ID CVE-2015-1789
Summary The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.
References
Vulnerable Configurations
  • OpenSSL 0.9.8zf
    cpe:2.3:a:openssl:openssl:0.9.8zf
  • OpenSSL Project OpenSSL 1.0.0
    cpe:2.3:a:openssl:openssl:1.0.0
  • OpenSSL Project OpenSSL 1.0.0 Beta1
    cpe:2.3:a:openssl:openssl:1.0.0:beta1
  • OpenSSL Project OpenSSL 1.0.0 Beta2
    cpe:2.3:a:openssl:openssl:1.0.0:beta2
  • OpenSSL Project OpenSSL 1.0.0 Beta3
    cpe:2.3:a:openssl:openssl:1.0.0:beta3
  • OpenSSL Project OpenSSL 1.0.0 Beta4
    cpe:2.3:a:openssl:openssl:1.0.0:beta4
  • OpenSSL Project OpenSSL 1.0.0 Beta5
    cpe:2.3:a:openssl:openssl:1.0.0:beta5
  • OpenSSL Project OpenSSL 1.0.0a
    cpe:2.3:a:openssl:openssl:1.0.0a
  • OpenSSL Project OpenSSL 1.0.0b
    cpe:2.3:a:openssl:openssl:1.0.0b
  • OpenSSL Project OpenSSL 1.0.0c
    cpe:2.3:a:openssl:openssl:1.0.0c
  • OpenSSL Project OpenSSL 1.0.0d
    cpe:2.3:a:openssl:openssl:1.0.0d
  • OpenSSL Project OpenSSL 1.0.0e
    cpe:2.3:a:openssl:openssl:1.0.0e
  • OpenSSL Project OpenSSL 1.0.0f
    cpe:2.3:a:openssl:openssl:1.0.0f
  • OpenSSL Project OpenSSL 1.0.0g
    cpe:2.3:a:openssl:openssl:1.0.0g
  • OpenSSL Project OpenSSL 1.0.0h
    cpe:2.3:a:openssl:openssl:1.0.0h
  • OpenSSL Project OpenSSL 1.0.0i
    cpe:2.3:a:openssl:openssl:1.0.0i
  • OpenSSL Project OpenSSL 1.0.0j
    cpe:2.3:a:openssl:openssl:1.0.0j
  • OpenSSL Project OpenSSL 1.0.0k
    cpe:2.3:a:openssl:openssl:1.0.0k
  • OpenSSL Project OpenSSL 1.0.0l
    cpe:2.3:a:openssl:openssl:1.0.0l
  • OpenSSL Project OpenSSL 1.0.0m
    cpe:2.3:a:openssl:openssl:1.0.0m
  • OpenSSL Project OpenSSL 1.0.0n
    cpe:2.3:a:openssl:openssl:1.0.0n
  • OpenSSL OpenSSL 1.0.0o
    cpe:2.3:a:openssl:openssl:1.0.0o
  • OpenSSL Project OpenSSL 1.0.0p
    cpe:2.3:a:openssl:openssl:1.0.0p
  • OpenSSL Project OpenSSL 1.0.0q
    cpe:2.3:a:openssl:openssl:1.0.0q
  • OpenSSL OpenSSL 1.0.0r
    cpe:2.3:a:openssl:openssl:1.0.0r
  • OpenSSL Project OpenSSL 1.0.1
    cpe:2.3:a:openssl:openssl:1.0.1
  • OpenSSL Project OpenSSL 1.0.1 Beta1
    cpe:2.3:a:openssl:openssl:1.0.1:beta1
  • OpenSSL Project OpenSSL 1.0.1 Beta2
    cpe:2.3:a:openssl:openssl:1.0.1:beta2
  • OpenSSL Project OpenSSL 1.0.1 Beta3
    cpe:2.3:a:openssl:openssl:1.0.1:beta3
  • OpenSSL Project OpenSSL 1.0.1a
    cpe:2.3:a:openssl:openssl:1.0.1a
  • OpenSSL Project OpenSSL 1.0.1b
    cpe:2.3:a:openssl:openssl:1.0.1b
  • OpenSSL Project OpenSSL 1.0.1c
    cpe:2.3:a:openssl:openssl:1.0.1c
  • OpenSSL Project OpenSSL 1.0.1d
    cpe:2.3:a:openssl:openssl:1.0.1d
  • OpenSSL Project OpenSSL 1.0.1e
    cpe:2.3:a:openssl:openssl:1.0.1e
  • OpenSSL Project OpenSSL 1.0.1f
    cpe:2.3:a:openssl:openssl:1.0.1f
  • OpenSSL Project OpenSSL 1.0.1g
    cpe:2.3:a:openssl:openssl:1.0.1g
  • OpenSSL Project OpenSSL 1.0.1h
    cpe:2.3:a:openssl:openssl:1.0.1h
  • OpenSSL Project OpenSSL 1.0.1i
    cpe:2.3:a:openssl:openssl:1.0.1i
  • OpenSSL Project OpenSSL 1.0.1j
    cpe:2.3:a:openssl:openssl:1.0.1j
  • OpenSSL Project OpenSSL 1.0.1k
    cpe:2.3:a:openssl:openssl:1.0.1k
  • OpenSSL Project OpenSSL 1.0.1l
    cpe:2.3:a:openssl:openssl:1.0.1l
  • OpenSSL OpenSSL 1.0.1m
    cpe:2.3:a:openssl:openssl:1.0.1m
  • OpenSSL Project OpenSSL 1.0.2
    cpe:2.3:a:openssl:openssl:1.0.2
  • OpenSSL Project OpenSSL 1.0.2-beta1
    cpe:2.3:a:openssl:openssl:1.0.2:beta1
  • OpenSSL OpenSSL 1.0.2a
    cpe:2.3:a:openssl:openssl:1.0.2a
  • Oracle Sparc-OPL Service Processor 1121
    cpe:2.3:a:oracle:sparc-opl_service_processor:1121
CVSS
Base: 4.3 (as of 01-11-2016 - 13:05)
Impact:
Exploitability:
CWE CWE-119
CAPEC
  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
  • Overflow Binary Resource File
    An attack of this type exploits a buffer overflow vulnerability in the handling of binary resources. Binary resources may include music files like MP3, image files like JPEG files, and any other binary file. These attacks may pass unnoticed to the client machine through normal usage of files, such as a browser loading a seemingly innocent JPEG file. This can allow the attacker access to the execution stack and execute arbitrary code in the target process. This attack pattern is a variant of standard buffer overflow attacks using an unexpected vector (binary files) to wrap its attack and open up a new attack vector. The attacker is required to either directly serve the binary content to the victim, or place it in a locale like a MP3 sharing application, for the victim to download. The attacker then is notified upon the download or otherwise locates the vulnerability opened up by the buffer overflow.
  • Buffer Overflow via Symbolic Links
    This type of attack leverages the use of symbolic links to cause buffer overflows. An attacker can try to create or manipulate a symbolic link file such that its contents result in out of bounds data. When the target software processes the symbolic link file, it could potentially overflow internal buffers with insufficient bounds checking.
  • Overflow Variables and Tags
    This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The attacker crafts a malicious HTML page or configuration file that includes oversized strings, thus causing an overflow.
  • Buffer Overflow via Parameter Expansion
    In this attack, the target software is given input that the attacker knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.
  • Buffer Overflow in an API Call
    This attack targets libraries or shared code modules which are vulnerable to buffer overflow attacks. An attacker who has access to an API may try to embed malicious code in the API function call and exploit a buffer overflow vulnerability in the function's implementation. All clients that make use of the code library thus become vulnerable by association. This has a very broad effect on security across a system, usually affecting more than one software process.
  • Buffer Overflow in Local Command-Line Utilities
    This attack targets command-line utilities available in a number of shells. An attacker can leverage a vulnerability found in a command-line utility to escalate privilege to root.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-507.NASL
    description libressl was updated to version 2.2.1 to fix 16 security issues. LibreSSL is a fork of OpenSSL. Because of that CVEs affecting OpenSSL often also affect LibreSSL. These security issues were fixed : - CVE-2014-3570: The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k did not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c (bsc#912296). - CVE-2014-3572: The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allowed remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message (bsc#912015). - CVE-2015-1792: The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allowed remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function (bsc#934493). - CVE-2014-8275: OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k did not enforce certain constraints on certificate data, which allowed remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c (bsc#912018). - CVE-2015-0209: Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import (bsc#919648). - CVE-2015-1789: The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allowed remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback (bsc#934489). - CVE-2015-1788: The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b did not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allowed remote attackers to cause a denial of service (infinite loop) via a session that used an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication (bsc#934487). - CVE-2015-1790: The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that used ASN.1 encoding and lacks inner EncryptedContent data (bsc#934491). - CVE-2015-0287: The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a did not reinitialize CHOICE and ADB data structures, which might allowed attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse (bsc#922499). - CVE-2015-0286: The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a did not properly perform boolean-type comparisons, which allowed remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that used the certificate-verification feature (bsc#922496). - CVE-2015-0289: The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a did not properly handle a lack of outer ContentInfo, which allowed attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (bsc#922500). - CVE-2015-0288: The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allowed attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key (bsc#920236). - CVE-2014-8176: The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allowed remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data (bsc#934494). - CVE-2015-4000: The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, did not properly convey a DHE_EXPORT choice, which allowed man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the 'Logjam' issue (bsc#931600). - CVE-2015-0205: The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allowed remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support (bsc#912293). - CVE-2015-0206: Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allowed remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection (bsc#912292).
    last seen 2019-01-16
    modified 2016-10-13
    plugin id 84998
    published 2015-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84998
    title openSUSE Security Update : libressl (openSUSE-2015-507) (Logjam)
  • NASL family Firewalls
    NASL id PFSENSE_SA-15_06.NASL
    description According to its self-reported version number, the remote pfSense install is prior to 2.2.3. It is, therefore, affected by multiple vulnerabilities as stated in the referenced vendor advisories.
    last seen 2019-01-16
    modified 2018-07-24
    plugin id 106495
    published 2018-01-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106495
    title pfSense < 2.2.3 Multiple Vulnerabilities (SA-15_07) (Logjam)
  • NASL family CISCO
    NASL id CISCO_ACE_A5_3_3.NASL
    description The Cisco Application Control Engine (ACE) software installed on the remote Cisco ACE 4710 device or ACE30 module is version A5 prior to A5(3.3). It is, therefore, affected by multiple vulnerabilities : - An invalid free memory error exists due to improper validation of user-supplied input when a DTLS peer receives application data between ChangeCipherSpec and Finished messages. A remote attacker can exploit this to corrupt memory, resulting in a denial of service or the execution of arbitrary code. (CVE-2014-8176) - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788) - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. (CVE-2015-1789) - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner 'EncryptedContent'. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790) - A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. A remote attacker can exploit this to cause a denial of service condition or other potential unspecified impact. (CVE-2015-1791) - A denial of service vulnerability exists in the CMS code due to an infinite loop that occurs when verifying a signedData message. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1792) - The symmetric-key feature in the receive function requires a correct message authentication code (MAC) only if the MAC field has a nonzero length. This makes it easier for a man-in-the-middle attacker to spoof packets by omitting the MAC. (CVE-2015-1798) - A flaw exists in the symmetric-key feature in the receive function when handling a specially crafted packet sent to one of two hosts that are peering with each other. This allows an attacker to cause the next attempt by the servers to synchronize to fail. (CVE-2015-1799) - A man-in-the-middle vulnerability, known as Logjam, exists due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000) - A flaw exists in the TLS 1.x implementation in the Cavium SDK due to a failure to check the first byte of the padding bytes. A man-in-the-middle attacker can exploit this, by sending specially crafted requests to the server, to induce requests that allow determining the plaintext chunks of data. This vulnerability is a variant of the POODLE attack. (CVE-2015-4595)
    last seen 2019-01-16
    modified 2018-07-06
    plugin id 91427
    published 2016-06-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91427
    title Cisco ACE 4710 Appliance / ACE30 Module Multiple Vulnerabilities (Logjam)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-294.NASL
    description This update for libopenssl0_9_8 fixes the following issues : - CVE-2016-0800 aka the 'DROWN' attack (bsc#968046): OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. This update changes the openssl library to : - Disable SSLv2 protocol support by default. This can be overridden by setting the environment variable 'OPENSSL_ALLOW_SSL2' or by using SSL_CTX_clear_options using the SSL_OP_NO_SSLv2 flag. Note that various services and clients had already disabled SSL protocol 2 by default previously. - Disable all weak EXPORT ciphers by default. These can be reenabled if required by old legacy software using the environment variable 'OPENSSL_ALLOW_EXPORT'. - CVE-2016-0797 (bnc#968048): The BN_hex2bn() and BN_dec2bn() functions had a bug that could result in an attempt to de-reference a NULL pointer leading to crashes. This could have security consequences if these functions were ever called by user applications with large untrusted hex/decimal data. Also, internal usage of these functions in OpenSSL uses data from config files or application command line arguments. If user developed applications generated config file data based on untrusted data, then this could have had security consequences as well. - CVE-2016-0799 (bnc#968374) On many 64 bit systems, the internal fmtstr() and doapr_outch() functions could miscalculate the length of a string and attempt to access out-of-bounds memory locations. These problems could have enabled attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could have been vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could have been vulnerable if the data is from untrusted sources. OpenSSL command line applications could also have been vulnerable when they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. - The package was updated to 0.9.8zh : - fixes many security vulnerabilities (not separately listed): CVE-2015-3195, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1792, CVE-2015-1791, CVE-2015-0286, CVE-2015-0287, CVE-2015-0289, CVE-2015-0293, CVE-2015-0209, CVE-2015-0288, CVE-2014-3571, CVE-2014-3569, CVE-2014-3572, CVE-2015-0204, CVE-2014-8275, CVE-2014-3570, CVE-2014-3567, CVE-2014-3568, CVE-2014-3566, CVE-2014-3510, CVE-2014-3507, CVE-2014-3506, CVE-2014-3505, CVE-2014-3508, CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-3470, CVE-2014-0076, CVE-2013-0169, CVE-2013-0166 - avoid running OPENSSL_config twice. This avoids breaking engine loading. (boo#952871, boo#967787) - fix CVE-2015-3197 (boo#963415) - SSLv2 doesn't block disabled ciphers
    last seen 2019-01-16
    modified 2016-12-07
    plugin id 89651
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89651
    title openSUSE Security Update : libopenssl0_9_8 (openSUSE-2016-294) (DROWN) (FREAK) (POODLE)
  • NASL family CGI abuses
    NASL id PUPPET_ENTERPRISE_ACTIVEMQ_PSQL_SSL.NASL
    description According to its self-reported version number, the Puppet Enterprise application running on the remote host is 3.x prior to 3.8.1. It is, therefore, affected by the following vulnerabilities : - An XML external entity injection (XXE) flaw exists in the Apache ActiveMQ component due to a faulty configuration that allows an XML parser to accept XML external entities from untrusted sources. A remote attacker, by sending crafted XML data, can exploit this to disclose arbitrary files. (CVE-2014-3600) - An authentication bypass vulnerability exists in the Apache ActiveMQ component due to a flaw in the LDAPLoginModule implementation. A remote attacker can exploit this to bypass authentication mechanisms. (CVE-2014-3612) - Multiple cross-site scripting vulnerabilities exist in the administrative console of Apache ActiveMQ that allow a remote attacker to inject arbitrary HTML or web scripts. (CVE-2014-8110) - An invalid free memory error exists due to improper validation of user-supplied input when a DTLS peer receives application data between ChangeCipherSpec and Finished messages. A remote attacker can exploit this to corrupt memory, resulting in a denial of service or the execution of arbitrary code. (CVE-2014-8176) - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788) - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. (CVE-2015-1789) - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner 'EncryptedContent'. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790) - A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. (CVE-2015-1791) - A denial of service vulnerability exists in the CMS code due to an infinite loop that occurs when verifying a signedData message. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1792) - A double-free memory flaw exists in PostgreSQL due to a timeout interrupt occurring partway in the session shutdown sequence. A remote attacker, by closing an SSL session when the authentication timeout expires, can exploit this flaw to cause a denial of service. (CVE-2015-3165) - An out-of-memory condition exists in the printf() functions in PostgreSQL due to a failure to check for errors. A remote attacker can exploit this to access sensitive information. (CVE-2015-3166) - A flaw exists in contrib/pgcrypto in PostgreSQL due to cases of decryption reporting other error message texts, which a remote attacker can use to recover keys from other systems. (CVE-2015-3167) - A man-in-the-middle vulnerability, known as Logjam, exists due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000)
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 84960
    published 2015-07-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84960
    title Puppet Enterprise 3.x < 3.8.1 Multiple Vulnerabilities (Logjam)
  • NASL family Web Servers
    NASL id HPSMH_7_2_6.NASL
    description According to the web server's banner, the version of HP System Management Homepage (SMH) hosted on the remote web server is prior to 7.2.6. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several components and third-party libraries : - HP SMH (XSRF) - libcurl - OpenSSL
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 90251
    published 2016-03-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90251
    title HP System Management Homepage < 7.2.6 Multiple Vulnerabilities (FREAK)
  • NASL family Firewalls
    NASL id SCREENOS_JSA10733.NASL
    description The version of Juniper ScreenOS running on the remote host is 6.3.x prior to 6.3.0r22. It is, therefore, affected by multiple vulnerabilities in its bundled version of OpenSSL : - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. (CVE-2015-1789) - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner 'EncryptedContent'. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790) - A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. A remote attacker can exploit this to cause a denial of service condition or other potential unspecified impact. (CVE-2015-1791) - A flaw exists in the ASN1_TFLG_COMBINE implementation in file tasn_dec.c related to handling malformed X509_ATTRIBUTE structures. A remote attacker can exploit this to cause a memory leak by triggering a decoding failure in a PKCS#7 or CMS application, resulting in a denial of service. (CVE-2015-3195) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-01-16
    modified 2018-07-30
    plugin id 93383
    published 2016-09-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93383
    title Juniper ScreenOS 6.3.x < 6.3.0r22 Multiple Vulnerabilities in OpenSSL (JSA10733)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20150630_OPENSSL_ON_SL5_X.NASL
    description An out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL. A specially crafted X.509 certificate or a Certificate Revocation List (CRL) could possibly cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2015-1789) A NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. A specially crafted PKCS#7 input with missing EncryptedContent data could cause an application using OpenSSL to crash. (CVE-2015-1790) A flaw was found in the way the TLS protocol composes the Diffie-Hellman (DH) key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them to decrypt all traffic. (CVE-2015-4000) Note: This update forces the TLS/SSL client implementation in OpenSSL to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. Future updates may raise this limit to 1024 bits. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen 2019-01-16
    modified 2018-12-28
    plugin id 84542
    published 2015-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84542
    title Scientific Linux Security Update : openssl on SL5.x i386/x86_64 (Logjam)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-1197.NASL
    description Updated openssl packages that fix three security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL. A specially crafted X.509 certificate or a Certificate Revocation List (CRL) could possibly cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2015-1789) A NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. A specially crafted PKCS#7 input with missing EncryptedContent data could cause an application using OpenSSL to crash. (CVE-2015-1790) A flaw was found in the way the TLS protocol composes the Diffie-Hellman (DH) key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them to decrypt all traffic. (CVE-2015-4000) Note: This update forces the TLS/SSL client implementation in OpenSSL to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. Future updates may raise this limit to 1024 bits. Red Hat would like to thank the OpenSSL project for reporting CVE-2015-1789 and CVE-2015-1790. Upstream acknowledges Robert Swiecki and Hanno Bock as the original reporters of CVE-2015-1789, and Michal Zalewski as the original reporter of CVE-2015-1790. All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 84506
    published 2015-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84506
    title CentOS 5 : openssl (CESA-2015:1197) (Logjam)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2015-006.NASL
    description The remote host is running a version of Mac OS X 10.8.5 or 10.9.5 that is missing Security Update 2015-006. It is, therefore, affected by multiple vulnerabilities in the following components : - apache - apache_mod_php - CoreText - FontParser - Libinfo - libxml2 - OpenSSL - perl - PostgreSQL - QL Office - Quartz Composer Framework - QuickTime 7 - SceneKit Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen 2019-01-16
    modified 2018-07-14
    plugin id 85409
    published 2015-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85409
    title Mac OS X Multiple Vulnerabilities (Security Update 2015-006)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2015-162-01.NASL
    description New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
    last seen 2019-01-16
    modified 2016-10-19
    plugin id 84126
    published 2015-06-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84126
    title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : openssl (SSA:2015-162-01)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-247.NASL
    description Multiple vulnerabilities were discovered in OpenSSL, a Secure Sockets Layer toolkit. CVE-2014-8176 Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that an invalid memory free could be triggered when buffering DTLS data. This could allow remote attackers to cause a denial of service (crash) or potentially execute arbitrary code. This issue only affected the oldstable distribution (wheezy). CVE-2015-1789 Robert Swiecki and Hanno B??ck discovered that the X509_cmp_time function could read a few bytes out of bounds. This could allow remote attackers to cause a denial of service (crash) via crafted certificates and CRLs. CVE-2015-1790 Michal Zalewski discovered that the PKCS#7 parsing code did not properly handle missing content which could lead to a NULL pointer dereference. This could allow remote attackers to cause a denial of service (crash) via crafted ASN.1-encoded PKCS#7 blobs. CVE-2015-1791 Emilia K??sper discovered that a race condition could occur due to incorrect handling of NewSessionTicket in a multi-threaded client, leading to a double free. This could allow remote attackers to cause a denial of service (crash). CVE-2015-1792 Johannes Bauer discovered that the CMS code could enter an infinite loop when verifying a signedData message, if presented with an unknown hash function OID. This could allow remote attackers to cause a denial of service. Additionally OpenSSL will now reject handshakes using DH parameters shorter than 768 bits as a countermeasure against the Logjam attack (CVE-2015-4000). NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-07-09
    plugin id 84253
    published 2015-06-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84253
    title Debian DLA-247-1 : openssl security update (Logjam)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-10108.NASL
    description Multiple moderate and low impact security issues fixed. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2016-10-18
    plugin id 84375
    published 2015-06-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84375
    title Fedora 21 : openssl-1.0.1k-10.fc21 (2015-10108)
  • NASL family AIX Local Security Checks
    NASL id AIX_OPENSSL_ADVISORY14.NASL
    description The version of OpenSSL installed on the remote AIX host is affected by multiple vulnerabilities : - An invalid free memory error exists due to improper validation of user-supplied input when a DTLS peer receives application data between ChangeCipherSpec and Finished messages. A remote attacker can exploit this to corrupt memory, resulting in a denial of service or the execution of arbitrary code. (CVE-2014-8176) - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788) - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. (CVE-2015-1789) - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner 'EncryptedContent'. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790) - A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. (CVE-2015-1791) - A denial of service vulnerability exists in the CMS code due to an infinite loop that occurs when verifying a signedData message. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1792) - A man-in-the-middle vulnerability, known as Logjam, exists due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000)
    last seen 2019-01-16
    modified 2018-07-17
    plugin id 84880
    published 2015-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84880
    title AIX OpenSSL Advisory : openssl_advisory14.asc (Logjam)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-1143-1.NASL
    description This update of openssl fixes the following security issues : - CVE-2015-4000 (bsc#931698) - The Logjam Attack / weakdh.org - reject connections with DH parameters shorter than 1024 bits - generates 2048-bit DH parameters by default - CVE-2015-1788 (bsc#934487) - Malformed ECParameters causes infinite loop - CVE-2015-1789 (bsc#934489) - Exploitable out-of-bounds read in X509_cmp_time - CVE-2015-1790 (bsc#934491) - PKCS7 crash with missing EnvelopedContent - CVE-2015-1792 (bsc#934493) - CMS verify infinite loop with unknown hash function - CVE-2015-1791 (bsc#933911) - race condition in NewSessionTicket - CVE-2015-3216 (bsc#933898) - Crash in ssleay_rand_bytes due to locking regression - fix a timing side channel in RSA decryption (bnc#929678) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-11-29
    plugin id 84426
    published 2015-06-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84426
    title SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2015:1143-1) (Logjam)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2639-1.NASL
    description Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that OpenSSL incorrectly handled memory when buffering DTLS data. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-8176) Joseph Barr-Pixton discovered that OpenSSL incorrectly handled malformed ECParameters structures. A remote attacker could use this issue to cause OpenSSL to hang, resulting in a denial of service. (CVE-2015-1788) Robert Swiecki and Hanno Bock discovered that OpenSSL incorrectly handled certain ASN1_TIME strings. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2015-1789) Michal Zalewski discovered that OpenSSL incorrectly handled missing content when parsing ASN.1-encoded PKCS#7 blobs. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2015-1790) Emilia Kasper discovered that OpenSSL incorrectly handled NewSessionTicket when being used by a multi-threaded client. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2015-1791) Johannes Bauer discovered that OpenSSL incorrectly handled verifying signedData messages using the CMS code. A remote attacker could use this issue to cause OpenSSL to hang, resulting in a denial of service. (CVE-2015-1792) As a security improvement, this update also modifies OpenSSL behaviour to reject DH key sizes below 768 bits, preventing a possible downgrade attack. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-12-01
    plugin id 84148
    published 2015-06-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84148
    title Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : openssl vulnerabilities (USN-2639-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-1197.NASL
    description From Red Hat Security Advisory 2015:1197 : Updated openssl packages that fix three security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL. A specially crafted X.509 certificate or a Certificate Revocation List (CRL) could possibly cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2015-1789) A NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. A specially crafted PKCS#7 input with missing EncryptedContent data could cause an application using OpenSSL to crash. (CVE-2015-1790) A flaw was found in the way the TLS protocol composes the Diffie-Hellman (DH) key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them to decrypt all traffic. (CVE-2015-4000) Note: This update forces the TLS/SSL client implementation in OpenSSL to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. Future updates may raise this limit to 1024 bits. Red Hat would like to thank the OpenSSL project for reporting CVE-2015-1789 and CVE-2015-1790. Upstream acknowledges Robert Swiecki and Hanno Bock as the original reporters of CVE-2015-1789, and Michal Zalewski as the original reporter of CVE-2015-1790. All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen 2019-01-16
    modified 2018-07-18
    plugin id 84485
    published 2015-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84485
    title Oracle Linux 5 : openssl (ELSA-2015-1197) (Logjam)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-1183-2.NASL
    description OpenSSL was updated to fix several security issues. CVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by rejecting connections with DH parameters shorter than 1024 bits. We now also generate 2048-bit DH parameters by default. CVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed. CVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was fixed. fixed a timing side channel in RSA decryption (bnc#929678) Additional changes : In the default SSL cipher string EXPORT ciphers are now disabled. This will only get active if applications get rebuilt and actually use this string. (bnc#931698) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-11-29
    plugin id 84560
    published 2015-07-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84560
    title SUSE SLED11 / SLES10 Security Update : OpenSSL (SUSE-SU-2015:1183-2) (Logjam)
  • NASL family Misc.
    NASL id NESSUS_TNS_2015_07.NASL
    description According to its version, the installation of Tenable Nessus running on the remote host is version 5.x prior to 5.2.12 or 6.x prior to 6.4. It is, therefore, affected by multiple denial of service vulnerabilities in the bundled OpenSSL component : - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788) - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. (CVE-2015-1789)
    last seen 2019-01-16
    modified 2018-07-16
    plugin id 86949
    published 2015-11-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86949
    title Nessus 5.x < 5.2.12 / 6.x < 6.4 Multiple OpenSSL Vulnerabilities
  • NASL family Firewalls
    NASL id CHECK_POINT_GAIA_SK106499.NASL
    description The remote host is running a version of Gaia OS which is affected by multiple vulnerabilities: - An out of bounds read denial of service vulnerability in OpenSSL (CVE-2015-1789) - An information disclosure weakness in the RC4 algorithm as used in SSL/TLS (CVE-2015-2808)
    last seen 2019-01-16
    modified 2018-12-05
    plugin id 105000
    published 2017-12-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105000
    title Check Point Gaia Operating System Multiple Vulnerabilities (sk106499)
  • NASL family Web Servers
    NASL id OPENSSL_0_9_8ZG.NASL
    description According to its banner, the remote web server uses a version of OpenSSL 0.9.8 prior to 0.9.8zg. The OpenSSL library is, therefore, affected by the following vulnerabilities : - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788) - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. (CVE-2015-1789) - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner 'EncryptedContent'. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790) - A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. (CVE-2015-1791) - A denial of service vulnerability exists in the CMS code due to an infinite loop that occurs when verifying a signedData message. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1792)
    last seen 2019-01-16
    modified 2019-01-02
    plugin id 84151
    published 2015-06-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84151
    title OpenSSL 0.9.8 < 0.9.8zg Multiple Vulnerabilities
  • NASL family CGI abuses
    NASL id SPLUNK_625.NASL
    description According to its version number, the instance of Splunk hosted on the remote web server is Enterprise 5.0.x prior to 5.0.14, 6.0.x prior to 6.0.10, 6.1.x prior to 6.1.9, 6.2.x prior to 6.2.5, or Light 6.2.x prior to 6.2.5. It is, therefore, affected by the following vulnerabilities in the bundled OpenSSL library : - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788) - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. (CVE-2015-1789) - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner 'EncryptedContent'. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790) - A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. (CVE-2015-1791) - A denial of service vulnerability exists in the CMS code due to an infinite loop that occurs when verifying a signedData message. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1792) - A certificate validation bypass vulnerability exists due to a flaw in the X509_verify_cert() function in file x509_vfy.c, which occurs when locating alternate certificate chains whenever the first attempt to build such a chain fails. A remote attacker can exploit this, by using a valid leaf certificate as a certificate authority (CA), to issue invalid certificates that will bypass authentication. (CVE-2015-1793) Additionally, a cross-site scripting vulnerability exists in Splunk Enterprise due to improper validation of user-supplied input before returning it to users. An attacker can exploit this, via a crafted request, to execute arbitrary script code. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-01-16
    modified 2019-01-02
    plugin id 85581
    published 2015-08-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85581
    title Splunk Enterprise < 5.0.14 / 6.0.10 / 6.1.9 / 6.2.5 or Splunk Light < 6.2.5 Multiple Vulnerabilities
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201506-02.NASL
    description The remote host is affected by the vulnerability described in GLSA-201506-02 (OpenSSL: Multiple vulnerabilities) Multiple vulnerabilities have been found in OpenSSL. Please review the CVE identifiers referenced below for details. Impact : A remote attacker can cause Denial of Service and information disclosure. Workaround : There is no known workaround at this time.
    last seen 2019-01-16
    modified 2017-10-02
    plugin id 84330
    published 2015-06-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84330
    title GLSA-201506-02 : OpenSSL: Multiple vulnerabilities (Logjam)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_8305E215108011E58BA2000C2980A9F3.NASL
    description The OpenSSL team reports : - Missing DHE man-in-the-middle protection (Logjam) (CVE-2015-4000) - Malformed ECParameters causes infinite loop (CVE-2015-1788) - Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789) - PKCS#7 crash with missing EnvelopedContent (CVE-2015-1790) - CMS verify infinite loop with unknown hash function (CVE-2015-1792) - Race condition handling NewSessionTicket (CVE-2015-1791) - Invalid free in DTLS (CVE-2014-8176)
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 84133
    published 2015-06-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84133
    title FreeBSD : openssl -- multiple vulnerabilities (8305e215-1080-11e5-8ba2-000c2980a9f3) (Logjam)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2015-0070.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - improved fix for (CVE-2015-1791) - add missing parts of CVE-2015-0209 fix for corectness although unexploitable - fix CVE-2014-8176 - invalid free in DTLS buffering code - fix CVE-2015-1789 - out-of-bounds read in X509_cmp_time - fix CVE-2015-1790 - PKCS7 crash with missing EncryptedContent - fix CVE-2015-1791 - race condition handling NewSessionTicket - fix CVE-2015-1792 - CMS verify infinite loop with unknown hash function - fix CVE-2015-3216 - regression in RAND locking that can cause segfaults on read in multithreaded applications
    last seen 2019-01-16
    modified 2018-07-25
    plugin id 84203
    published 2015-06-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84203
    title OracleVM 3.3 : openssl (OVMSA-2015-0070)
  • NASL family Web Servers
    NASL id OPENSSL_1_0_2B.NASL
    description According to its banner, the remote web server uses a version of OpenSSL 1.0.2 prior to 1.0.2b. The OpenSSL library is, therefore, affected by the following vulnerabilities : - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788) - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. (CVE-2015-1789) - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner 'EncryptedContent'. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790) - A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. (CVE-2015-1791) - A denial of service vulnerability exists in the CMS code due to an infinite loop that occurs when verifying a signedData message. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1792) - A man-in-the-middle vulnerability, known as Logjam, exists due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000)
    last seen 2019-01-16
    modified 2018-07-16
    plugin id 84154
    published 2015-06-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84154
    title OpenSSL 1.0.2 < 1.0.2b Multiple Vulnerabilities (Logjam)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-1150-1.NASL
    description This update fixes the following security issues : - CVE-2015-4000 (boo#931698) - The Logjam Attack / weakdh.org - reject connections with DH parameters shorter than 1024 bits - generates 2048-bit DH parameters by default - CVE-2015-1788 (boo#934487) - Malformed ECParameters causes infinite loop - CVE-2015-1789 (boo#934489) - Exploitable out-of-bounds read in X509_cmp_time - CVE-2015-1790 (boo#934491) - PKCS7 crash with missing EnvelopedContent - CVE-2015-1792 (boo#934493) - CMS verify infinite loop with unknown hash function - CVE-2015-1791 (boo#933911) - race condition in NewSessionTicket - CVE-2015-3216 (boo#933898) - Crash in ssleay_rand_bytes due to locking regression - modified openssl-1.0.1i-fipslocking.patch - fix timing side channel in RSA decryption (bnc#929678) - add ECC ciphersuites to DEFAULT (bnc#879179) - Disable EXPORT ciphers by default (bnc#931698, comment #3) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2019-01-02
    plugin id 84442
    published 2015-06-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84442
    title SUSE SLED12 / SLES12 Security Update : compat-openssl098 (SUSE-SU-2015:1150-1) (Logjam)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-1184-2.NASL
    description OpenSSL 0.9.8j was updated to fix several security issues. CVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by rejecting connections with DH parameters shorter than 1024 bits. We now also generate 2048-bit DH parameters by default. CVE-2015-1788: Malformed ECParameters could cause an infinite loop. CVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed. CVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was fixed. CVE-2015-1792: A CMS verification infinite loop when using an unknown hash function was fixed. CVE-2015-1791: Fixed a race condition in NewSessionTicket creation. CVE-2015-3216: Fixed a potential crash in ssleay_rand_bytes due to locking regression. fixed a timing side channel in RSA decryption (bnc#929678) Additional changes : In the default SSL cipher string EXPORT ciphers are now disabled. This will only get active if applications get rebuilt and actually use this string. (bnc#931698) Added the ECC ciphersuites to the DEFAULT cipher class (bnc#879179) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-11-29
    plugin id 84561
    published 2015-07-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84561
    title SUSE SLES11 Security Update : OpenSSL (SUSE-SU-2015:1184-2) (Logjam)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-1184-1.NASL
    description OpenSSL 0.9.8j was updated to fix several security issues. CVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by rejecting connections with DH parameters shorter than 1024 bits. We now also generate 2048-bit DH parameters by default. CVE-2015-1788: Malformed ECParameters could cause an infinite loop. CVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed. CVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was fixed. CVE-2015-1792: A CMS verification infinite loop when using an unknown hash function was fixed. CVE-2015-1791: Fixed a race condition in NewSessionTicket creation. CVE-2015-3216: Fixed a potential crash in ssleay_rand_bytes due to locking regression. fixed a timing side channel in RSA decryption (bnc#929678) Additional changes : In the default SSL cipher string EXPORT ciphers are now disabled. This will only get active if applications get rebuilt and actually use this string. (bnc#931698) Added the ECC ciphersuites to the DEFAULT cipher class (bnc#879179) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-11-29
    plugin id 84548
    published 2015-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84548
    title SUSE SLES11 Security Update : OpenSSL (SUSE-SU-2015:1184-1) (Logjam)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-447.NASL
    description openssl was updated to fix six security issues. The following vulnerabilities were fixed : - CVE-2015-4000: The Logjam Attack / weakdh.org. Rject connections with DH parameters shorter than 768 bits, generates 2048-bit DH parameters by default. (boo#931698) - CVE-2015-1788: Malformed ECParameters causes infinite loop (boo#934487) - CVE-2015-1789: Exploitable out-of-bounds read in X509_cmp_time (boo#934489) - CVE-2015-1790: PKCS7 crash with missing EnvelopedContent (boo#934491) - CVE-2015-1792: CMS verify infinite loop with unknown hash function (boo#934493) - CVE-2015-1791: race condition in NewSessionTicket (boo#933911) - CVE-2015-3216: Crash in ssleay_rand_bytes due to locking regression (boo#933898)
    last seen 2019-01-16
    modified 2016-10-13
    plugin id 84414
    published 2015-06-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84414
    title openSUSE Security Update : openssl (openSUSE-2015-447) (Logjam)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-10047.NASL
    description Multiple moderate and low impact security issues fixed. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2016-10-18
    plugin id 84301
    published 2015-06-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84301
    title Fedora 22 : openssl-1.0.1k-10.fc22 (2015-10047)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-1115.NASL
    description Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could cause a DTLS server or client using OpenSSL to crash or, potentially, execute arbitrary code. (CVE-2014-8176) A flaw was found in the way the OpenSSL packages shipped with Red Hat Enterprise Linux 6 and 7 performed locking in the ssleay_rand_bytes() function. This issue could possibly cause a multi-threaded application using OpenSSL to perform an out-of-bounds read and crash. (CVE-2015-3216) An out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL. A specially crafted X.509 certificate or a Certificate Revocation List (CRL) could possibly cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2015-1789) A race condition was found in the session handling code of OpenSSL. This issue could possibly cause a multi-threaded TLS/SSL client using OpenSSL to double free session ticket data and crash. (CVE-2015-1791) A flaw was found in the way OpenSSL handled Cryptographic Message Syntax (CMS) messages. A CMS message with an unknown hash function identifier could cause an application using OpenSSL to enter an infinite loop. (CVE-2015-1792) A NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. A specially crafted PKCS#7 input with missing EncryptedContent data could cause an application using OpenSSL to crash. (CVE-2015-1790) Red Hat would like to thank the OpenSSL project for reporting CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791 and CVE-2015-1792 flaws. Upstream acknowledges Praveen Kariyanahalli and Ivan Fratric as the original reporters of CVE-2014-8176, Robert Swiecki and Hanno Bock as the original reporters of CVE-2015-1789, Michal Zalewski as the original reporter of CVE-2015-1790, Emilia Kasper as the original report of CVE-2015-1791 and Johannes Bauer as the original reporter of CVE-2015-1792. All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 84204
    published 2015-06-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84204
    title RHEL 6 / 7 : openssl (RHSA-2015:1115)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-1115.NASL
    description From Red Hat Security Advisory 2015:1115 : Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could cause a DTLS server or client using OpenSSL to crash or, potentially, execute arbitrary code. (CVE-2014-8176) A flaw was found in the way the OpenSSL packages shipped with Red Hat Enterprise Linux 6 and 7 performed locking in the ssleay_rand_bytes() function. This issue could possibly cause a multi-threaded application using OpenSSL to perform an out-of-bounds read and crash. (CVE-2015-3216) An out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL. A specially crafted X.509 certificate or a Certificate Revocation List (CRL) could possibly cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2015-1789) A race condition was found in the session handling code of OpenSSL. This issue could possibly cause a multi-threaded TLS/SSL client using OpenSSL to double free session ticket data and crash. (CVE-2015-1791) A flaw was found in the way OpenSSL handled Cryptographic Message Syntax (CMS) messages. A CMS message with an unknown hash function identifier could cause an application using OpenSSL to enter an infinite loop. (CVE-2015-1792) A NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. A specially crafted PKCS#7 input with missing EncryptedContent data could cause an application using OpenSSL to crash. (CVE-2015-1790) Red Hat would like to thank the OpenSSL project for reporting CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791 and CVE-2015-1792 flaws. Upstream acknowledges Praveen Kariyanahalli and Ivan Fratric as the original reporters of CVE-2014-8176, Robert Swiecki and Hanno Bock as the original reporters of CVE-2015-1789, Michal Zalewski as the original reporter of CVE-2015-1790, Emilia Kasper as the original report of CVE-2015-1791 and Johannes Bauer as the original reporter of CVE-2015-1792. All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen 2019-01-16
    modified 2018-07-26
    plugin id 84202
    published 2015-06-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84202
    title Oracle Linux 6 / 7 : openssl (ELSA-2015-1115)
  • NASL family Web Servers
    NASL id OPENSSL_1_0_0S.NASL
    description According to its banner, the remote web server uses a version of OpenSSL 1.0.0 prior to 1.0.0s. The OpenSSL library is, therefore, affected by the following vulnerabilities : - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788) - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. (CVE-2015-1789) - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner 'EncryptedContent'. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790) - A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. (CVE-2015-1791) - A denial of service vulnerability exists in the CMS code due to an infinite loop that occurs when verifying a signedData message. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1792)
    last seen 2019-01-16
    modified 2019-01-02
    plugin id 84152
    published 2015-06-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84152
    title OpenSSL 1.0.0 < 1.0.0s Multiple Vulnerabilities
  • NASL family Web Servers
    NASL id HPSMH_7_5_4.NASL
    description According to the web server's banner, the version of HP System Management Homepage (SMH) hosted on the remote web server is a version prior to 7.5.4. It is, therefore, affected by the following vulnerabilities : - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788) - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. (CVE-2015-1789) - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner 'EncryptedContent'. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790) - A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. (CVE-2015-1791) - A denial of service vulnerability exists in the CMS code due to an infinite loop that occurs when verifying a signedData message. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1792) - A certificate validation bypass vulnerability exists in the Security:Encryption subcomponent due to a flaw in the X509_verify_cert() function in x509_vfy.c that is triggered when locating alternate certificate chains when the first attempt to build such a chain fails. A remote attacker can exploit this, by using a valid leaf certificate as a certificate authority (CA), to issue invalid certificates that will bypass authentication. (CVE-2015-1793) - A cross-request authentication bypass vulnerability exists in libcurl due to the use of an existing, authenticated connection when performing a subsequent unauthenticated NTLM HTTP request. An attacker can exploit this to bypass authentication mechanisms. (CVE-2015-3143) - A denial of service vulnerability exists in libcurl due to a flaw in the sanitize_cookie_path() function that is triggered when handling a cookie path element that consists of a single double-quote. An attacker can exploit this to cause the application to crash. (CVE-2015-3145) - A cross-request authentication bypass vulnerability exists in libcurl due to a flaw that is triggered when a request is 'Negotiate' authenticated, which can cause the program to treat the entire connection as authenticated rather than just that specific request. An attacker can exploit this to bypass authentication mechanisms for subsequent requests. (CVE-2015-3148) - A man-in-the-middle vulnerability, known as Logjam, exists due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000) - A flaw exists in the multipart_buffer_headers() function in rfc1867.c due to improper handling of multipart/form-data in HTTP requests. A remote attacker can exploit this flaw to cause a consumption of CPU resources, resulting in a denial of service condition. (CVE-2015-4024) - An unspecified flaw exists that allows an authenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-1993) - An unspecified information disclosure vulnerability exists that allows an authenticated, remote attacker to gain unauthorized access to information. (CVE-2016-1994) - An unspecified remote code execution vulnerability exists that allows an unauthenticated, remote attacker to take complete control of the system. (CVE-2016-1995) - An unspecified flaw exists that allows a local attacker to impact confidentiality and integrity. (CVE-2016-1996)
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 90150
    published 2016-03-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90150
    title HP System Management Homepage < 7.5.4 Multiple Vulnerabilities (Logjam)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-889.NASL
    description MySQL was updated to 5.6.27 to fix security issues and bugs. The following vulnerabilities were fixed as part of the upstream release [boo#951391]: CVE-2015-1793, CVE-2015-0286, CVE-2015-0288, CVE-2015-1789, CVE-2015-4730, CVE-2015-4766, CVE-2015-4792, CVE-2015-4800, CVE-2015-4802, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4833, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4862, CVE-2015-4864, CVE-2015-4866, CVE-2015-4870, CVE-2015-4879, CVE-2015-4890, CVE-2015-4895, CVE-2015-4904, CVE-2015-4905, CVE-2015-4910, CVE-2015-4913 Details on these and other changes can be found at: http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-27.html The following security relevant changes are included additionally : - CVE-2015-3152: MySQL lacked SSL enforcement. Using --ssl-verify-server-cert and --ssl[-*] implies that the ssl connection is required. The mysql client will now print an error if ssl is required, but the server can not handle a ssl connection [boo#924663], [boo#928962]
    last seen 2019-01-16
    modified 2018-11-19
    plugin id 87442
    published 2015-12-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87442
    title openSUSE Security Update : mysql (openSUSE-2015-889) (BACKRONYM)
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL16913.NASL
    description The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback. (CVE-2015-1789)
    last seen 2019-01-16
    modified 2019-01-04
    plugin id 88437
    published 2016-01-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88437
    title F5 Networks BIG-IP : OpenSSL vulnerability (SOL16913)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_10_5.NASL
    description The remote host is running a version of Mac OS X 10.10.x that is prior to 10.10.5. It is, therefore, affected by multiple vulnerabilities in the following components : - apache - apache_mod_php - Apple ID OD Plug-in - AppleGraphicsControl - Bluetooth - bootp - CloudKit - CoreMedia Playback - CoreText - curl - Data Detectors Engine - Date & Time pref pane - Dictionary Application - DiskImages - dyld - FontParser - groff - ImageIO - Install Framework Legacy - IOFireWireFamily - IOGraphics - IOHIDFamily - Kernel - Libc - Libinfo - libpthread - libxml2 - libxpc - mail_cmds - Notification Center OSX - ntfs - OpenSSH - OpenSSL - perl - PostgreSQL - python - QL Office - Quartz Composer Framework - Quick Look - QuickTime 7 - SceneKit - Security - SMBClient - Speech UI - sudo - tcpdump - Text Formats - udf Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen 2019-01-16
    modified 2018-07-16
    plugin id 85408
    published 2015-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85408
    title Mac OS X 10.10.x < 10.10.5 Multiple Vulnerabilities
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20150615_OPENSSL_ON_SL6_X.NASL
    description An invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could cause a DTLS server or client using OpenSSL to crash or, potentially, execute arbitrary code. (CVE-2014-8176) A flaw was found in the way the OpenSSL packages shipped with Scientific Linux 6 and 7 performed locking in the ssleay_rand_bytes() function. This issue could possibly cause a multi-threaded application using OpenSSL to perform an out-of-bounds read and crash. (CVE-2015-3216) An out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL. A specially crafted X.509 certificate or a Certificate Revocation List (CRL) could possibly cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2015-1789) A race condition was found in the session handling code of OpenSSL. This issue could possibly cause a multi-threaded TLS/SSL client using OpenSSL to double free session ticket data and crash. (CVE-2015-1791) A flaw was found in the way OpenSSL handled Cryptographic Message Syntax (CMS) messages. A CMS message with an unknown hash function identifier could cause an application using OpenSSL to enter an infinite loop. (CVE-2015-1792) A NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. A specially crafted PKCS#7 input with missing EncryptedContent data could cause an application using OpenSSL to crash. (CVE-2015-1790) For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen 2019-01-16
    modified 2018-12-28
    plugin id 84226
    published 2015-06-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84226
    title Scientific Linux Security Update : openssl on SL6.x, SL7.x i386/x86_64
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3287.NASL
    description Multiple vulnerabilities were discovered in OpenSSL, a Secure Sockets Layer toolkit. - CVE-2014-8176 Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that an invalid memory free could be triggered when buffering DTLS data. This could allow remote attackers to cause a denial of service (crash) or potentially execute arbitrary code. This issue only affected the oldstable distribution (wheezy). - CVE-2015-1788 Joseph Barr-Pixton discovered that an infinite loop could be triggered due to incorrect handling of malformed ECParameters structures. This could allow remote attackers to cause a denial of service. - CVE-2015-1789 Robert Swiecki and Hanno Bock discovered that the X509_cmp_time function could read a few bytes out of bounds. This could allow remote attackers to cause a denial of service (crash) via crafted certificates and CRLs. - CVE-2015-1790 Michal Zalewski discovered that the PKCS#7 parsing code did not properly handle missing content which could lead to a NULL pointer dereference. This could allow remote attackers to cause a denial of service (crash) via crafted ASN.1-encoded PKCS#7 blobs. - CVE-2015-1791 Emilia Kasper discovered that a race condition could occur due to incorrect handling of NewSessionTicket in a multi-threaded client, leading to a double free. This could allow remote attackers to cause a denial of service (crash). - CVE-2015-1792 Johannes Bauer discovered that the CMS code could enter an infinite loop when verifying a signedData message, if presented with an unknown hash function OID. This could allow remote attackers to cause a denial of service. Additionally OpenSSL will now reject handshakes using DH parameters shorter than 768 bits as a countermeasure against the Logjam attack (CVE-2015-4000 ).
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 84170
    published 2015-06-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84170
    title Debian DSA-3287-1 : openssl - security update (Logjam)
  • NASL family Web Servers
    NASL id OPENSSL_1_0_1N.NASL
    description According to its banner, the remote web server uses a version of OpenSSL 1.0.1 prior to 1.0.1n. The OpenSSL library is, therefore, affected by the following vulnerabilities : - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788) - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. (CVE-2015-1789) - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner 'EncryptedContent'. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790) - A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. (CVE-2015-1791) - A denial of service vulnerability exists in the CMS code due to an infinite loop that occurs when verifying a signedData message. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1792) - A man-in-the-middle vulnerability exists, known as Logjam, due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000)
    last seen 2019-01-16
    modified 2018-07-16
    plugin id 84153
    published 2015-06-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84153
    title OpenSSL 1.0.1 < 1.0.1n Multiple Vulnerabilities (Logjam)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-1197.NASL
    description Updated openssl packages that fix three security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL. A specially crafted X.509 certificate or a Certificate Revocation List (CRL) could possibly cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2015-1789) A NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. A specially crafted PKCS#7 input with missing EncryptedContent data could cause an application using OpenSSL to crash. (CVE-2015-1790) A flaw was found in the way the TLS protocol composes the Diffie-Hellman (DH) key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them to decrypt all traffic. (CVE-2015-4000) Note: This update forces the TLS/SSL client implementation in OpenSSL to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. Future updates may raise this limit to 1024 bits. Red Hat would like to thank the OpenSSL project for reporting CVE-2015-1789 and CVE-2015-1790. Upstream acknowledges Robert Swiecki and Hanno Bock as the original reporters of CVE-2015-1789, and Michal Zalewski as the original reporter of CVE-2015-1790. All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 84467
    published 2015-06-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84467
    title RHEL 5 : openssl (RHSA-2015:1197) (Logjam)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2015-550.NASL
    description LOGJAM: A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange (for both export and non-export grade cipher suites). An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lead to a passive man-in-the-middle attack in which the attacker is able to decrypt all traffic. (CVE-2015-4000) An out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL, which is used to test the expiry dates of SSL/TLS certificates. An attacker could possibly use a specially crafted SSL/TLS certificate or CRL (Certificate Revocation List), which when parsed by an application would cause that application to crash. (CVE-2015-1789) A NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. An attacker able to make an application using OpenSSL verify, decrypt, or parse a specially crafted PKCS#7 input could cause that application to crash. TLS/SSL clients and servers using OpenSSL were not affected by this flaw. (CVE-2015-1790) A race condition was found in the session handling code of OpenSSL. An attacker could cause a multi-threaded SSL/TLS server to crash. (CVE-2015-1791) A denial of service flaw was found in OpenSSL in the way it verified certain signed messages using CMS (Cryptographic Message Syntax). A remote attacker could cause an application using OpenSSL to use excessive amounts of memory by sending a specially crafted message for verification. (CVE-2015-1792) An invalid-free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could send a specially crafted message to the peer, which could cause the application to crash or potentially cause arbitrary code execution. (CVE-2014-8176) A regression was found in the ssleay_rand_bytes() function. This could lead a multi-threaded application to crash. (CVE-2015-3216)
    last seen 2019-01-16
    modified 2018-04-18
    plugin id 84251
    published 2015-06-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84251
    title Amazon Linux AMI : openssl (ALAS-2015-550) (Logjam)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-1182-2.NASL
    description OpenSSL 0.9.8k was updated to fix several security issues : CVE-2015-4000: The Logjam Attack (weakdh.org) has been addressed by rejecting connections with DH parameters shorter than 1024 bits. 2048-bit DH parameters are now generated by default. CVE-2015-1788: Malformed ECParameters could cause an infinite loop. CVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed. CVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was fixed. CVE-2015-1792: A CMS verification infinite loop when using an unknown hash function was fixed. CVE-2015-1791: Fixed a race condition in NewSessionTicket creation. CVE-2015-3216: Fixed a potential crash in ssleay_rand_bytes due to locking regression. Fixed a timing side channel in RSA decryption. (bsc#929678) Additional changes : In the default SSL cipher string EXPORT ciphers are now disabled. This will only get active if applications get rebuilt and actually use this string. (bsc#931698) Added the ECC ciphersuites to the DEFAULT cipher class. (bsc#879179) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-11-29
    plugin id 84559
    published 2015-07-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84559
    title SUSE SLED11 / SLES11 Security Update : OpenSSL (SUSE-SU-2015:1182-2) (Logjam)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-1115.NASL
    description Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could cause a DTLS server or client using OpenSSL to crash or, potentially, execute arbitrary code. (CVE-2014-8176) A flaw was found in the way the OpenSSL packages shipped with Red Hat Enterprise Linux 6 and 7 performed locking in the ssleay_rand_bytes() function. This issue could possibly cause a multi-threaded application using OpenSSL to perform an out-of-bounds read and crash. (CVE-2015-3216) An out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL. A specially crafted X.509 certificate or a Certificate Revocation List (CRL) could possibly cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2015-1789) A race condition was found in the session handling code of OpenSSL. This issue could possibly cause a multi-threaded TLS/SSL client using OpenSSL to double free session ticket data and crash. (CVE-2015-1791) A flaw was found in the way OpenSSL handled Cryptographic Message Syntax (CMS) messages. A CMS message with an unknown hash function identifier could cause an application using OpenSSL to enter an infinite loop. (CVE-2015-1792) A NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. A specially crafted PKCS#7 input with missing EncryptedContent data could cause an application using OpenSSL to crash. (CVE-2015-1790) Red Hat would like to thank the OpenSSL project for reporting CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791 and CVE-2015-1792 flaws. Upstream acknowledges Praveen Kariyanahalli and Ivan Fratric as the original reporters of CVE-2014-8176, Robert Swiecki and Hanno Bock as the original reporters of CVE-2015-1789, Michal Zalewski as the original reporter of CVE-2015-1790, Emilia Kasper as the original report of CVE-2015-1791 and Johannes Bauer as the original reporter of CVE-2015-1792. All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 84199
    published 2015-06-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84199
    title CentOS 6 / 7 : openssl (CESA-2015:1115)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-2303-1.NASL
    description The mysql package was updated to version 5.5.46 to fixs several security and non security issues. - bnc#951391: update to version 5.5.46 - changes: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5- 46.html - fixed CVEs: CVE-2015-1793, CVE-2015-0286, CVE-2015-0288, CVE-2015-1789, CVE-2015-4730, CVE-2015-4766, CVE-2015-4792, CVE-2015-4800, CVE-2015-4802, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4833, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4862, CVE-2015-4864, CVE-2015-4866, CVE-2015-4870, CVE-2015-4879, CVE-2015-4890, CVE-2015-4895, CVE-2015-4904, CVE-2015-4905, CVE-2015-4910, CVE-2015-4913 - bnc#952196: Fixed a build error for ppc*, s390* and ia64 architectures. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-11-29
    plugin id 87525
    published 2015-12-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87525
    title SUSE SLED11 / SLES11 Security Update : mysql (SUSE-SU-2015:2303-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-1181-2.NASL
    description OpenSSL was updated to fix several security issues. CVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by rejecting connections with DH parameters shorter than 1024 bits. We now also generate 2048-bit DH parameters by default. CVE-2015-1788: Malformed ECParameters could cause an infinite loop. CVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed. CVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was fixed. fixed a timing side channel in RSA decryption (bnc#929678) Additional changes : In the default SSL cipher string EXPORT ciphers are now disabled. This will only get active if applications get rebuilt and actually use this string. (bnc#931698) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-11-29
    plugin id 84558
    published 2015-07-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84558
    title SUSE SLES10 Security Update : OpenSSL (SUSE-SU-2015:1181-2) (Logjam)
redhat via4
advisories
  • rhsa
    id RHSA-2015:1115
  • rhsa
    id RHSA-2015:1197
rpms
  • openssl-0:1.0.1e-30.el6_6.11
  • openssl-devel-0:1.0.1e-30.el6_6.11
  • openssl-perl-0:1.0.1e-30.el6_6.11
  • openssl-static-0:1.0.1e-30.el6_6.11
  • openssl-1:1.0.1e-42.el7_1.8
  • openssl-devel-1:1.0.1e-42.el7_1.8
  • openssl-libs-1:1.0.1e-42.el7_1.8
  • openssl-perl-1:1.0.1e-42.el7_1.8
  • openssl-static-1:1.0.1e-42.el7_1.8
  • openssl-0:0.9.8e-36.el5_11
  • openssl-devel-0:0.9.8e-36.el5_11
  • openssl-perl-0:0.9.8e-36.el5_11
refmap via4
apple APPLE-SA-2015-08-13-2
bid
  • 75156
  • 91787
cisco 20150612 Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
confirm
debian DSA-3287
fedora
  • FEDORA-2015-10047
  • FEDORA-2015-10108
gentoo GLSA-201506-02
hp
  • HPSBGN03371
  • HPSBMU03409
  • HPSBUX03388
  • SSRT102180
netbsd NetBSD-SA2015-008
sectrack 1032564
suse
  • SUSE-SU-2015:1143
  • SUSE-SU-2015:1150
  • SUSE-SU-2015:1181
  • SUSE-SU-2015:1182
  • SUSE-SU-2015:1183
  • SUSE-SU-2015:1184
  • SUSE-SU-2015:1185
  • openSUSE-SU-2015:1139
  • openSUSE-SU-2015:1277
  • openSUSE-SU-2016:0640
ubuntu USN-2639-1
Last major update 30-12-2016 - 21:59
Published 12-06-2015 - 15:59
Last modified 14-11-2017 - 21:29
Back to Top