| nessus
via4
|
| NASL family | Red Hat Local Security Checks | | NASL id | REDHAT-RHSA-2012-0531.NASL | | description | An updated rhev-hypervisor6 package that fixes three security issues
and one bug is now available.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.
The rhev-hypervisor6 package provides a Red Hat Enterprise
Virtualization Hypervisor ISO disk image. The Red Hat Enterprise
Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine
(KVM) hypervisor. It includes everything necessary to run and manage
virtual machines: A subset of the Red Hat Enterprise Linux operating
environment and the Red Hat Enterprise Virtualization Agent.
Note: Red Hat Enterprise Virtualization Hypervisor is only available
for the Intel 64 and AMD64 architectures with virtualization
extensions.
A flaw was found in the way libtasn1 decoded DER data. An attacker
could create carefully-crafted DER encoded input (such as an X.509
certificate) that, when parsed by an application that uses libtasn1
(such as applications using GnuTLS), could cause the application to
crash. (CVE-2012-1569)
A flaw was found in the way GnuTLS decrypted malformed TLS records.
This could cause a TLS/SSL client or server to crash when processing a
specially crafted TLS record from a remote TLS/SSL connection peer.
(CVE-2012-1573)
An integer overflow flaw was found in the implementation of the printf
functions family. This could allow an attacker to bypass
FORTIFY_SOURCE protections and execute arbitrary code using a format
string flaw in an application, even though these protections are
expected to limit the impact of such flaws to an application abort.
(CVE-2012-0864)
Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting
CVE-2012-1569 and CVE-2012-1573.
This updated package provides updated components that include fixes
for various security issues. These issues have no security impact on
Red Hat Enterprise Virtualization Hypervisor itself, however. The
security fixes included in this update address the following CVE
numbers :
CVE-2011-4128 (gnutls issue)
CVE-2012-0879, CVE-2012-1090, and CVE-2012-1097 (kernel issues)
CVE-2012-0884 and CVE-2012-1165 (openssl issues)
CVE-2012-0060, CVE-2012-0061, and CVE-2012-0815 (rpm issues)
This update also fixes the following bug :
* The Hypervisor previously set the lro_disable option for the enic
driver. The driver does not support this option, as a result the
Hypervisor did not correctly detect and configure the network
interfaces of a Cisco M81KR adaptor, when present. The Hypervisor has
been updated and no longer sets the invalid option for this driver.
(BZ#809463)
Users of Red Hat Enterprise Virtualization Hypervisor are advised to
upgrade to this updated package, which fixes these issues. | | last seen | 2019-01-16 | | modified | 2019-01-02 | | plugin id | 78922 | | published | 2014-11-08 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=78922 | | title | RHEL 6 : rhev-hypervisor6 (RHSA-2012:0531) |
| NASL family | OracleVM Local Security Checks | | NASL id | ORACLEVM_OVMSA-2014-0008.NASL | | description | The remote OracleVM system is missing necessary patches to address
critical security updates :
- fix for CVE-2014-0224 - SSL/TLS MITM vulnerability
- replace expired GlobalSign Root CA certificate in
ca-bundle.crt
- fix for CVE-2013-0169 - SSL/TLS CBC timing attack
(#907589)
- fix for CVE-2013-0166 - DoS in OCSP signatures checking
(#908052)
- enable compression only if explicitly asked for or
OPENSSL_DEFAULT_ZLIB environment variable is set (fixes
CVE-2012-4929 #857051)
- use __secure_getenv everywhere instead of getenv
(#839735)
- fix for CVE-2012-2333 - improper checking for record
length in DTLS (#820686)
- fix for CVE-2012-2110 - memory corruption in
asn1_d2i_read_bio (#814185)
- fix problem with the SGC restart patch that might
terminate handshake incorrectly
- fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7
code (#802725)
- fix for CVE-2012-1165 - NULL read dereference on bad
MIME headers (#802489)
- fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext
recovery vulnerability and additional DTLS fixes
(#771770)
- fix for CVE-2011-4109 - double free in policy checks
(#771771)
- fix for CVE-2011-4576 - uninitialized SSL 3.0 padding
(#771775)
- fix for CVE-2011-4619 - SGC restart DoS attack (#771780)
- add known answer test for SHA2 algorithms (#740866)
- make default private key length in certificate Makefile
2048 bits (can be changed with PRIVATE_KEY_BITS setting)
(#745410)
- fix incorrect return value in parse_yesno (#726593)
- added DigiCert CA certificates to ca-bundle (#735819)
- added a new section about error states to README.FIPS
(#628976)
- add missing DH_check_pub_key call when DH key is
computed (#698175)
- presort list of ciphers available in SSL (#688901)
- accept connection in s_server even if getaddrinfo fails
(#561260)
- point to openssl dgst for list of supported digests
(#608639)
- fix handling of future TLS versions (#599112)
- added VeriSign Class 3 Public Primary Certification
Authority - G5 and StartCom Certification Authority
certs to ca-bundle (#675671, #617856)
- upstream fixes for the CHIL engine (#622003, #671484)
- add SHA-2 hashes in SSL_library_init (#676384)
- fix CVE-2010-4180 - completely disable code for
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (#659462)
- fix CVE-2009-3245 - add missing bn_wexpand return checks
(#570924)
- fix CVE-2010-0433 - do not pass NULL princ to
krb5_kt_get_entry which in the RHEL-5 and newer versions
will crash in such case (#569774)
- fix CVE-2009-3555 - support the safe renegotiation
extension and do not allow legacy renegotiation on the
server by default (#533125)
- fix CVE-2009-2409 - drop MD2 algorithm from EVP tables
(#510197)
- fix CVE-2009-4355 - do not leak memory when
CRYPTO_cleanup_all_ex_data is called prematurely by
application (#546707) | | last seen | 2019-01-16 | | modified | 2018-07-24 | | plugin id | 79532 | | published | 2014-11-26 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=79532 | | title | OracleVM 3.2 : onpenssl (OVMSA-2014-0008) |
| NASL family | SuSE Local Security Checks | | NASL id | OPENSUSE-2012-242.NASL | | description | The implementation of Cryptographic Message Syntax (CMS) and PKCS #7
in OpenSSL was vulnerable to a Million Message Attack (MMA) adaptive
chosen ciphertext attack (CVE-2012-0884). | | last seen | 2019-01-16 | | modified | 2018-11-10 | | plugin id | 74605 | | published | 2014-06-13 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=74605 | | title | openSUSE Security Update : openssl (openSUSE-SU-2012:0547-1) |
| NASL family | SuSE Local Security Checks | | NASL id | OPENSUSE-2012-308.NASL | | description | Specially crafted DER files could trigger a memory corruption in
openssl | | last seen | 2019-01-16 | | modified | 2014-06-13 | | plugin id | 74641 | | published | 2014-06-13 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=74641 | | title | openSUSE Security Update : openssl (openSUSE-2012-308) |
| NASL family | Solaris Local Security Checks | | NASL id | SOLARIS11_OPENSSL_20120523.NASL | | description | The remote Solaris system is missing necessary patches to address
security updates :
- The implementation of Cryptographic Message Syntax (CMS)
and PKCS #7 in OpenSSL before 0.9.8u and 1.x before
1.0.0h does not properly restrict certain oracle
behavior, which makes it easier for context-dependent
attackers to decrypt data via a Million Message Attack
(MMA) adaptive chosen ciphertext attack. (CVE-2012-0884) | | last seen | 2019-01-16 | | modified | 2018-11-15 | | plugin id | 80716 | | published | 2015-01-19 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=80716 | | title | Oracle Solaris Third-Party Patch Update : openssl (cve_2012_0884_cryptographic_issue1) |
| NASL family | Red Hat Local Security Checks | | NASL id | REDHAT-RHSA-2012-0488.NASL | | description | An updated rhev-hypervisor5 package that fixes three security issues
and one bug is now available.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.
The rhev-hypervisor5 package provides a Red Hat Enterprise
Virtualization Hypervisor ISO disk image. The Red Hat Enterprise
Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine
(KVM) hypervisor. It includes everything necessary to run and manage
virtual machines: A subset of the Red Hat Enterprise Linux operating
environment and the Red Hat Enterprise Virtualization Agent.
Note: Red Hat Enterprise Virtualization Hypervisor is only available
for the Intel 64 and AMD64 architectures with virtualization
extensions.
A flaw was found in the way libtasn1 decoded DER data. An attacker
could create a carefully-crafted X.509 certificate that, when parsed
by an application that uses GnuTLS, could cause the application to
crash. (CVE-2012-1569)
A flaw was found in the way GnuTLS decrypted malformed TLS records.
This could cause a TLS/SSL client or server to crash when processing a
specially crafted TLS record from a remote TLS/SSL connection peer.
(CVE-2012-1573)
An integer overflow flaw was found in the implementation of the printf
functions family. This could allow an attacker to bypass
FORTIFY_SOURCE protections and execute arbitrary code using a format
string flaw in an application, even though these protections are
expected to limit the impact of such flaws to an application abort.
(CVE-2012-0864)
Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting
CVE-2012-1569 and CVE-2012-1573.
This updated package provides updated components that include fixes
for various security issues. These issues have no security impact on
Red Hat Enterprise Virtualization Hypervisor itself, however. The
security fixes included in this update address the following CVE
numbers :
CVE-2011-4128 (gnutls issue)
CVE-2012-1583 (kernel issue)
CVE-2011-3045 (libpng issue)
CVE-2012-0884 and CVE-2012-1165 (openssl issues)
Further information on the changes made to the package is available on
the relevant errata :
https://rhn.redhat.com/errata/RHBA-2012-0398.html
Users of Red Hat Enterprise Virtualization Hypervisor are advised to
upgrade to this updated package, which fixes these issues. | | last seen | 2019-01-16 | | modified | 2018-12-20 | | plugin id | 79286 | | published | 2014-11-17 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=79286 | | title | RHEL 5 : rhev-hypervisor5 (RHSA-2012:0488) |
| NASL family | Ubuntu Local Security Checks | | NASL id | UBUNTU_USN-1451-1.NASL | | description | Ivan Nestlerode discovered that the Cryptographic Message Syntax (CMS)
and PKCS #7 implementations in OpenSSL returned early if RSA
decryption failed. This could allow an attacker to expose sensitive
information via a Million Message Attack (MMA). (CVE-2012-0884)
It was discovered that an integer underflow was possible when using
TLS 1.1, TLS 1.2, or DTLS with CBC encryption. This could allow a
remote attacker to cause a denial of service. (CVE-2012-2333).
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | | last seen | 2019-01-16 | | modified | 2018-12-01 | | plugin id | 59289 | | published | 2012-05-29 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=59289 | | title | Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : openssl vulnerabilities (USN-1451-1) |
| NASL family | Web Servers | | NASL id | OPENSSL_1_0_0H.NASL | | description | According to its banner, the remote web server is running OpenSSL
version 1.0.0 prior to version 1.0.0h. As such, it reportedly is
affected by the following vulnerabilities :
- An error exists in the function 'mime_hdr_cmp' that
could allow a NULL pointer to be dereferenced when
parsing certain MIME headers. (CVE-2006-7250)
- The fix for CVE-2011-4619 was not complete.
- An error exists in the Cryptographic Message Syntax
(CMS) and PKCS #7 implementation such that data can
be decrypted using Million Message Attack (MMA)
adaptive chosen cipher text attack. (CVE-2012-0884)
- An error exists in the function 'mime_param_cmp' in the
file 'crypto/asn1/asn_mime.c' that can allow a NULL
pointer to be dereferenced when handling certain S/MIME
content. (CVE-2012-1165)
Note that SSL/TLS applications are not necessarily affected, but those
using CMS, PKCS #7 and S/MIME decryption operations are. | | last seen | 2019-01-16 | | modified | 2018-11-15 | | plugin id | 58565 | | published | 2012-04-02 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=58565 | | title | OpenSSL 1.0.0 < 1.0.0h Multiple Vulnerabilities |
| NASL family | FreeBSD Local Security Checks | | NASL id | FREEBSD_PKG_60EB344E6EB111E18AD700E0815B8DA8.NASL | | description | The OpenSSL Team reports :
A weakness in the OpenSSL CMS and PKCS #7 code can be exploited using
Bleichenbacher's attack on PKCS #1 v1.5 RSA padding also known as the
million message attack (MMA).
Only users of CMS, PKCS #7, or S/MIME decryption operations are
affected. A successful attack needs on average 2^20 messages. In
practice only automated systems will be affected as humans will not be
willing to process this many messages.
SSL/TLS applications are *NOT* affected by this problem since the
SSL/TLS code does not use the PKCS#7 or CMS decryption code. | | last seen | 2019-01-16 | | modified | 2018-11-21 | | plugin id | 58360 | | published | 2012-03-16 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=58360 | | title | FreeBSD : OpenSSL -- CMS and S/MIME Bleichenbacher attack (60eb344e-6eb1-11e1-8ad7-00e0815b8da8) |
| NASL family | Oracle Linux Local Security Checks | | NASL id | ORACLELINUX_ELSA-2012-0426.NASL | | description | From Red Hat Security Advisory 2012:0426 :
Updated openssl packages that fix two security issues and one bug are
now available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having
moderate security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL
v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.
A NULL pointer dereference flaw was found in the way OpenSSL parsed
Secure/Multipurpose Internet Mail Extensions (S/MIME) messages. An
attacker could use this flaw to crash an application that uses OpenSSL
to decrypt or verify S/MIME messages. (CVE-2012-1165)
A flaw was found in the PKCS#7 and Cryptographic Message Syntax (CMS)
implementations in OpenSSL. An attacker could possibly use this flaw
to perform a Bleichenbacher attack to decrypt an encrypted CMS,
PKCS#7, or S/MIME message by sending a large number of chosen
ciphertext messages to a service using OpenSSL and measuring error
response times. (CVE-2012-0884)
This update also fixes a regression caused by the fix for
CVE-2011-4619, released via RHSA-2012:0060 and RHSA-2012:0059, which
caused Server Gated Cryptography (SGC) handshakes to fail.
All OpenSSL users should upgrade to these updated packages, which
contain backported patches to resolve these issues. For the update to
take effect, all services linked to the OpenSSL library must be
restarted, or the system rebooted. | | last seen | 2019-01-16 | | modified | 2018-07-18 | | plugin id | 68501 | | published | 2013-07-12 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=68501 | | title | Oracle Linux 5 / 6 : openssl (ELSA-2012-0426) |
| NASL family | Junos Local Security Checks | | NASL id | JUNIPER_SPACE_JSA10659.NASL | | description | According to its self-reported version number, the remote Junos Space
version is prior to 14.1R1. It is, therefore, affected by multiple
vulnerabilities in bundled third party software components :
- Multiple vulnerabilities in the bundled OpenSSL CentOS
package. (CVE-2011-4109, CVE-2011-4576, CVE-2011-4619,
CVE-2012-0884, CVE-2012-2110, CVE-2012-2333,
CVE-2013-0166, CVE-2013-0169, CVE-2014-0224)
- Multiple vulnerabilities in Oracle MySQL.
(CVE-2013-5908)
- Multiple vulnerabilities in the Oracle Java runtime.
(CVE-2014-0411, CVE-2014-0423, CVE-2014-4244,
CVE-2014-0453, CVE-2014-0460, CVE-2014-4263,
CVE-2014-4264) | | last seen | 2019-01-16 | | modified | 2018-07-12 | | plugin id | 80197 | | published | 2014-12-22 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=80197 | | title | Juniper Junos Space < 14.1R1 Multiple Vulnerabilities (JSA10659) |
| NASL family | Fedora Local Security Checks | | NASL id | FEDORA_2012-4630.NASL | | description | This minor update from upstream fixes two security vulnerabilities
with moderate and low impact.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | | last seen | 2019-01-16 | | modified | 2015-10-20 | | plugin id | 58697 | | published | 2012-04-12 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=58697 | | title | Fedora 17 : openssl-1.0.0h-1.fc17 (2012-4630) |
| NASL family | Amazon Linux Local Security Checks | | NASL id | ALA_ALAS-2012-62.NASL | | description | A NULL pointer dereference flaw was found in the way OpenSSL parsed
Secure/Multipurpose Internet Mail Extensions (S/MIME) messages. An
attacker could use this flaw to crash an application that uses OpenSSL
to decrypt or verify S/MIME messages. (CVE-2012-1165)
A flaw was found in the PKCS#7 and Cryptographic Message Syntax (CMS)
implementations in OpenSSL. An attacker could possibly use this flaw
to perform a Bleichenbacher attack to decrypt an encrypted CMS,
PKCS#7, or S/MIME message by sending a large number of chosen
ciphertext messages to a service using OpenSSL and measuring error
response times. (CVE-2012-0884) | | last seen | 2019-01-16 | | modified | 2018-04-18 | | plugin id | 69669 | | published | 2013-09-04 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=69669 | | title | Amazon Linux AMI : openssl (ALAS-2012-62) |
| NASL family | Red Hat Local Security Checks | | NASL id | REDHAT-RHSA-2012-0426.NASL | | description | Updated openssl packages that fix two security issues and one bug are
now available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having
moderate security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL
v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.
A NULL pointer dereference flaw was found in the way OpenSSL parsed
Secure/Multipurpose Internet Mail Extensions (S/MIME) messages. An
attacker could use this flaw to crash an application that uses OpenSSL
to decrypt or verify S/MIME messages. (CVE-2012-1165)
A flaw was found in the PKCS#7 and Cryptographic Message Syntax (CMS)
implementations in OpenSSL. An attacker could possibly use this flaw
to perform a Bleichenbacher attack to decrypt an encrypted CMS,
PKCS#7, or S/MIME message by sending a large number of chosen
ciphertext messages to a service using OpenSSL and measuring error
response times. (CVE-2012-0884)
This update also fixes a regression caused by the fix for
CVE-2011-4619, released via RHSA-2012:0060 and RHSA-2012:0059, which
caused Server Gated Cryptography (SGC) handshakes to fail.
All OpenSSL users should upgrade to these updated packages, which
contain backported patches to resolve these issues. For the update to
take effect, all services linked to the OpenSSL library must be
restarted, or the system rebooted. | | last seen | 2019-01-16 | | modified | 2018-12-20 | | plugin id | 58507 | | published | 2012-03-28 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=58507 | | title | RHEL 5 / 6 : openssl (RHSA-2012:0426) |
| NASL family | Debian Local Security Checks | | NASL id | DEBIAN_DSA-2454.NASL | | description | Multiple vulnerabilities have been found in OpenSSL. The Common
Vulnerabilities and Exposures project identifies the following issues
:
- CVE-2012-0884
Ivan Nestlerode discovered a weakness in the CMS and
PKCS #7 implementations that could allow an attacker to
decrypt data via a Million Message Attack (MMA).
- CVE-2012-1165
It was discovered that a NULL pointer could be
dereferenced when parsing certain S/MIME messages,
leading to denial of service.
- CVE-2012-2110
Tavis Ormandy, Google Security Team, discovered a
vulnerability in the way DER-encoded ASN.1 data is
parsed that can result in a heap overflow.
Additionally, the fix for CVE-2011-4619 has been updated to address an
issue with SGC handshakes.
Tomas Hoger, Red Hat, discovered that the fix for CVE-2012-2110 for
the 0.9.8 series of OpenSSL was incomplete. It has been assigned the
CVE-2012-2131 identifier. | | last seen | 2019-01-16 | | modified | 2018-11-10 | | plugin id | 58804 | | published | 2012-04-20 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=58804 | | title | Debian DSA-2454-2 : openssl - multiple vulnerabilities |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_11_LIBOPENSSL-DEVEL-120328.NASL | | description | The following security issues have been fixed :
- Specially crafted MIME headers could cause openssl's
ans1 parser to dereference a NULL pointer leading to a
Denial of Service (CVE-2006-7250) or fail verfication.
(CVE-2012-1165)
- The implementation of Cryptographic Message Syntax (CMS)
and PKCS #7 in OpenSSL was vulnerable to a Million
Message Attack (MMA) adaptive chosen ciphertext attack.
(CVE-2012-0884)
Additionally, the following issues have been fixed :
- Free headers after use in error message. (bnc#749213)
- Symmetric crypto errors in PKCS7_decrypt. (bnc#749210)
- Memory leak when creating public keys. (bnc#749735) | | last seen | 2019-01-16 | | modified | 2013-10-25 | | plugin id | 58678 | | published | 2012-04-11 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=58678 | | title | SuSE 11.1 Security Update : OpenSSL (SAT Patch Number 6054) |
| NASL family | Mandriva Local Security Checks | | NASL id | MANDRIVA_MDVSA-2012-038.NASL | | description | Multiple vulnerabilities has been found and corrected in openssl :
The implementation of Cryptographic Message Syntax (CMS) and PKCS #7
in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly
restrict certain oracle behavior, which makes it easier for
context-dependent attackers to decrypt data via a Million Message
Attack (MMA) adaptive chosen ciphertext attack (CVE-2012-0884).
The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL
before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a
denial of service (NULL pointer dereference and application crash) via
a crafted S/MIME message, a different vulnerability than CVE-2006-7250
(CVE-2012-1165).
The updated packages have been patched to correct these issues. | | last seen | 2019-01-16 | | modified | 2018-07-19 | | plugin id | 58490 | | published | 2012-03-27 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=58490 | | title | Mandriva Linux Security Advisory : openssl (MDVSA-2012:038) |
| NASL family | Fedora Local Security Checks | | NASL id | FEDORA_2012-18035.NASL | | description | Update to 1.0.1c and synced all patches with Fedora
openssl-1.0.1c-7.fc19
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | | last seen | 2019-01-16 | | modified | 2015-10-20 | | plugin id | 63031 | | published | 2012-11-26 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=63031 | | title | Fedora 18 : mingw-openssl-1.0.1c-1.fc18 (2012-18035) |
| NASL family | Scientific Linux Local Security Checks | | NASL id | SL_20120529_OPENSSL_ON_SL5_X.NASL | | description | An integer underflow flaw, leading to a buffer over-read, was found in
the way OpenSSL handled DTLS (Datagram Transport Layer Security)
application data record lengths when using a block cipher in CBC
(cipher-blockchaining) mode. A malicious DTLS client or server could
use this flaw to crash its DTLS connection peer. (CVE-2012-2333)
On SL6 this update also fixes an uninitialized variable use bug,
introduced by the fix for CVE-2012-0884. This bug could possibly cause
an attempt to create an encrypted message in the CMS (Cryptographic
Message Syntax) format to fail. For the update to take effect all
services linked to the OpenSSL library must be restarted. | | last seen | 2019-01-16 | | modified | 2018-12-31 | | plugin id | 61320 | | published | 2012-08-01 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=61320 | | title | Scientific Linux Security Update : openssl on SL5.x, SL6.x i386/x86_64 |
| NASL family | Web Servers | | NASL id | OPENSSL_0_9_8U.NASL | | description | According to its banner, the remote web server uses an OpenSSL
version prior to 0.9.8u. As such, it is reportedly affected by
the following vulnerabilities :
- An error exists in the function 'mime_hdr_cmp' that
could allow a NULL pointer to be dereferenced when
parsing certain MIME headers. (CVE-2006-7250)
- The fix for CVE-2011-4619 was not complete.
- An error exists in the Cryptographic Message Syntax
(CMS) and PKCS #7 implementation such that data can
be decrypted using Million Message Attack (MMA)
adaptive chosen cipher text attack. (CVE-2012-0884)
- An error exists in the function 'mime_param_cmp' in the
file 'crypto/asn1/asn_mime.c' that can allow a NULL
pointer to be dereferenced when handling certain S/MIME
content. (CVE-2012-1165)
Note that SSL/TLS applications are not necessarily affected, but
those using CMS, PKCS #7 and S/MIME decryption operations are. | | last seen | 2019-01-16 | | modified | 2018-11-15 | | plugin id | 58564 | | published | 2012-04-02 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=58564 | | title | OpenSSL < 0.9.8u Multiple Vulnerabilities |
| NASL family | Fedora Local Security Checks | | NASL id | FEDORA_2012-4659.NASL | | description | This minor update from upstream fixes two security vulnerabilities
with moderate and low impact.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | | last seen | 2019-01-16 | | modified | 2015-10-20 | | plugin id | 58699 | | published | 2012-04-12 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=58699 | | title | Fedora 15 : openssl-1.0.0h-1.fc15 (2012-4659) |
| NASL family | SuSE Local Security Checks | | NASL id | OPENSUSE-2013-153.NASL | | description | openssl was updated to 1.0.0k security release to fix bugs and
security issues. (bnc#802648 bnc#802746) The version was upgraded to
avoid backporting the large fixes for SSL, TLS and DTLS Plaintext
Recovery Attack (CVE-2013-0169) TLS 1.1 and 1.2 AES-NI crash
(CVE-2012-2686) OCSP invalid key DoS issue (CVE-2013-0166)
Also the following bugfix was included: bnc#757773 -
c_rehash to accept more filename extensions | | last seen | 2019-01-16 | | modified | 2018-11-10 | | plugin id | 74901 | | published | 2014-06-13 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=74901 | | title | openSUSE Security Update : openssl (openSUSE-SU-2013:0336-1) |
| NASL family | OracleVM Local Security Checks | | NASL id | ORACLEVM_OVMSA-2014-0007.NASL | | description | The remote OracleVM system is missing necessary patches to address
critical security updates :
- fix for CVE-2014-0224 - SSL/TLS MITM vulnerability
- replace expired GlobalSign Root CA certificate in
ca-bundle.crt
- fix for CVE-2013-0169 - SSL/TLS CBC timing attack
(#907589)
- fix for CVE-2013-0166 - DoS in OCSP signatures checking
(#908052)
- enable compression only if explicitly asked for or
OPENSSL_DEFAULT_ZLIB environment variable is set (fixes
CVE-2012-4929 #857051)
- use __secure_getenv everywhere instead of getenv
(#839735)
- fix for CVE-2012-2333 - improper checking for record
length in DTLS (#820686)
- fix for CVE-2012-2110 - memory corruption in
asn1_d2i_read_bio (#814185)
- fix problem with the SGC restart patch that might
terminate handshake incorrectly
- fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7
code (#802725)
- fix for CVE-2012-1165 - NULL read dereference on bad
MIME headers (#802489)
- fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext
recovery vulnerability and additional DTLS fixes
(#771770)
- fix for CVE-2011-4109 - double free in policy checks
(#771771)
- fix for CVE-2011-4576 - uninitialized SSL 3.0 padding
(#771775)
- fix for CVE-2011-4619 - SGC restart DoS attack (#771780)
- add known answer test for SHA2 algorithms (#740866)
- make default private key length in certificate Makefile
2048 bits (can be changed with PRIVATE_KEY_BITS setting)
(#745410)
- fix incorrect return value in parse_yesno (#726593)
- added DigiCert CA certificates to ca-bundle (#735819)
- added a new section about error states to README.FIPS
(#628976)
- add missing DH_check_pub_key call when DH key is
computed (#698175)
- presort list of ciphers available in SSL (#688901)
- accept connection in s_server even if getaddrinfo fails
(#561260)
- point to openssl dgst for list of supported digests
(#608639)
- fix handling of future TLS versions (#599112)
- added VeriSign Class 3 Public Primary Certification
Authority - G5 and StartCom Certification Authority
certs to ca-bundle (#675671, #617856)
- upstream fixes for the CHIL engine (#622003, #671484)
- add SHA-2 hashes in SSL_library_init (#676384)
- fix CVE-2010-4180 - completely disable code for
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (#659462)
- fix CVE-2009-3245 - add missing bn_wexpand return checks
(#570924)
- fix CVE-2010-0433 - do not pass NULL princ to
krb5_kt_get_entry which in the RHEL-5 and newer versions
will crash in such case (#569774)
- fix CVE-2009-3555 - support the safe renegotiation
extension and do not allow legacy renegotiation on the
server by default (#533125)
- fix CVE-2009-2409 - drop MD2 algorithm from EVP tables
(#510197)
- fix CVE-2009-4355 - do not leak memory when
CRYPTO_cleanup_all_ex_data is called prematurely by
application (#546707) | | last seen | 2019-01-16 | | modified | 2018-07-24 | | plugin id | 79531 | | published | 2014-11-26 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=79531 | | title | OracleVM 2.2 : openssl (OVMSA-2014-0007) |
| NASL family | Gentoo Local Security Checks | | NASL id | GENTOO_GLSA-201312-03.NASL | | description | The remote host is affected by the vulnerability described in GLSA-201312-03
(OpenSSL: Multiple Vulnerabilities)
Multiple vulnerabilities have been discovered in OpenSSL. Please review
the CVE identifiers referenced below for details.
Impact :
Remote attackers can determine private keys, decrypt data, cause a
Denial of Service or possibly have other unspecified impact.
Workaround :
There is no known workaround at this time. | | last seen | 2019-01-16 | | modified | 2018-07-12 | | plugin id | 71169 | | published | 2013-12-03 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=71169 | | title | GLSA-201312-03 : OpenSSL: Multiple Vulnerabilities |
| NASL family | FreeBSD Local Security Checks | | NASL id | FREEBSD_PKG_2AE114DEC06411E1B5E0000C299B62E1.NASL | | description | Problem description :
OpenSSL fails to clear the bytes used as block cipher padding in SSL
3.0 records when operating as a client or a server that accept SSL 3.0
handshakes. As a result, in each record, up to 15 bytes of
uninitialized memory may be sent, encrypted, to the SSL peer. This
could include sensitive contents of previously freed memory.
[CVE-2011-4576]
OpenSSL support for handshake restarts for server gated cryptography
(SGC) can be used in a denial-of-service attack. [CVE-2011-4619]
If an application uses OpenSSL's certificate policy checking when
verifying X509 certificates, by enabling the X509_V_FLAG_POLICY_CHECK
flag, a policy check failure can lead to a double-free.
[CVE-2011-4109]
A weakness in the OpenSSL PKCS #7 code can be exploited using
Bleichenbacher's attack on PKCS #1 v1.5 RSA padding also known as the
million message attack (MMA). [CVE-2012-0884]
The asn1_d2i_read_bio() function, used by the d2i_*_bio and d2i_*_fp
functions, in OpenSSL contains multiple integer errors that can cause
memory corruption when parsing encoded ASN.1 data. This error can
occur on systems that parse untrusted ASN.1 data, such as X.509
certificates or RSA public keys. [CVE-2012-2110] | | last seen | 2019-01-16 | | modified | 2018-11-10 | | plugin id | 59747 | | published | 2012-06-28 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=59747 | | title | FreeBSD : FreeBSD -- OpenSSL multiple vulnerabilities (2ae114de-c064-11e1-b5e0-000c299b62e1) |
| NASL family | AIX Local Security Checks | | NASL id | AIX_OPENSSL_ADVISORY4.NASL | | description | The version of OpenSSL running on the remote host is affected by the
following vulnerabilities :
- The implementation of Cryptographic Message Syntax (CMS)
and PKCS #7 in OpenSSL does not properly restrict
certain oracle behavior, which makes it easier for
context-dependent attackers to decrypt data via a
Million Message Attack (MMA) adaptive chosen ciphertext
attack. (CVE-2012-0884)
- The mime_param_cmp function in crypto/asn1/asn_mime.c in
OpenSSL allows remote attackers to cause a denial of
service (NULL pointer dereference and application crash)
via a crafted S/MIME message, a different vulnerability
than CVE-2006-7250. (CVE-2012-1165)
- The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c
in OpenSSL does not properly interpret integer data,
which allows remote attackers to conduct buffer overflow
attacks, and cause a denial of service (memory
corruption) or possibly have unspecified other impact,
via crafted DER data, as demonstrated by an X.509
certificate or an RSA public key. (CVE-2012-2110)
- Multiple integer signedness errors in
crypto/buffer/buffer.c in OpenSSL allow remote attackers
to conduct buffer overflow attacks, and cause a denial
of service (memory corruption) or possibly have
unspecified other impact, via crafted DER data, as
demonstrated by an X.509 certificate or an RSA public
key. NOTE: this vulnerability exists because of an
incomplete fix for CVE-2012-2110. (CVE-2012-2131)
- Integer underflow in OpenSSL when TLS 1.1, TLS 1.2, or
DTLS is used with CBC encryption, allows remote
attackers to cause a denial of service (buffer over-
read) or possibly have unspecified other impact via a
crafted TLS packet that is not properly handled during a
certain explicit IV calculation. (CVE-2012-2333) | | last seen | 2019-01-16 | | modified | 2018-07-17 | | plugin id | 73562 | | published | 2014-04-16 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=73562 | | title | AIX OpenSSL Advisory : openssl_advisory4.asc |
| NASL family | CentOS Local Security Checks | | NASL id | CENTOS_RHSA-2012-0426.NASL | | description | Updated openssl packages that fix two security issues and one bug are
now available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having
moderate security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL
v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.
A NULL pointer dereference flaw was found in the way OpenSSL parsed
Secure/Multipurpose Internet Mail Extensions (S/MIME) messages. An
attacker could use this flaw to crash an application that uses OpenSSL
to decrypt or verify S/MIME messages. (CVE-2012-1165)
A flaw was found in the PKCS#7 and Cryptographic Message Syntax (CMS)
implementations in OpenSSL. An attacker could possibly use this flaw
to perform a Bleichenbacher attack to decrypt an encrypted CMS,
PKCS#7, or S/MIME message by sending a large number of chosen
ciphertext messages to a service using OpenSSL and measuring error
response times. (CVE-2012-0884)
This update also fixes a regression caused by the fix for
CVE-2011-4619, released via RHSA-2012:0060 and RHSA-2012:0059, which
caused Server Gated Cryptography (SGC) handshakes to fail.
All OpenSSL users should upgrade to these updated packages, which
contain backported patches to resolve these issues. For the update to
take effect, all services linked to the OpenSSL library must be
restarted, or the system rebooted. | | last seen | 2019-01-16 | | modified | 2018-11-10 | | plugin id | 58502 | | published | 2012-03-28 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=58502 | | title | CentOS 5 / 6 : openssl (CESA-2012:0426) |
| NASL family | Scientific Linux Local Security Checks | | NASL id | SL_20120327_OPENSSL_ON_SL5_X.NASL | | description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL
v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.
A NULL pointer dereference flaw was found in the way OpenSSL parsed
Secure/Multipurpose Internet Mail Extensions (S/MIME) messages. An
attacker could use this flaw to crash an application that uses OpenSSL
to decrypt or verify S/MIME messages. (CVE-2012-1165)
A flaw was found in the PKCS#7 and Cryptographic Message Syntax (CMS)
implementations in OpenSSL. An attacker could possibly use this flaw
to perform a Bleichenbacher attack to decrypt an encrypted CMS,
PKCS#7, or S/MIME message by sending a large number of chosen
ciphertext messages to a service using OpenSSL and measuring error
response times. (CVE-2012-0884)
This update also fixes a regression caused by the fix for
CVE-2011-4619, released in a previous update, which caused Server
Gated Cryptography (SGC) handshakes to fail.
All OpenSSL users should upgrade to these updated packages, which
contain backported patches to resolve these issues. For the update to
take effect, all services linked to the OpenSSL library must be
restarted, or the system rebooted. | | last seen | 2019-01-16 | | modified | 2018-12-31 | | plugin id | 61293 | | published | 2012-08-01 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=61293 | | title | Scientific Linux Security Update : openssl on SL5.x, SL6.x i386/x86_64 |
| NASL family | Fedora Local Security Checks | | NASL id | FEDORA_2012-4665.NASL | | description | This minor update from upstream fixes two security vulnerabilities
with moderate and low impact.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | | last seen | 2019-01-16 | | modified | 2015-10-20 | | plugin id | 58669 | | published | 2012-04-11 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=58669 | | title | Fedora 16 : openssl-1.0.0h-1.fc16 (2012-4665) |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_11_LIBOPENSSL-DEVEL-120327.NASL | | description | The following security issues have been fixed :
- Specially crafted MIME headers could cause openssl's
ans1 parser to dereference a NULL pointer leading to a
Denial of Service (CVE-2006-7250) or fail verfication.
(CVE-2012-1165)
- The implementation of Cryptographic Message Syntax (CMS)
and PKCS #7 in OpenSSL was vulnerable to a Million
Message Attack (MMA) adaptive chosen ciphertext attack.
(CVE-2012-0884)
Additionally, the following issues have been fixed :
- Free headers after use in error message. (bnc#749213)
- Symmetric crypto errors in PKCS7_decrypt. (bnc#749210)
- Memory leak when creating public keys. (bnc#749735) | | last seen | 2019-01-16 | | modified | 2013-10-25 | | plugin id | 58677 | | published | 2012-04-11 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=58677 | | title | SuSE 11.1 Security Update : OpenSSL (SAT Patch Number 6054) |
|
