| nessus
via4
|
| NASL family | MacOS X Local Security Checks | | NASL id | MACOSX_SECUPD2014-004.NASL | | description | The remote host is running a version of Mac OS X 10.7 or 10.8 that does not have Security Update 2014-004 applied. This update contains several security-related fixes for the following components :
- CoreGraphics
- Intel Graphics Driver
- IOAcceleratorFamily
- IOHIDFamily
- IOKit
- Libnotify
- OpenSSL
- QT Media Foundation
Note that successful exploitation of the most serious issues can result in arbitrary code execution. | | last seen | 2019-02-21 | | modified | 2018-07-14 | | plugin id | 77749 | | published | 2014-09-18 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=77749 | | title | Mac OS X Multiple Vulnerabilities (Security Update 2014-004) |
| NASL family | CISCO | | NASL id | CISCO_TELEPRESENCE_MCU_CSCUP23994.NASL | | description | The remote Cisco TelePresence MCU device is running a software version known to be affected by multiple OpenSSL related vulnerabilities :
- An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076)
- An unspecified error exists that could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.
(CVE-2014-0224)
- An unspecified error exists related to anonymous ECDH ciphersuites that could allow denial of service attacks. Note this issue only affects OpenSSL TLS clients. (CVE-2014-3470) | | last seen | 2019-02-21 | | modified | 2018-07-06 | | plugin id | 76131 | | published | 2014-06-18 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=76131 | | title | Cisco TelePresence MCU Series Devices Multiple Vulnerabilities in OpenSSL |
| NASL family | Solaris Local Security Checks | | NASL id | SOLARIS11_OPENSSL_20140623.NASL | | description | The remote Solaris system is missing necessary patches to address security updates :
- Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.
(CVE-2010-5298)
- The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake. (CVE-2013-4353)
- The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client.
(CVE-2013-6449)
- The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/ t1_enc.c. (CVE-2013-6450)
- The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack. (CVE-2014-0076)
- The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment. (CVE-2014-0195)
- The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition. (CVE-2014-0198)
- The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake. (CVE-2014-0221)
- The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value. (CVE-2014-3470) | | last seen | 2019-02-21 | | modified | 2018-11-15 | | plugin id | 80720 | | published | 2015-01-19 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=80720 | | title | Oracle Solaris Third-Party Patch Update : openssl (cve_2010_5298_race_conditions) |
| NASL family | Windows | | NASL id | EMC_DOCUMENTUM_CONTENT_SERVER_ESA-2014-079.NASL | | description | The remote host is running a version of EMC Documentum Content Server that is affected by multiple vulnerabilities :
- An error exists in the 'ssl3_read_bytes' function that permits data to be injected into other sessions or allows denial of service attacks. Note that this issue is exploitable only if SSL_MODE_RELEASE_BUFFERS is enabled. (CVE-2010-5298)
- An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076)
- A buffer overflow error exists related to invalid DTLS fragment handling that permits the execution of arbitrary code or allows denial of service attacks.
Note that this issue only affects OpenSSL when used as a DTLS client or server. (CVE-2014-0195)
- An error exists in the 'do_ssl3_write' function that permits a NULL pointer to be dereferenced, which could allow denial of service attacks. Note that this issue is exploitable only if SSL_MODE_RELEASE_BUFFERS is enabled. (CVE-2014-0198)
- An error exists related to DTLS handshake handling that could allow denial of service attacks. Note that this issue only affects OpenSSL when used as a DTLS client.
(CVE-2014-0221)
- An error exists in the processing of ChangeCipherSpec messages that allows the usage of weak keying material.
This permits simplified man-in-the-middle attacks to be done. (CVE-2014-0224)
- A remote code execution vulnerability exists due to improper authorization checks. A remote, authenticated attacker can exploit this vulnerability to execute arbitrary code. (CVE-2014-4618)
- An information disclosure vulnerability exists due to a flaw in the Documentum Query Language (DQL) engine. A remote, authenticated attacker can exploit this vulnerability to conduct DQL injection attacks and read arbitrary data from the database. Note that this only affects Content Server installations running on Oracle Database. (CVE-2014-2520)
- An error exists in the 'dtls1_get_message_fragment' function related to anonymous ECDH cipher suites. This could allow denial of service attacks. Note that this issue only affects OpenSSL TLS clients. (CVE-2014-3470)
- An information disclosure vulnerability exists due to improper authorization checks on certain RPC commands.
A remote, authenticated attacker can exploit this vulnerability to retrieve meta-data of unauthorized system objects. (CVE-2014-2521) | | last seen | 2019-02-21 | | modified | 2018-11-15 | | plugin id | 77635 | | published | 2014-09-11 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=77635 | | title | EMC Documentum Content Server Multiple Vulnerabilities (ESA-2014-079) |
| NASL family | CISCO | | NASL id | CISCO_JABBER_CLIENT_CSCUP23913.NASL | | description | The remote host has a version of Cisco Jabber installed that is known to be affected by multiple OpenSSL related vulnerabilities :
- An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076)
- An unspecified error exists that could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.
(CVE-2014-0224)
- An unspecified error exists related to anonymous ECDH ciphersuites that could allow denial of service attacks. Note this issue only affects OpenSSL TLS clients. (CVE-2014-3470) | | last seen | 2019-02-21 | | modified | 2018-07-06 | | plugin id | 76129 | | published | 2014-06-18 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=76129 | | title | Cisco Windows Jabber Client Multiple Vulnerabilities in OpenSSL |
| NASL family | Web Servers | | NASL id | WEBSPHERE_8_0_0_9.NASL | | description | IBM WebSphere Application Server 8.0 prior to Fix Pack 9 is running on the remote host. It is, therefore, affected by the following vulnerabilities :
- A cross-site scripting flaw exists within the Administration Console, where user input is improperly validated. This could allow a remote attacker, with a specially crafted request, to execute arbitrary script code within the browser / server trust relationship.
(CVE-2013-6323, PI04777 and PI04880)
- A denial of service flaw exists within the Global Security Kit when handling SSLv2 resumption during the SSL/TLS handshake. This could allow a remote attacker to crash the program. (CVE-2013-6329, PI05309)
- A buffer overflow flaw exists in the HTTP server with the mod_dav module when using add-ons. This could allow a remote attacker to cause a buffer overflow and a denial of service. (CVE-2013-6438, PI09345)
- A cross-site scripting flaw exists within OAuth where user input is not properly validated. This could allow a remote attacker, with a specially crafted request, to execute arbitrary script code within the browser / server trust relationship. (CVE-2013-6738, PI05661)
- A denial of service flaw exists within the Global Security Kit when handling X.509 certificate chain during the initiation of a SSL/TLS connection. A remote attacker, using a malformed certificate chain, could cause the client or server to crash by hanging the Global Security Kit. (CVE-2013-6747, PI09443)
- A denial of service flaw exists within the Apache Commons FileUpload when parsing a content-type header for a multipart request. A remote attacker, using a specially crafted request, could crash the program.
(CVE-2014-0050, PI12648, PI12926 and PI13162)
- A flaw exists in the Elliptic Curve Digital Signature Algorithm implementation which could allow a malicious process to recover ECDSA nonces.
(CVE-2014-0076, PI19700)
- A denial of service flaw exists in the 'mod_log_config' when logging a cookie with an unassigned value. A remote attacker, using a specially crafted request, can cause the program to crash. (CVE-2014-0098, PI13028)
- An information disclosure flaw exists in the 'sun.security.rsa.RSAPadding' with 'PKCS#1' unpadding.
This many allow a remote attacker to gain timing information intended to be protected by encryption.
(CVE-2014-0453)
- A flaw exists with 'com.sun.jndi.dns.DnsClient' related to the randomization of query IDs. This could allow a remote attacker to conduct spoofing attacks.
(CVE-2014-0460)
- A flaw exists in the Full and Liberty profiles. A remote attacker, using a specially crafted request, could gain access to arbitrary files. (CVE-2014-0823, PI05324)
- An information disclosure flaw exists within the Administrative Console. This could allow a network attacker, using a specially crafted request, to gain privileged access. (CVE-2014-0857, PI07808)
- A denial of service flaw exists in a web server plugin on servers configured to retry failed POST request. This could allow a remote attacker to crash the application.
(CVE-2014-0859, PI08892)
- An information disclosure flaw exists within Proxy and ODR servers. This could allow a remote attacker, using a specially crafted request, to gain access to potentially sensitive information. (CVE-2014-0891, PI09786)
- A denial of service flaw exists within the IBM Security Access Manager for Web with the Reverse Proxy component.
This could allow a remote attacker, using specially crafted TLS traffic, to cause the application on the system to become unresponsive. (CVE-2014-0963, PI17025)
- An information disclosure flaw exists when handling SOAP responses. This could allow a remote attacker to potentially gain access to sensitive information.
(CVE-2014-0965, PI11434)
- An information disclosure flaw exists. A remote attacker, using a specially crafted URL, could gain access to potentially sensitive information.
(CVE-2014-3022, PI09594) | | last seen | 2019-02-21 | | modified | 2018-08-06 | | plugin id | 76995 | | published | 2014-08-04 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=76995 | | title | IBM WebSphere Application Server 8.0 < Fix Pack 9 Multiple Vulnerabilities |
| NASL family | SuSE Local Security Checks | | NASL id | OPENSUSE-2016-294.NASL | | description | This update for libopenssl0_9_8 fixes the following issues :
- CVE-2016-0800 aka the 'DROWN' attack (bsc#968046):
OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle.
This update changes the openssl library to :
- Disable SSLv2 protocol support by default.
This can be overridden by setting the environment variable 'OPENSSL_ALLOW_SSL2' or by using SSL_CTX_clear_options using the SSL_OP_NO_SSLv2 flag.
Note that various services and clients had already disabled SSL protocol 2 by default previously.
- Disable all weak EXPORT ciphers by default. These can be reenabled if required by old legacy software using the environment variable 'OPENSSL_ALLOW_EXPORT'.
- CVE-2016-0797 (bnc#968048): The BN_hex2bn() and BN_dec2bn() functions had a bug that could result in an attempt to de-reference a NULL pointer leading to crashes. This could have security consequences if these functions were ever called by user applications with large untrusted hex/decimal data. Also, internal usage of these functions in OpenSSL uses data from config files or application command line arguments. If user developed applications generated config file data based on untrusted data, then this could have had security consequences as well.
- CVE-2016-0799 (bnc#968374) On many 64 bit systems, the internal fmtstr() and doapr_outch() functions could miscalculate the length of a string and attempt to access out-of-bounds memory locations. These problems could have enabled attacks where large amounts of untrusted data is passed to the BIO_*printf functions.
If applications use these functions in this way then they could have been vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could have been vulnerable if the data is from untrusted sources. OpenSSL command line applications could also have been vulnerable when they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable.
- The package was updated to 0.9.8zh :
- fixes many security vulnerabilities (not separately listed): CVE-2015-3195, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1792, CVE-2015-1791, CVE-2015-0286, CVE-2015-0287, CVE-2015-0289, CVE-2015-0293, CVE-2015-0209, CVE-2015-0288, CVE-2014-3571, CVE-2014-3569, CVE-2014-3572, CVE-2015-0204, CVE-2014-8275, CVE-2014-3570, CVE-2014-3567, CVE-2014-3568, CVE-2014-3566, CVE-2014-3510, CVE-2014-3507, CVE-2014-3506, CVE-2014-3505, CVE-2014-3508, CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-3470, CVE-2014-0076, CVE-2013-0169, CVE-2013-0166
- avoid running OPENSSL_config twice. This avoids breaking engine loading. (boo#952871, boo#967787)
- fix CVE-2015-3197 (boo#963415)
- SSLv2 doesn't block disabled ciphers | | last seen | 2019-02-21 | | modified | 2016-12-07 | | plugin id | 89651 | | published | 2016-03-04 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=89651 | | title | openSUSE Security Update : libopenssl0_9_8 (openSUSE-2016-294) (DROWN) (FREAK) (POODLE) |
| NASL family | Windows | | NASL id | ORACLE_VIRTUALBOX_JAN_2015_CPU.NASL | | description | The remote host contains a version of Oracle VM VirtualBox that is prior to 3.2.26 / 4.0.28 / 4.1.36 / 4.2.28 / 4.3.20. It is, therefore, affected by multiple vulnerabilities in the following subcomponents :
- Core
- OpenSSL
- VMSVGA device | | last seen | 2019-02-21 | | modified | 2018-11-15 | | plugin id | 80915 | | published | 2015-01-22 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=80915 | | title | Oracle VM VirtualBox < 3.2.26 / 4.0.28 / 4.1.36 / 4.2.28 / 4.3.20 Multiple Vulnerabilities (January 2015 CPU) |
| NASL family | MacOS X Local Security Checks | | NASL id | MACOSX_10_9_5.NASL | | description | The remote host is running a version of Mac OS X 10.9.x that is prior to version 10.9.5. This update contains several security-related fixes for the following components :
- apache_mod_php
- Bluetooth
- CoreGraphics
- Foundation
- Intel Graphics Driver
- IOAcceleratorFamily
- IOHIDFamily
- IOKit
- Kernel
- Libnotify
- OpenSSL
- QT Media Foundation
- ruby
Note that successful exploitation of the most serious issues can result in arbitrary code execution. | | last seen | 2019-02-21 | | modified | 2018-07-14 | | plugin id | 77748 | | published | 2014-09-18 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=77748 | | title | Mac OS X 10.9.x < 10.9.5 Multiple Vulnerabilities |
| NASL family | Windows | | NASL id | HP_VERSION_CONTROL_REPO_MANAGER_HPSBMU03056.NASL | | description | The version of HP Version Control Repository Manager installed on the remote host is prior to 7.3.4, and thus is affected by multiple vulnerabilities in the bundled version of OpenSSL :
- An error exists in the function 'ssl3_read_bytes' that could allow data to be injected into other sessions or allow denial of service attacks. Note this issue is only exploitable if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)
- An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076)
- A buffer overflow error exists related to invalid DTLS fragment handling that could lead to execution of arbitrary code. Note this issue only affects OpenSSL when used as a DTLS client or server. (CVE-2014-0195)
- An error exists in the function 'do_ssl3_write' that could allow a NULL pointer to be dereferenced leading to denial of service attacks. Note this issue is exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2014-0198)
- An error exists related to DTLS handshake handling that could lead to denial of service attacks. Note this issue only affects OpenSSL when used as a DTLS client.
(CVE-2014-0221)
- An unspecified error exists that could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.
(CVE-2014-0224)
- An unspecified error exists related to anonymous ECDH ciphersuites that could allow denial of service attacks. Note this issue only affects OpenSSL TLS clients. (CVE-2014-3470) | | last seen | 2019-02-21 | | modified | 2018-11-15 | | plugin id | 76390 | | published | 2014-07-07 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=76390 | | title | HP Version Control Repository Manager Multiple Vulnerabilities (HPSBMU03056) |
| NASL family | Windows | | NASL id | HP_SYSTEMS_INSIGHT_MANAGER_73_HOTFIX_34.NASL | | description | The version of HP Systems Insight Manager installed on the remote Windows host is affected by the following vulnerabilities in the included OpenSSL library :
- An error exists in the function 'ssl3_read_bytes' that could allow data to be injected into other sessions or allow denial of service attacks. Note this issue is only exploitable if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)
- An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076)
- A buffer overflow error exists related to invalid DTLS fragment handling that could lead to execution of arbitrary code. Note this issue only affects OpenSSL when used as a DTLS client or server. (CVE-2014-0195)
- An error exists in the function 'do_ssl3_write' that could allow a NULL pointer to be dereferenced leading to denial of service attacks. Note this issue is exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2014-0198)
- An error exists related to DTLS handshake handling that could lead to denial of service attacks. Note this issue only affects OpenSSL when used as a DTLS client.
(CVE-2014-0221)
- An unspecified error exists that could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.
(CVE-2014-0224)
- An unspecified error exists related to anonymous ECDH cipher suites that could allow denial of service attacks. Note this issue only affects OpenSSL TLS clients. (CVE-2014-3470) | | last seen | 2019-02-21 | | modified | 2018-11-15 | | plugin id | 77020 | | published | 2014-08-06 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=77020 | | title | HP Systems Insight Manager 7.2.x < 7.2 Hotfix 37 / 7.3.x < 7.3 Hotfix 34 OpenSSL Multiple Vulnerabilities |
| NASL family | Windows | | NASL id | IBM_RATIONAL_CLEARQUEST_8_0_1_3_01.NASL | | description | The remote host has a version of IBM Rational ClearQuest 7.1.1.x / 7.1.2.x prior to 7.1.2.13.01 / 8.0.0.x prior to 8.0.0.10.01 / 8.0.1.x prior to 8.0.1.3.01 installed. It is, therefore, potentially affected by multiple vulnerabilities in the OpenSSL library :
- An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that allows nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076)
- An out-of-bounds read error, known as the 'Heartbleed Bug', exists related to handling TLS heartbeat extensions that allows an attacker to obtain sensitive information such as primary key material, secondary key material, and other protected content. Note that this error only affects versions of ClearQuest later than 7.1.2. (CVE-2014-0160) | | last seen | 2019-02-21 | | modified | 2018-07-12 | | plugin id | 81782 | | published | 2015-03-12 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=81782 | | title | IBM Rational ClearQuest 7.1.1.x / 7.1.2.x < 7.1.2.13.01 / 8.0.0.x < 8.0.0.10.01 / 8.0.1.x < 8.0.1.3.01 OpenSSL Library Multiple Vulnerabilities (credentialed check) (Heartbleed) |
| NASL family | Web Servers | | NASL id | HPSMH_7_3_3_1.NASL | | description | According to the web server's banner, the version of HP System Management Homepage (SMH) hosted on the remote web server has an implementation of the OpenSSL library that is affected by the following vulnerabilities :
- An error exists in the ssl3_read_bytes() function that allows data to be injected into other sessions. Note that this issue is only exploitable if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)
- An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that allows nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076)
- A buffer overflow condition exists related to invalid DTLS fragment handling that could lead to execution of arbitrary code. Note this issue only affects OpenSSL when used as a DTLS client or server. (CVE-2014-0195)
- An error exists in the do_ssl3_write() function that allows a NULL pointer to be dereferenced, resulting in a denial of service condition. Note that this issue is exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2014-0198)
- An error exists related to DTLS handshake handling that could lead to denial of service attacks. Note that this issue only affects OpenSSL when used as a DTLS client.
(CVE-2014-0221)
- An unspecified error exists that allows an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks. (CVE-2014-0224)
- An unspecified error exists related to anonymous ECDH ciphersuites that allows denial of service attacks. Note that this issue only affects OpenSSL TLS clients.
(CVE-2014-3470) | | last seen | 2019-02-21 | | modified | 2018-11-15 | | plugin id | 76345 | | published | 2014-07-02 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=76345 | | title | HP System Management Homepage < 7.2.4.1 / 7.3.3.1 OpenSSL Multiple Vulnerabilities |
| NASL family | Windows | | NASL id | HP_VCA_SSRT101614.NASL | | description | The installation of HP Version Control Agent (VCA) on the remote Windows host is a version prior to 7.3.3. It is, therefore, affected by multiple vulnerabilities in the bundled version of SSL :
- An error exists in the 'ssl3_read_bytes' function that permits data to be injected into other sessions or allows denial of service attacks. Note that this issue is exploitable only if SSL_MODE_RELEASE_BUFFERS is enabled. (CVE-2010-5298)
- A flaw in the ECDS Algorithm implementation can be triggered using a FLUSH+RELOAD cache side-channel attack which may allow a malicious process to recover ECDSA nonces. (CVE-2014-0076)
- A buffer overflow error exists related to invalid DTLS fragment handling that permits the execution of arbitrary code or allows denial of service attacks.
Note that this issue only affects OpenSSL when used as a DTLS client or server. (CVE-2014-0195)
- An error exists in the 'do_ssl3_write' function that permits a NULL pointer to be dereferenced, which could allow denial of service attacks. Note that this issue is exploitable only if SSL_MODE_RELEASE_BUFFERS is enabled. (CVE-2014-0198)
- An error exists related to DTLS handshake handling that could allow denial of service attacks. Note that this issue only affects OpenSSL when used as a DTLS client.
(CVE-2014-0221)
- An error exists in the processing of ChangeCipherSpec messages that allows the usage of weak keying material.
This permits simplified man-in-the-middle attacks to be done. (CVE-2014-0224)
- An error exists in the 'dtls1_get_message_fragment' function related to anonymous ECDH cipher suites. This could allow denial of service attacks. Note that this issue only affects OpenSSL TLS clients. (CVE-2014-3470) | | last seen | 2019-02-21 | | modified | 2018-09-17 | | plugin id | 77150 | | published | 2014-08-12 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=77150 | | title | HP Version Control Agent (VCA) < 7.3.3 Multiple SSL Vulnerabilities |
| NASL family | Red Hat Local Security Checks | | NASL id | HP_VCA_SSRT101614-RHEL.NASL | | description | The RPM installation of HP Version Control Agent (VCA) on the remote Linux host is a version prior to 7.3.3. It is, therefore, affected by multiple vulnerabilities in the bundled version of SSL :
- An error exists in the 'ssl3_read_bytes' function that permits data to be injected into other sessions or allows denial of service attacks. Note that this issue is exploitable only if SSL_MODE_RELEASE_BUFFERS is enabled. (CVE-2010-5298)
- A flaw in the ECDS Algorithm implementation can be triggered using a FLUSH+RELOAD cache side-channel attack which may allow a malicious process to recover ECDSA nonces. (CVE-2014-0076)
- A buffer overflow error exists related to invalid DTLS fragment handling that permits the execution of arbitrary code or allows denial of service attacks.
Note that this issue only affects OpenSSL when used as a DTLS client or server. (CVE-2014-0195)
- An error exists in the 'do_ssl3_write' function that permits a NULL pointer to be dereferenced, which could allow denial of service attacks. Note that this issue is exploitable only if SSL_MODE_RELEASE_BUFFERS is enabled. (CVE-2014-0198)
- An error exists related to DTLS handshake handling that could allow denial of service attacks. Note that this issue only affects OpenSSL when used as a DTLS client.
(CVE-2014-0221)
- An error exists in the processing of ChangeCipherSpec messages that allows the usage of weak keying material.
This permits simplified man-in-the-middle attacks to be done. (CVE-2014-0224)
- An error exists in the 'dtls1_get_message_fragment' function related to anonymous ECDH cipher suites. This could allow denial of service attacks. Note that this issue only affects OpenSSL TLS clients. (CVE-2014-3470) | | last seen | 2019-02-21 | | modified | 2018-09-17 | | plugin id | 77151 | | published | 2014-08-12 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=77151 | | title | HP Version Control Agent (VCA) < 7.3.3 Multiple SSL Vulnerabilities |
| NASL family | Mandriva Local Security Checks | | NASL id | MANDRIVA_MDVSA-2015-062.NASL | | description | Multiple vulnerabilities has been discovered and corrected in openssl :
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment (CVE-2010-5298).
The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack (CVE-2014-0076).
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug (CVE-2014-0160).
The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment (CVE-2014-0195).
The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition (CVE-2014-0198).
The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake (CVE-2014-0221).
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the CCS Injection vulnerability (CVE-2014-0224).
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value (CVE-2014-3470).
Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message (CVE-2014-3513).
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the POODLE issue (CVE-2014-3566).
Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure (CVE-2014-3567).
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix (CVE-2014-3569).
The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c (CVE-2014-3570).
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c (CVE-2014-3571).
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message (CVE-2014-3572).
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c (CVE-2014-8275).
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the FREAK issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations (CVE-2015-0204).
The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support (CVE-2015-0205).
Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection (CVE-2015-0206).
Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import (CVE-2015-0209).
The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature (CVE-2015-0286).
The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse (CVE-2015-0287).
The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key (CVE-2015-0288).
The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (CVE-2015-0289).
The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message (CVE-2015-0293).
The updated packages have been upgraded to the 1.0.1m version where these security flaws has been fixed. | | last seen | 2019-02-21 | | modified | 2018-11-15 | | plugin id | 82315 | | published | 2015-03-30 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=82315 | | title | Mandriva Linux Security Advisory : openssl (MDVSA-2015:062) |
| NASL family | Misc. | | NASL id | MCAFEE_EPO_SB10075.NASL | | description | The remote host is running a version of McAfee ePolicy Orchestrator that is affected by multiple vulnerabilities due to flaws in the OpenSSL library :
- An error exists in the function 'ssl3_read_bytes' that could allow data to be injected into other sessions or allow denial of service attacks. Note this issue is only exploitable if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)
- An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076)
- A buffer overflow error exists related to invalid DTLS fragment handling that could lead to execution of arbitrary code. Note this issue only affects OpenSSL when used as a DTLS client or server. (CVE-2014-0195)
- An error exists in the function 'do_ssl3_write' that could allow a NULL pointer to be dereferenced leading to denial of service attacks. Note this issue is exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2014-0198)
- An error exists related to DTLS handshake handling that could lead to denial of service attacks. Note this issue only affects OpenSSL when used as a DTLS client.
(CVE-2014-0221)
- An unspecified error exists that could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.
(CVE-2014-0224)
- An unspecified error exists related to anonymous ECDH ciphersuites that could allow denial of service attacks. Note this issue only affects OpenSSL TLS clients. (CVE-2014-3470)) | | last seen | 2019-02-21 | | modified | 2018-11-15 | | plugin id | 76145 | | published | 2014-06-19 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=76145 | | title | McAfee ePolicy Orchestrator Multiple OpenSSL Vulnerabilities (SB10075) |
| NASL family | Misc. | | NASL id | OPENSSL_CCS_1_0_1.NASL | | description | The OpenSSL service on the remote host is vulnerable to a man-in-the-middle (MiTM) attack, based on its acceptance of a specially crafted handshake.
This flaw could allow a MiTM attacker to decrypt or forge SSL messages by telling the service to begin encrypted communications before key material has been exchanged, which causes predictable keys to be used to secure future traffic.
Note that Nessus has only tested for an SSL/TLS MiTM vulnerability (CVE-2014-0224). However, Nessus has inferred that the OpenSSL service on the remote host is also affected by six additional vulnerabilities that were disclosed in OpenSSL's June 5th, 2014 security advisory :
- An error exists in the 'ssl3_read_bytes' function that permits data to be injected into other sessions or allows denial of service attacks. Note that this issue is exploitable only if SSL_MODE_RELEASE_BUFFERS is enabled. (CVE-2010-5298)
- An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that allows nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076)
- A buffer overflow error exists related to invalid DTLS fragment handling that permits the execution of arbitrary code or allows denial of service attacks.
Note that this issue only affects OpenSSL when used as a DTLS client or server. (CVE-2014-0195)
- An error exists in the 'do_ssl3_write' function that permits a NULL pointer to be dereferenced, which could allow denial of service attacks. Note that this issue is exploitable only if SSL_MODE_RELEASE_BUFFERS is enabled. (CVE-2014-0198)
- An error exists related to DTLS handshake handling that could allow denial of service attacks. Note that this issue only affects OpenSSL when used as a DTLS client.
(CVE-2014-0221)
- An error exists in the 'dtls1_get_message_fragment' function related to anonymous ECDH cipher suites. This could allow denial of service attacks. Note that this issue only affects OpenSSL TLS clients. (CVE-2014-3470)
OpenSSL did not release individual patches for these vulnerabilities, instead they were all patched under a single version release. Note that the service will remain vulnerable after patching until the service or host is restarted. | | last seen | 2019-02-21 | | modified | 2018-07-16 | | plugin id | 77200 | | published | 2014-08-14 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=77200 | | title | OpenSSL 'ChangeCipherSpec' MiTM Vulnerability |
| NASL family | Misc. | | NASL id | IPSWITCH_IMAIL_12_4_1_15.NASL | | description | The remote host appears to be running Ipswitch IMail Server 11.x or 12.x older than version 12.4.1.15 and is, therefore, potentially affected by the following vulnerabilities :
- An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076)
- An out-of-bounds read error, known as the 'Heartbleed Bug', exists related to handling TLS heartbeat extensions that could allow an attacker to obtain sensitive information such as primary key material, secondary key material and other protected content.
(CVE-2014-0160)
- Multiple input validation errors exist related to the 'WebClient' component that could allow cross-site scripting attacks. (CVE-2014-3878) | | last seen | 2019-02-21 | | modified | 2018-11-15 | | plugin id | 76490 | | published | 2014-07-14 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=76490 | | title | Ipswitch IMail Server 11.x / 12.x < 12.4.1.15 Multiple Vulnerabilities (Heartbleed) |
| NASL family | Mandriva Local Security Checks | | NASL id | MANDRIVA_MDVSA-2014-067.NASL | | description | Updated openssl packages fix security vulnerability :
The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack (CVE-2014-0076). | | last seen | 2019-02-21 | | modified | 2019-01-02 | | plugin id | 73443 | | published | 2014-04-10 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=73443 | | title | Mandriva Linux Security Advisory : openssl (MDVSA-2014:067) |
| NASL family | Web Servers | | NASL id | WEBSPHERE_8_0_0_10.NASL | | description | The remote host is running IBM WebSphere Application Server version 8.0 prior to Fix Pack 10. It is, therefore, affected by the following vulnerabilities :
- Multiple errors exist related to the included IBM HTTP server that can allow remote code execution or denial of service. (CVE-2013-5704, CVE-2014-0118, CVE-2014-0226, CVE-2014-0231 / PI22070)
- An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076 / PI19700)
- An unspecified error exists related to HTTP headers that can allow information disclosure. (CVE-2014-3021 / PI08268)
- An unspecified error caused by improper account creation with the Virtual Member Manager SPI Admin Task 'addFileRegistryAccount' can allow remote attackers to bypass security restrictions. (CVE-2014-3070 / PI16765)
- An information disclosure vulnerability exists due to a failure to restrict access to resources located within the web application. A remote attacker can exploit this to obtain configuration data and other sensitive information. (CVE-2014-3083 / PI17768, PI30579 )
- A man-in-the-middle (MitM) information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. MitM attackers can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566 / PI28435, PI28436, PI28437)
- An unspecified flaw in the Load Balancer for IPv4 Dispatcher component allows a remote attacker to cause a denial of service. (CVE-2014-4764 / PI21189)
- An unspecified input validation error exists related to the administrative console that can allow cross-site scripting and cross-site request forgery attacks.
(CVE-2014-4770, CVE-2014-4816 / PI23055)
- An error exists related to the Communications Enabled Applications (CEA) service that can allow XML External Entity Injection (XXE) attacks leading to information disclosure. This only occurs if CEA is enabled, and by default this is disabled. (CVE-2014-6166 / PI25310)
- An input validation error exists related to session input using URL rewriting that can allow cross-site scripting attacks. (CVE-2014-6167 / PI23819)
- An error exists related to the administrative console that can allow click-jacking attacks. (CVE-2014-6174 / PI27152) | | last seen | 2019-02-21 | | modified | 2018-08-06 | | plugin id | 81401 | | published | 2015-02-18 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=81401 | | title | IBM WebSphere Application Server 8.0 < Fix Pack 10 Multiple Vulnerabilities (POODLE) |
| NASL family | General | | NASL id | VMWARE_WORKSTATION_LINUX_10_0_2.NASL | | description | The installed version of VMware Workstation 10.x is prior to 10.0.2.
It is, therefore, reportedly affected by the following vulnerabilities in the OpenSSL library :
- An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076)
- An out-of-bounds read error, known as the 'Heartbleed Bug', exists related to handling TLS heartbeat extensions that could allow an attacker to obtain sensitive information such as primary key material, secondary key material and other protected content.
(CVE-2014-0160) | | last seen | 2019-02-21 | | modified | 2018-08-06 | | plugin id | 73673 | | published | 2014-04-21 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=73673 | | title | VMware Workstation 10.x < 10.0.2 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Linux) (Heartbleed) |
| NASL family | CISCO | | NASL id | CISCO_ONS_CSCUP24077.NASL | | description | The remote Cisco ONS device is running a software version known to be affected by multiple OpenSSL related vulnerabilities :
- An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076)
- An unspecified error exists related to anonymous ECDH ciphersuites that could allow denial of service attacks. Note this issue only affects OpenSSL TLS clients. (CVE-2014-3470) | | last seen | 2019-02-21 | | modified | 2018-07-06 | | plugin id | 76130 | | published | 2014-06-18 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=76130 | | title | Cisco ONS 15400 Series Devices Multiple Vulnerabilities in OpenSSL |
| NASL family | Ubuntu Local Security Checks | | NASL id | UBUNTU_USN-2165-1.NASL | | description | Neel Mehta discovered that OpenSSL incorrectly handled memory in the TLS heartbeat extension. An attacker could use this issue to obtain up to 64k of memory contents from the client or server, possibly leading to the disclosure of private keys and other sensitive information.
(CVE-2014-0160)
Yuval Yarom and Naomi Benger discovered that OpenSSL incorrectly handled timing during swap operations in the Montgomery ladder implementation. An attacker could use this issue to perform side-channel attacks and possibly recover ECDSA nonces.
(CVE-2014-0076). | | last seen | 2019-02-21 | | modified | 2019-01-02 | | plugin id | 73402 | | published | 2014-04-08 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=73402 | | title | Ubuntu 12.04 LTS / 12.10 / 13.10 : openssl vulnerabilities (USN-2165-1) |
| NASL family | Misc. | | NASL id | VMWARE_HORIZON_WORKSPACE_VMSA2014-0004.NASL | | description | The version of VMware Horizon Workspace installed on the remote host is version 1.8.x prior to 1.8.1. It is, therefore, reportedly affected by the following vulnerabilities in the OpenSSL library :
- An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076)
- An out-of-bounds read error, known as the 'Heartbleed Bug', exists related to handling TLS hearbeat extensions that could allow an attacker to obtain sensitive information such as primary key material, secondary key material and other protected content.
(CVE-2014-0160) | | last seen | 2019-02-21 | | modified | 2018-08-06 | | plugin id | 73896 | | published | 2014-05-06 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=73896 | | title | VMware Horizon Workspace 1.8 < 1.8.1 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Heartbleed) |
| NASL family | Misc. | | NASL id | MCAFEE_WEB_GATEWAY_SB10075.NASL | | description | The remote host is running a version of McAfee Web Gateway (MWG) that is affected by multiple vulnerabilities due to flaws in the OpenSSL library :
- An error exists in the function 'ssl3_read_bytes' that could allow data to be injected into other sessions or allow denial of service attacks. Note this issue is only exploitable if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)
- An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076)
- A buffer overflow error exists related to invalid DTLS fragment handling that could lead to execution of arbitrary code. Note this issue only affects OpenSSL when used as a DTLS client or server. (CVE-2014-0195)
- An error exists in the function 'do_ssl3_write' that could allow a NULL pointer to be dereferenced leading to denial of service attacks. Note this issue is exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2014-0198)
- An error exists related to DTLS handshake handling that could lead to denial of service attacks. Note this issue only affects OpenSSL when used as a DTLS client.
(CVE-2014-0221)
- An unspecified error exists that could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.
(CVE-2014-0224)
- An unspecified error exists related to anonymous ECDH ciphersuites that could allow denial of service attacks. Note this issue only affects OpenSSL TLS clients. (CVE-2014-3470) | | last seen | 2019-02-21 | | modified | 2018-11-15 | | plugin id | 76146 | | published | 2014-06-19 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=76146 | | title | McAfee Web Gateway Multiple OpenSSL Vulnerabilities (SB10075) |
| NASL family | Web Servers | | NASL id | OPENSSL_1_0_1G.NASL | | description | According to its banner, the remote web server uses a version of OpenSSL 1.0.1 prior to 1.0.1g. The OpenSSL library is, therefore, reportedly affected by the following vulnerabilities :
- An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076)
- An out-of-bounds read error, known as the 'Heartbleed Bug', exists related to handling TLS heartbeat extensions that could allow an attacker to obtain sensitive information such as primary key material, secondary key material and other protected content.
(CVE-2014-0160) | | last seen | 2019-02-21 | | modified | 2018-11-15 | | plugin id | 73404 | | published | 2014-04-08 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=73404 | | title | OpenSSL 1.0.1 < 1.0.1g Multiple Vulnerabilities (Heartbleed) |
| NASL family | Gentoo Local Security Checks | | NASL id | GENTOO_GLSA-201404-07.NASL | | description | The remote host is affected by the vulnerability described in GLSA-201404-07 (OpenSSL: Information Disclosure)
Multiple vulnerabilities have been found in OpenSSL:
OpenSSL incorrectly handles memory in the TLS heartbeat extension, leading to information disclosure of 64kb per request, possibly including private keys (“Heartbleed bug”, OpenSSL 1.0.1 only, CVE-2014-0160).
The Montgomery ladder implementation of OpenSSL improperly handles swap operations (CVE-2014-0076).
Impact :
A remote attacker could exploit these issues to disclose information, including private keys or other sensitive information, or perform side-channel attacks to obtain ECDSA nonces.
Workaround :
Disabling the tls-heartbeat USE flag (enabled by default) provides a workaround for the CVE-2014-0160 issue. | | last seen | 2019-02-21 | | modified | 2018-07-12 | | plugin id | 73407 | | published | 2014-04-08 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=73407 | | title | GLSA-201404-07 : OpenSSL: Information Disclosure |
| NASL family | Solaris Local Security Checks | | NASL id | SOLARIS11_OPENSSL_20140731.NASL | | description | The remote Solaris system is missing necessary patches to address security updates :
- The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake. (CVE-2013-4353)
- The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client.
(CVE-2013-6449)
- The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/ t1_enc.c. (CVE-2013-6450)
- The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack. (CVE-2014-0076)
- The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
(CVE-2014-0160) | | last seen | 2019-02-21 | | modified | 2018-11-15 | | plugin id | 80721 | | published | 2015-01-19 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=80721 | | title | Oracle Solaris Third-Party Patch Update : openssl (multiple_vulnerabilities_in_openssl4) (Heartbleed) |
| NASL family | FreeBSD Local Security Checks | | NASL id | FREEBSD_PKG_7CCD4DEFC1BE11E39D09000C2980A9F3.NASL | | description | OpenSSL reports :
A flaw in the implementation of Montgomery Ladder Approach would create a side-channel that leaks sensitive timing information.
A local attacker might be able to snoop a signing process and might recover the signing key from it. | | last seen | 2019-02-21 | | modified | 2018-11-10 | | plugin id | 73487 | | published | 2014-04-14 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=73487 | | title | FreeBSD : OpenSSL -- Local Information Disclosure (7ccd4def-c1be-11e3-9d09-000c2980a9f3) |
| NASL family | SuSE Local Security Checks | | NASL id | OPENSUSE-2014-269.NASL | | description | openssl was updated to fix a timing attack, where it was theoretically possible to recover ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack | | last seen | 2019-02-21 | | modified | 2019-01-02 | | plugin id | 75310 | | published | 2014-06-13 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=75310 | | title | openSUSE Security Update : openssl (openSUSE-SU-2014:0480-1) |
| NASL family | Windows | | NASL id | IBM_GSKIT_8_0_50_20.NASL | | description | The remote Windows host has a version of IBM Global Security Kit prior to 7.0.4.50 / 8.0.14.43 / 8.0.50.20. It is, therefore, affected by the following vulnerabilities :
- An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076)
- A denial of service vulnerability exists which an attacker can exploit by sending a specially crafted SSL request to cause the host to become unresponsive.
(CVE-2014-0963) | | last seen | 2019-02-21 | | modified | 2018-07-12 | | plugin id | 74287 | | published | 2014-06-03 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=74287 | | title | IBM Global Security Kit 7 < 7.0.4.50 / 8.0.14.x < 8.0.14.43 / 8.0.50.x < 8.0.50.20 Multiple Vulnerabilities |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_SU-2014-0539-1.NASL | | description | OpenSSL has been updated to fix an attack on ECDSA Nonces.
Using the FLUSH+RELOAD Cache Side-channel Attack the Nonces could be recovered. (CVE-2014-0076)
The update also enables use of SHA-2 family certificate verification of X.509 certificates used in todays SSL certificate infrastructure.
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. | | last seen | 2019-02-21 | | modified | 2018-07-31 | | plugin id | 83620 | | published | 2015-05-20 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=83620 | | title | SUSE SLES10 Security Update : OpenSSL (SUSE-SU-2014:0539-1) |
| NASL family | Windows | | NASL id | CISCO_ANYCONNECT_3_1_5170.NASL | | description | The remote host has a version of Cisco AnyConnect prior to 3.1(5170).
It is, therefore, potentially affected by the following vulnerabilities :
- An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076)
- A buffer overflow error exists related to invalid DTLS fragment handling that could lead to execution of arbitrary code. Note this issue only affects OpenSSL when used as a DTLS client or server. (CVE-2014-0195)
- An error exists related to DTLS handshake handling that could lead to denial of service attacks. Note this issue only affects OpenSSL when used as a DTLS client.
(CVE-2014-0221)
- An unspecified error exists that could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.
(CVE-2014-0224) | | last seen | 2019-02-21 | | modified | 2018-07-06 | | plugin id | 76491 | | published | 2014-07-14 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=76491 | | title | Cisco AnyConnect Secure Mobility Client 2.x / 3.x < 3.1(5170) Multiple OpenSSL Vulnerabilities |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_SU-2014-0538-1.NASL | | description | OpenSSL has been updated to fix an attack on ECDSA Nonces.
Using the FLUSH+RELOAD Cache Side-channel Attack the Nonces could have been recovered. (CVE-2014-0076)
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. | | last seen | 2019-02-21 | | modified | 2018-07-31 | | plugin id | 83619 | | published | 2015-05-20 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=83619 | | title | SUSE SLES10 Security Update : OpenSSL (SUSE-SU-2014:0538-1) |
| NASL family | CISCO | | NASL id | CISCO-SA-20140605-OPENSSL-NXOS.NASL | | description | The remote Cisco device is running a version of NX-OS software that is affected by multiple vulnerabilities in the bundled OpenSSL library :
- An error exists in the function 'ssl3_read_bytes' that could allow data to be injected into other sessions or allow denial of service attacks. Note this issue is only exploitable if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)
- An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076)
- A buffer overflow error exists related to invalid DTLS fragment handling that could lead to execution of arbitrary code. Note this issue only affects OpenSSL when used as a DTLS client or server. (CVE-2014-0195)
- An error exists in the function 'do_ssl3_write' that could allow a NULL pointer to be dereferenced leading to denial of service attacks. Note this issue is exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2014-0198)
- An error exists related to DTLS handshake handling that could lead to denial of service attacks. Note this issue only affects OpenSSL when used as a DTLS client.
(CVE-2014-0221)
- An unspecified error exists that could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.
(CVE-2014-0224)
- An unspecified error exists related to anonymous ECDH ciphersuites that could allow denial of service attacks. Note this issue only affects OpenSSL TLS clients. (CVE-2014-3470)
- An integer underflow condition exists in the EVP_DecodeUpdate() function due to improper validation of base64 encoded input when decoding. This allows a remote attacker, using maliciously crafted base64 data, to cause a segmentation fault or memory corruption, resulting in a denial of service or possibly the execution of arbitrary code. (CVE-2015-0292) | | last seen | 2019-02-21 | | modified | 2018-11-15 | | plugin id | 88991 | | published | 2016-02-26 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=88991 | | title | Cisco NX-OS OpenSSL Multiple Vulnerabilities |
| NASL family | CISCO | | NASL id | CISCO-SA-20140605-OPENSSL-IOSXE.NASL | | description | The remote Cisco IOS XE device is missing a vendor-supplied security patch, and its web user interface is configured to use HTTPS. It is, therefore, affected by the following vulnerabilities in the bundled OpenSSL library :
- An error exists in the ssl3_read_bytes() function that could allow data to be injected into other sessions or allow denial of service attacks. Note this issue is only exploitable if 'SSL_MODE_RELEASE_BUFFERS' is enabled.
(CVE-2010-5298)
- An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076)
- An error exists in the do_ssl3_write() function that could allow a NULL pointer to be dereferenced leading to denial of service attacks. Note this issue is exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2014-0198)
- An unspecified error exists that could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks. (CVE-2014-0224) | | last seen | 2019-02-21 | | modified | 2018-11-15 | | plugin id | 88989 | | published | 2016-02-26 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=88989 | | title | Cisco IOS XE Multiple OpenSSL Vulnerabilities (CSCup22487) |
| NASL family | Misc. | | NASL id | MCAFEE_VSEL_SB10075.NASL | | description | The remote host is running a version of McAfee VirusScan Enterprise for Linux (VSEL) that is affected by multiple vulnerabilities due to flaws in the included OpenSSL library :
- An error exists in the function 'ssl3_read_bytes' that could allow data to be injected into other sessions or allow denial of service attacks. Note this issue is only exploitable if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)
- An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076)
- A buffer overflow error exists related to invalid DTLS fragment handling that could lead to execution of arbitrary code. Note this issue only affects OpenSSL when used as a DTLS client or server. (CVE-2014-0195)
- An error exists in the function 'do_ssl3_write' that could allow a NULL pointer to be dereferenced leading to denial of service attacks. Note this issue is exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2014-0198)
- An error exists related to DTLS handshake handling that could lead to denial of service attacks. Note this issue only affects OpenSSL when used as a DTLS client.
(CVE-2014-0221)
- An unspecified error exists that could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.
(CVE-2014-0224)
- An unspecified error exists related to anonymous ECDH cipher suites that could allow denial of service attacks. Note this issue only affects OpenSSL TLS clients. (CVE-2014-3470) | | last seen | 2019-02-21 | | modified | 2018-11-15 | | plugin id | 76580 | | published | 2014-07-17 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=76580 | | title | McAfee VirusScan Enterprise for Linux Multiple OpenSSL Vulnerabilities (SB10075) |
| NASL family | Misc. | | NASL id | MCAFEE_EMAIL_GATEWAY_SB10075.NASL | | description | The remote host is running a version of McAfee Email Gateway (MEG) that is affected by the multiple vulnerabilities related to the included OpenSSL library :
- An error exists in the function 'ssl3_read_bytes' that can allow data to be injected into other sessions or allow denial of service attacks. Note that this issue is exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)
- An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that can allow nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076)
- A buffer overflow error exists related to invalid DTLS fragment handling that can lead to execution of arbitrary code. Note that this issue only affects OpenSSL when used as a DTLS client or server.
(CVE-2014-0195)
- An error exists in the function 'do_ssl3_write' that can allow a NULL pointer to be dereferenced leading to denial of service attacks. Note that this issue is exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2014-0198)
- An error exists related to DTLS handshake handling that can lead to denial of service attacks. Note that this issue only affects OpenSSL when used as a DTLS client.
(CVE-2014-0221)
- An unspecified error exists that can allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks. (CVE-2014-0224)
- An unspecified error exists related to anonymous ECDH cipher suites that can allow denial of service attacks.
Note that this issue only affects OpenSSL TLS clients.
(CVE-2014-3470) | | last seen | 2019-02-21 | | modified | 2018-07-14 | | plugin id | 76579 | | published | 2014-07-17 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=76579 | | title | McAfee Email Gateway OpenSSL Multiple Vulnerabilities (SB10075) |
| NASL family | Misc. | | NASL id | OPENSSL_CCS.NASL | | description | The OpenSSL service on the remote host is potentially vulnerable to a man-in-the-middle (MiTM) attack, based on its response to two consecutive 'ChangeCipherSpec' messages during the incorrect phase of an SSL/TLS handshake.
This flaw could allow a MiTM attacker to decrypt or forge SSL messages by telling the service to begin encrypted communications before key material has been exchanged, which causes predictable keys to be used to secure future traffic.
OpenSSL 1.0.1 is known to be exploitable. OpenSSL 0.9.8 and 1.0.0 are not known to be vulnerable; however, the OpenSSL team has advised that users of these older versions upgrade as a precaution. This plugin detects and reports all versions of OpenSSL that are potentially exploitable.
Note that Nessus has only tested for an SSL/TLS MiTM vulnerability (CVE-2014-0224). However, Nessus has inferred that the OpenSSL service on the remote host is also affected by six additional vulnerabilities that were disclosed in OpenSSL's June 5th, 2014 security advisory :
- An error exists in the 'ssl3_read_bytes' function that permits data to be injected into other sessions or allows denial of service attacks. Note that this issue is exploitable only if SSL_MODE_RELEASE_BUFFERS is enabled. (CVE-2010-5298)
- An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that allows nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076)
- A buffer overflow error exists related to invalid DTLS fragment handling that permits the execution of arbitrary code or allows denial of service attacks.
Note that this issue only affects OpenSSL when used as a DTLS client or server. (CVE-2014-0195)
- An error exists in the 'do_ssl3_write' function that permits a NULL pointer to be dereferenced, which could allow denial of service attacks. Note that this issue is exploitable only if SSL_MODE_RELEASE_BUFFERS is enabled. (CVE-2014-0198)
- An error exists related to DTLS handshake handling that could allow denial of service attacks. Note that this issue only affects OpenSSL when used as a DTLS client.
(CVE-2014-0221)
- An error exists in the 'dtls1_get_message_fragment' function related to anonymous ECDH cipher suites. This could allow denial of service attacks. Note that this issue only affects OpenSSL TLS clients. (CVE-2014-3470)
OpenSSL did not release individual patches for these vulnerabilities, instead they were all patched under a single version release. Note that the service will remain vulnerable after patching until the service or host is restarted. | | last seen | 2019-02-21 | | modified | 2018-07-16 | | plugin id | 74326 | | published | 2014-06-05 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=74326 | | title | OpenSSL 'ChangeCipherSpec' MiTM Potential Vulnerability |
| NASL family | Misc. | | NASL id | XEROX_XRX15AO_COLORQUBE.NASL | | description | According to its model number and software version, the remote host is a Xerox ColorQube device that is affected by multiple vulnerabilities :
- An information disclosure vulnerability exists in the bundled version of OpenSSL due to a flaw in the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that allows nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack.
(CVE-2014-0076)
- A denial of service vulnerability exists in the bundled version of OpenSSL due to a recursion flaw in the DTLS functionality. A remote attacker can exploit this, via a specially crafted request, to crash the DTLS client application. (CVE-2014-0221)
- An unspecified error exists in the bundled version of OpenSSL due to a flaw in the handshake process. A remote attacker can exploit this, via a crafted handshake, to force the client or server to use weak keying material, allowing simplified man-in-the-middle attacks.
(CVE-2014-0224)
- A denial of service vulnerability exists in the bundled version of OpenSSL due to an unspecified flaw related to the ECDH ciphersuite. Note this issue only affects OpenSSL TLS clients. (CVE-2014-3470)
- A cross-site scripting vulnerability exists due to improper validation of user-supplied input. A remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. | | last seen | 2019-02-21 | | modified | 2019-01-02 | | plugin id | 86710 | | published | 2015-11-03 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=86710 | | title | Xerox ColorQube 8570 / 8870 Multiple Vulnerabilities (XRX15OA) |
| NASL family | SuSE Local Security Checks | | NASL id | HP_VCA_SSRT101614-SLES.NASL | | description | The RPM installation of HP Version Control Agent (VCA) on the remote Linux host is a version prior to 7.3.3. It is, therefore, affected by multiple vulnerabilities in the bundled version of SSL :
- An error exists in the 'ssl3_read_bytes' function that permits data to be injected into other sessions or allows denial of service attacks. Note that this issue is exploitable only if SSL_MODE_RELEASE_BUFFERS is enabled. (CVE-2010-5298)
- A flaw in the ECDS Algorithm implementation can be triggered using a FLUSH+RELOAD cache side-channel attack which may allow a malicious process to recover ECDSA nonces. (CVE-2014-0076)
- A buffer overflow error exists related to invalid DTLS fragment handling that permits the execution of arbitrary code or allows denial of service attacks.
Note that this issue only affects OpenSSL when used as a DTLS client or server. (CVE-2014-0195)
- An error exists in the 'do_ssl3_write' function that permits a NULL pointer to be dereferenced, which could allow denial of service attacks. Note that this issue is exploitable only if SSL_MODE_RELEASE_BUFFERS is enabled. (CVE-2014-0198)
- An error exists related to DTLS handshake handling that could allow denial of service attacks. Note that this issue only affects OpenSSL when used as a DTLS client.
(CVE-2014-0221)
- An error exists in the processing of ChangeCipherSpec messages that allows the usage of weak keying material.
This permits simplified man-in-the-middle attacks to be done. (CVE-2014-0224)
- An error exists in the 'dtls1_get_message_fragment' function related to anonymous ECDH cipher suites. This could allow denial of service attacks. Note that this issue only affects OpenSSL TLS clients. (CVE-2014-3470) | | last seen | 2019-02-21 | | modified | 2018-09-17 | | plugin id | 77152 | | published | 2014-08-12 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=77152 | | title | HP Version Control Agent (VCA) < 7.3.3 Multiple SSL Vulnerabilities |
| NASL family | Misc. | | NASL id | VMWARE_VMSA-2014-0004_REMOTE.NASL | | description | The remote VMware ESXi host is affected by multiple vulnerabilities in the OpenSSL third-party library :
- A flaw exist in the Elliptic Curve Digital Signature Algorithm (ECDSA) implementation due to a failure to insure that certain swap operations have a constant-time behavior. An attacker can exploit this to obtain the ECDSA nonces by using a FLUSH+RELOAD cache side-channel attack. (CVE-2014-0076)
- An out-of-bounds read error, known as Heartbleed, exists in the TLS/DTLS implementation due to improper handling of TLS heartbeat extension packets. A remote attacker, using crafted packets, can trigger a buffer over-read, resulting in the disclosure of up to 64KB of process memory, which contains sensitive information such as primary key material, secondary key material, and other protected content. (CVE-2014-0160) | | last seen | 2019-02-21 | | modified | 2018-08-06 | | plugin id | 87676 | | published | 2015-12-30 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=87676 | | title | VMware ESXi Multiple OpenSSL Vulnerabilities (VMSA-2014-0004) (Heartbleed) |
| NASL family | Slackware Local Security Checks | | NASL id | SLACKWARE_SSA_2014-098-01.NASL | | description | New openssl packages are available for Slackware 14.0, 14.1, and
-current to fix security issues. | | last seen | 2018-09-01 | | modified | 2014-06-14 | | plugin id | 73409 | | published | 2014-04-08 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=73409 | | title | Slackware 14.0 / 14.1 / current : openssl (SSA:2014-098-01) |
| NASL family | VMware ESX Local Security Checks | | NASL id | VMWARE_VMSA-2014-0004.NASL | | description | a. Information Disclosure vulnerability in OpenSSL third-party library
The OpenSSL library is updated to version openssl-1.0.1g to resolve multiple security issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2014-0076 and CVE-2014-0160 to these issues.
CVE-2014-0160 is known as the Heartbleed issue. More information on this issue may be found in the reference section.
To remediate the issue for products that have updated versions or patches available, perform these steps:
* Deploy the VMware product update or product patches
* Replace certificates per the product-specific documentation
* Reset passwords per the product-specific documentation
Section 4 lists product-specific references to installation instructions and certificate management documentation. | | last seen | 2019-02-21 | | modified | 2018-08-06 | | plugin id | 73851 | | published | 2014-05-03 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=73851 | | title | VMSA-2014-0004 : VMware product updates address OpenSSL security vulnerabilities |
| NASL family | MacOS X Local Security Checks | | NASL id | MACOSX_FUSION_6_0_3.NASL | | description | The version of VMware Fusion 6.x installed on the remote Mac OS X host is prior to 6.0.3. It is, therefore, reportedly affected by the following vulnerabilities in the OpenSSL library :
- An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076)
- An out-of-bounds read error, known as the 'Heartbleed Bug', exists related to handling TLS heartbeat extensions that could allow an attacker to obtain sensitive information such as primary key material, secondary key material and other protected content.
(CVE-2014-0160) | | last seen | 2019-02-21 | | modified | 2018-07-14 | | plugin id | 73670 | | published | 2014-04-21 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=73670 | | title | VMware Fusion 6.x < 6.0.3 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Heartbleed) |
| NASL family | Windows | | NASL id | VMWARE_WORKSTATION_MULTIPLE_VMSA_2014_0004.NASL | | description | The version of VMware Workstation installed on the remote host is version 10.x prior to 10.0.2. It is, therefore, reportedly affected by the following vulnerabilities in the OpenSSL library :
- An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076)
- An out-of-bounds read error, known as the 'Heartbleed Bug', exists related to handling TLS heartbeat extensions that could allow an attacker to obtain sensitive information such as primary key material, secondary key material and other protected content.
(CVE-2014-0160) | | last seen | 2019-02-21 | | modified | 2018-08-06 | | plugin id | 73674 | | published | 2014-04-21 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=73674 | | title | VMware Workstation 10.x < 10.0.2 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Heartbleed) |
| NASL family | General | | NASL id | IBM_GSKIT_8_0_50_20_LINUX.NASL | | description | The remote Linux host has a version of IBM Global Security Kit prior to 7.0.4.50 / 8.0.14.43 / 8.0.50.20. It is, therefore, affected by the following vulnerabilities :
- An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076)
- A denial of service vulnerability exists which an attacker can exploit by sending a specially crafted SSL request to cause the host to become unresponsive.
(CVE-2014-0963) | | last seen | 2019-02-21 | | modified | 2018-07-12 | | plugin id | 74288 | | published | 2014-06-03 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=74288 | | title | IBM Global Security Kit 7 < 7.0.4.50 / 8.0.14.x < 8.0.14.43 / 8.0.50.x < 8.0.50.20 Multiple Vulnerabilities (Linux) |
| NASL family | Misc. | | NASL id | TIVOLI_ACCESS_MANAGER_EBIZ_6_1_1_10.NASL | | description | According to its self-reported version, the install of the IBM Tivoli Access Manager for e-Business is affected by multiple vulnerabilities :
- An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that allows nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076)
- A denial of service vulnerability exists that allows an attacker, using a specially crafted SSL request, to cause the host to become unresponsive. Note that this issue only affects the WebSEAL component and a workaround is available. (CVE-2014-0963) | | last seen | 2019-02-21 | | modified | 2018-11-15 | | plugin id | 80479 | | published | 2015-01-13 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=80479 | | title | IBM Tivoli Access Manager for e-Business < 6.0.0.33 / 6.1.0.14 / 6.1.1.10 SSL Multiple Vulnerabilities |
| NASL family | Debian Local Security Checks | | NASL id | DEBIAN_DSA-2908.NASL | | description | Multiple vulnerabilities have been discovered in OpenSSL. The following Common Vulnerabilities and Exposures project ids identify them :
- CVE-2010-5298 A read buffer can be freed even when it still contains data that is used later on, leading to a use-after-free.
Given a race condition in a multi-threaded application it may permit an attacker to inject data from one connection into another or cause denial of service.
- CVE-2014-0076 ECDSA nonces can be recovered through the Yarom/Benger FLUSH+RELOAD cache side-channel attack.
A third issue, with no CVE id, is the missing detection of the'critical' flag for the TSA extended key usage under certain cases.
Additionally, this update checks for more services that might need to be restarted after upgrades of libssl, corrects the detection of apache2 and postgresql, and adds support for the 'libraries/restart-without-asking' debconf configuration. This allows services to be restarted on upgrade without prompting.
The oldstable distribution (squeeze) is not affected by CVE-2010-5298 and it might be updated at a later time to address the remaining vulnerabilities. | | last seen | 2019-02-21 | | modified | 2018-11-28 | | plugin id | 73599 | | published | 2014-04-18 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=73599 | | title | Debian DSA-2908-1 : openssl - security update |
| NASL family | Windows | | NASL id | VMWARE_PLAYER_MULTIPLE_VMSA_2014-0004.NASL | | description | The installed version of VMware Player 6.x running on Windows is earlier than 6.0.2. It is, therefore, reportedly affected by the following vulnerabilities in the OpenSSL library :
- An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076)
- An out-of-bounds read error, known as the 'Heartbleed Bug', exists related to handling TLS heartbeat extensions that could allow an attacker to obtain sensitive information such as primary key material, secondary key material and other protected content.
(CVE-2014-0160) | | last seen | 2019-02-21 | | modified | 2018-08-06 | | plugin id | 73672 | | published | 2014-04-21 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=73672 | | title | VMware Player 6.x < 6.0.2 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Heartbleed) |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_11_LIBOPENSSL-DEVEL-140327.NASL | | description | OpenSSL has been updated to fix an attack on ECDSA Nonces.
Using the FLUSH+RELOAD Cache Side-channel Attack the Nonces could have been recovered.
This update also ensures that the stack is marked non-executable on x86 32bit (bnc#870192). On other processor platforms it was already marked as non-executable before. | | last seen | 2019-02-21 | | modified | 2014-04-17 | | plugin id | 73592 | | published | 2014-04-17 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=73592 | | title | SuSE 11.3 Security Update : OpenSSL (SAT Patch Number 9073) |
| NASL family | Web Servers | | NASL id | WEBSPHERE_8_5_5_3.NASL | | description | The remote host appears to be running IBM WebSphere Application Server 8.5 prior to Fix Pack 8.5.5.3. It is, therefore, affected by the following vulnerabilities :
- A flaw exists in the Elliptic Curve Digital Signature Algorithm implementation which could allow a malicious process to recover ECDSA nonces.
(CVE-2014-0076, PI19700)
- A denial of service flaw exists in the 'mod_log_config' when logging a cookie with an unassigned value. A remote attacker, using a specially crafted request, can cause the program to crash. (CVE-2014-0098, PI13028)
- A denial of service flaw exists within the IBM Security Access Manager for Web with the Reverse Proxy component.
This could allow a remote attacker, using specially crafted TLS traffic, to cause the application on the system to become unresponsive. (CVE-2014-0963, PI17025)
- An information disclosure flaw exists when handling SOAP responses. This could allow a remote attacker to potentially gain access to sensitive information.
(CVE-2014-0965, PI11434)
- An information disclosure flaw exists. A remote attacker, using a specially crafted URL, could gain access to potentially sensitive information.
(CVE-2014-3022, PI09594)
- A flaw exists within the 'addFileRegistryAccount' Virtual Member Manager SPI Admin Task, which creates improper accounts. This could allow a remote attacker to bypass security checks. (CVE-2014-3070, PI16765)
- An unspecified information disclosure flaw exists. This could allow a remote attacker access to gain sensitive information. (CVE-2014-3083, PI17768)
- An information disclosure flaw exists within the 'share/classes/sun/security/rsa/RSACore.java' class related to 'RSA blinding' caused during operations using private keys and measuring timing differences. This could allow a remote attacker to gain information about used keys. (CVE-2014-4244)
- A flaw exists within the 'validateDHPublicKey' function in the 'share/classes/sun/security/util/KeyUtil.java' class which is triggered during the validation of Diffie-Hellman public key parameters. This could allow a remote attacker to recover a key. (CVE-2014-4263)
- A flaw exists within the Load Balancer for IPv4 Dispatcher component. This could allow a remote attacker to crash the Load Balancer. (CVE-2014-4764, PI21189)
- A flaw exists within the Liberty Repository when installing features. This could allow an authenticated remote attacker to install and execute arbitrary code.
(CVE-2014-4767, PI21284) | | last seen | 2019-02-21 | | modified | 2018-08-06 | | plugin id | 77438 | | published | 2014-08-29 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=77438 | | title | IBM WebSphere Application Server 8.5 < Fix Pack 8.5.5.3 Multiple Vulnerabilities |
| NASL family | Windows | | NASL id | IBM_GPFS_ISG3T1020683.NASL | | description | A version of IBM General Parallel File System (GPFS) prior to 3.5.0.17 is installed on the remote host. It is, therefore, affected by multiple vulnerabilities related to OpenSSL:
- An information disclosure vulnerability exists due to a flaw in the OpenSSL library, due to an implementation error in ECDSA (Elliptic Curve Digital Signature Algorithm). An attacker could potentially exploit this vulnerability to recover ECDSA nonces. (CVE-2014-0076)
- An information disclosure vulnerability exists due to a flaw in the OpenSSL library, commonly known as the Heartbleed bug. An attacker could potentially exploit this vulnerability repeatedly to read up to 64KB of memory from the device. (CVE-2014-0160) | | last seen | 2019-02-21 | | modified | 2018-07-12 | | plugin id | 74104 | | published | 2014-05-20 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=74104 | | title | IBM General Parallel File System 3.5 < 3.5.0.17 Multiple OpenSSL Vulnerabilities (Heartbleed) |
| NASL family | General | | NASL id | VMWARE_PLAYER_LINUX_6_0_2.NASL | | description | The installed version of VMware Player 6.x running on Linux is prior to 6.0.2. It is, therefore, reportedly affected by the following vulnerabilities in the OpenSSL library :
- An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076)
- An out-of-bounds read error, known as the 'Heartbleed Bug', exists related to handling TLS heartbeat extensions that could allow an attacker to obtain sensitive information such as primary key material, secondary key material and other protected content.
(CVE-2014-0160) | | last seen | 2019-02-21 | | modified | 2018-08-06 | | plugin id | 73671 | | published | 2014-04-21 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=73671 | | title | VMware Player 6.x < 6.0.2 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Linux) (Heartbleed) |
| NASL family | Misc. | | NASL id | VMWARE_ESXI_5_5_BUILD_1746974_REMOTE.NASL | | description | The remote VMware ESXi host is 5.5 prior to build 1746974 or 5.5 Update 1 prior to build 1746018. It is, therefore, potentially affected by the following vulnerabilities in the OpenSSL library :
- An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076)
- An out-of-bounds read error, known as the 'Heartbleed Bug', exists related to handling TLS heartbeat extensions that could allow an attacker to obtain sensitive information such as primary key material, secondary key material, and other protected content.
(CVE-2014-0160 | | last seen | 2019-02-21 | | modified | 2018-08-06 | | plugin id | 73917 | | published | 2014-05-08 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=73917 | | title | ESXi 5.5 < Build 1746974 / 5.5 Update 1 < Build 1746018 OpenSSL Library Multiple Vulnerabilities (remote check) (Heartbleed) |
| NASL family | Web Servers | | NASL id | OPENSSL_1_0_0M.NASL | | description | According to its banner, the remote web server uses a version of OpenSSL 1.0.0 prior to 1.0.0m. The OpenSSL library is, therefore, reportedly affected by the following vulnerabilities :
- An error exists in the function 'ssl3_read_bytes' that could allow data to be injected into other sessions or allow denial of service attacks. Note this issue is only exploitable if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)
- An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076)
- A buffer overflow error exists related to invalid DTLS fragment handling that could lead to execution of arbitrary code. Note this issue only affects OpenSSL when used as a DTLS client or server. (CVE-2014-0195)
- An error exists in the function 'do_ssl3_write' that could allow a NULL pointer to be dereferenced leading to denial of service attacks. Note this issue is exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2014-0198)
- An error exists related to DTLS handshake handling that could lead to denial of service attacks. Note this issue only affects OpenSSL when used as a DTLS client.
(CVE-2014-0221)
- An unspecified error exists that could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.
(CVE-2014-0224)
- An unspecified error exists related to anonymous ECDH ciphersuites that could allow denial of service attacks. Note this issue only affects OpenSSL TLS clients. (CVE-2014-3470)
- An integer underflow condition exists in the EVP_DecodeUpdate() function due to improper validation of base64 encoded input when decoding. This allows a remote attacker, using maliciously crafted base64 data, to cause a segmentation fault or memory corruption, resulting in a denial of service or possibly the execution of arbitrary code. (CVE-2015-0292) | | last seen | 2019-02-21 | | modified | 2018-11-15 | | plugin id | 73403 | | published | 2014-04-08 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=73403 | | title | OpenSSL 1.0.0 < 1.0.0m Multiple Vulnerabilities |
| NASL family | MacOS X Local Security Checks | | NASL id | MACOSX_CISCO_ANYCONNECT_3_1_5170.NASL | | description | The remote host has a version of Cisco AnyConnect prior to 3.1(5170).
It is, therefore, potentially affected by the following vulnerabilities :
- An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076)
- A buffer overflow error exists related to invalid DTLS fragment handling that could lead to execution of arbitrary code. Note this issue only affects OpenSSL when used as a DTLS client or server. (CVE-2014-0195)
- An error exists related to DTLS handshake handling that could lead to denial of service attacks. Note this issue only affects OpenSSL when used as a DTLS client.
(CVE-2014-0221)
- An unspecified error exists that could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.
(CVE-2014-0224) | | last seen | 2019-02-21 | | modified | 2018-07-14 | | plugin id | 76492 | | published | 2014-07-14 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=76492 | | title | Mac OS X : Cisco AnyConnect Secure Mobility Client 2.x / 3.x < 3.1(5170) Multiple OpenSSL Vulnerabilities |
| NASL family | Web Servers | | NASL id | OPENSSL_0_9_8ZA.NASL | | description | According to its banner, the remote web server uses a version of OpenSSL 0.9.8 prior to 0.9.8za. The OpenSSL library is, therefore, reportedly affected by the following vulnerabilities :
- An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076)
- A buffer overflow error exists related to invalid DTLS fragment handling that could lead to execution of arbitrary code. Note this issue only affects OpenSSL when used as a DTLS client or server. (CVE-2014-0195)
- An error exists related to DTLS handshake handling that could lead to denial of service attacks. Note this issue only affects OpenSSL when used as a DTLS client.
(CVE-2014-0221)
- An unspecified error exists that could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.
(CVE-2014-0224)
- An unspecified error exists related to anonymous ECDH ciphersuites that could allow denial of service attacks. Note this issue only affects OpenSSL TLS clients. (CVE-2014-3470) | | last seen | 2019-02-21 | | modified | 2018-11-15 | | plugin id | 74363 | | published | 2014-06-06 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=74363 | | title | OpenSSL 0.9.8 < 0.9.8za Multiple Vulnerabilities |
|
