family | OracleVM Local Security Checks | | NASL id | ORACLEVM_OVMSA-2014-0007.NASL | | description | The remote OracleVM system is missing necessary patches to address
critical security updates :
- fix for CVE-2014-0224 - SSL/TLS MITM vulnerability
- replace expired GlobalSign Root CA certificate in
ca-bundle.crt
- fix for CVE-2013-0169 - SSL/TLS CBC timing attack
(#907589)
- fix for CVE-2013-0166 - DoS in OCSP signatures checking
(#908052)
- enable compression only if explicitly asked for or
OPENSSL_DEFAULT_ZLIB environment variable is set (fixes
CVE-2012-4929 #857051)
- use __secure_getenv everywhere instead of getenv
(#839735)
- fix for CVE-2012-2333 - improper checking for record
length in DTLS (#820686)
- fix for CVE-2012-2110 - memory corruption in
asn1_d2i_read_bio (#814185)
- fix problem with the SGC restart patch that might
terminate handshake incorrectly
- fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7
code (#802725)
- fix for CVE-2012-1165 - NULL read dereference on bad
MIME headers (#802489)
- fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext
recovery vulnerability and additional DTLS fixes
(#771770)
- fix for CVE-2011-4109 - double free in policy checks
(#771771)
- fix for CVE-2011-4576 - uninitialized SSL 3.0 padding
(#771775)
- fix for CVE-2011-4619 - SGC restart DoS attack (#771780)
- add known answer test for SHA2 algorithms (#740866)
- make default private key length in certificate Makefile
2048 bits (can be changed with PRIVATE_KEY_BITS setting)
(#745410)
- fix incorrect return value in parse_yesno (#726593)
- added DigiCert CA certificates to ca-bundle (#735819)
- added a new section about error states to README.FIPS
(#628976)
- add missing DH_check_pub_key call when DH key is
computed (#698175)
- presort list of ciphers available in SSL (#688901)
- accept connection in s_server even if getaddrinfo fails
(#561260)
- point to openssl dgst for list of supported digests
(#608639)
- fix handling of future TLS versions (#599112)
- added VeriSign Class 3 Public Primary Certification
Authority - G5 and StartCom Certification Authority
certs to ca-bundle (#675671, #617856)
- upstream fixes for the CHIL engine (#622003, #671484)
- add SHA-2 hashes in SSL_library_init (#676384)
- fix CVE-2010-4180 - completely disable code for
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (#659462)
- fix CVE-2009-3245 - add missing bn_wexpand return checks
(#570924)
- fix CVE-2010-0433 - do not pass NULL princ to
krb5_kt_get_entry which in the RHEL-5 and newer versions
will crash in such case (#569774)
- fix CVE-2009-3555 - support the safe renegotiation
extension and do not allow legacy renegotiation on the
server by default (#533125)
- fix CVE-2009-2409 - drop MD2 algorithm from EVP tables
(#510197)
- fix CVE-2009-4355 - do not leak memory when
CRYPTO_cleanup_all_ex_data is called prematurely by
application (#546707) | | last seen | 2019-01-16 | | modified | 2018-07-24 | | plugin id | 79531 | | published | 2014-11-26 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=79531 | | title | OracleVM 2.2 : openssl (OVMSA-2014-0007) |
| NASL family | FreeBSD Local Security Checks | | NASL id | FREEBSD_PKG_5C5F19CE43AF11E189B4001EC9578670.NASL | | description | The OpenSSL Team reports :
A flaw in the fix to CVE-2011-4108 can be exploited in a denial of
service attack. Only DTLS applications using OpenSSL 1.0.0f and 0.9.8s
are affected. | | last seen | 2019-01-16 | | modified | 2018-11-21 | | plugin id | 57628 | | published | 2012-01-23 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=57628 | | title | FreeBSD : OpenSSL -- DTLS Denial of Service (5c5f19ce-43af-11e1-89b4-001ec9578670) |
| NASL family | AIX Local Security Checks | | NASL id | AIX_OPENSSL_ADVISORY3.NASL | | description | The version of OpenSSL running on the remote host is affected by the
following vulnerabilities :
- The DTLS implementation in OpenSSL before 0.9.8s and 1.x
before 1.0.0f performs a MAC check only if certain
padding is valid, which makes it easier for remote
attackers to recover plaintext via a padding oracle
attack. (CVE-2011-4108)
- Double free vulnerability in OpenSSL 0.9.8 before
0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows
remote attackers to have an unspecified impact by
triggering failure of a policy check. (CVE-2011-4109)
- The SSL 3.0 implementation in OpenSSL before 0.9.8s and
1.x before 1.0.0f does not properly initialize data
structures for block cipher padding, which might allow
remote attackers to obtain sensitive information by
decrypting the padding data sent by an SSL peer.
(CVE-2011-4576)
- The Server Gated Cryptography (SGC) implementation in
OpenSSL before 0.9.8s and 1.x before 1.0.0f does not
properly handle handshake restarts, which allows remote
attackers to cause a denial of service via unspecified
vectors. (CVE-2011-4619)
- OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS
applications, which allows remote attackers to cause a
denial of service via unspecified vectors. NOTE: this
vulnerability exists because of an incorrect fix for
CVE-2011-4108. (CVE-2012-0050) | | last seen | 2019-01-16 | | modified | 2018-07-17 | | plugin id | 73561 | | published | 2014-04-16 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=73561 | | title | AIX OpenSSL Advisory : openssl_advisory3.asc |
|
