ID CVE-2017-3735
Summary While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.
References
Vulnerable Configurations
  • OpenSSL Project OpenSSL 0.9.7j
    cpe:2.3:a:openssl:openssl:0.9.7j
  • OpenSSL Project OpenSSL 0.9.7k
    cpe:2.3:a:openssl:openssl:0.9.7k
  • OpenSSL Project OpenSSL 0.9.7l
    cpe:2.3:a:openssl:openssl:0.9.7l
  • OpenSSL Project OpenSSL 0.9.7m
    cpe:2.3:a:openssl:openssl:0.9.7m
  • OpenSSL Project OpenSSL 0.9.8
    cpe:2.3:a:openssl:openssl:0.9.8
  • OpenSSL Project OpenSSL 0.9.8a
    cpe:2.3:a:openssl:openssl:0.9.8a
  • OpenSSL Project OpenSSL 0.9.8b
    cpe:2.3:a:openssl:openssl:0.9.8b
  • OpenSSL Project OpenSSL 0.9.8c
    cpe:2.3:a:openssl:openssl:0.9.8c
  • OpenSSL Project OpenSSL 0.9.8d
    cpe:2.3:a:openssl:openssl:0.9.8d
  • OpenSSL Project OpenSSL 0.9.8e
    cpe:2.3:a:openssl:openssl:0.9.8e
  • OpenSSL Project OpenSSL 0.9.8f
    cpe:2.3:a:openssl:openssl:0.9.8f
  • OpenSSL Project OpenSSL 0.9.8g
    cpe:2.3:a:openssl:openssl:0.9.8g
  • OpenSSL Project OpenSSL 0.9.8h
    cpe:2.3:a:openssl:openssl:0.9.8h
  • OpenSSL Project OpenSSL 0.9.8i
    cpe:2.3:a:openssl:openssl:0.9.8i
  • OpenSSL Project OpenSSL 0.9.8j
    cpe:2.3:a:openssl:openssl:0.9.8j
  • OpenSSL Project OpenSSL 0.9.8k
    cpe:2.3:a:openssl:openssl:0.9.8k
  • OpenSSL Project OpenSSL 0.9.8l
    cpe:2.3:a:openssl:openssl:0.9.8l
  • OpenSSL Project OpenSSL 0.9.8m
    cpe:2.3:a:openssl:openssl:0.9.8m
  • OpenSSL Project OpenSSL 0.9.8m Beta1
    cpe:2.3:a:openssl:openssl:0.9.8m:beta1
  • OpenSSL Project OpenSSL 0.9.8n
    cpe:2.3:a:openssl:openssl:0.9.8n
  • OpenSSL Project OpenSSL 0.9.8o
    cpe:2.3:a:openssl:openssl:0.9.8o
  • OpenSSL Project OpenSSL 0.9.8p
    cpe:2.3:a:openssl:openssl:0.9.8p
  • OpenSSL Project OpenSSL 0.9.8q
    cpe:2.3:a:openssl:openssl:0.9.8q
  • OpenSSL Project OpenSSL 0.9.8r
    cpe:2.3:a:openssl:openssl:0.9.8r
  • OpenSSL Project OpenSSL 0.9.8s
    cpe:2.3:a:openssl:openssl:0.9.8s
  • OpenSSL Project OpenSSL 0.9.8t
    cpe:2.3:a:openssl:openssl:0.9.8t
  • OpenSSL Project OpenSSL 0.9.8u
    cpe:2.3:a:openssl:openssl:0.9.8u
  • OpenSSL Project OpenSSL 0.9.8v
    cpe:2.3:a:openssl:openssl:0.9.8v
  • OpenSSL Project OpenSSL 0.9.8w
    cpe:2.3:a:openssl:openssl:0.9.8w
  • OpenSSL Project OpenSSL 0.9.8x
    cpe:2.3:a:openssl:openssl:0.9.8x
  • OpenSSL Project OpenSSL 0.9.8y
    cpe:2.3:a:openssl:openssl:0.9.8y
  • OpenSSL Project OpenSSL 0.9.8z
    cpe:2.3:a:openssl:openssl:0.9.8z
  • OpenSSL Project OpenSSL 0.9.8za
    cpe:2.3:a:openssl:openssl:0.9.8za
  • OpenSSL Project OpenSSL 0.9.8zb
    cpe:2.3:a:openssl:openssl:0.9.8zb
  • OpenSSL OpenSSL 0.9.8zc
    cpe:2.3:a:openssl:openssl:0.9.8zc
  • OpenSSL Project OpenSSL 0.9.8ze
    cpe:2.3:a:openssl:openssl:0.9.8ze
  • OpenSSL OpenSSL 0.9.8zg
    cpe:2.3:a:openssl:openssl:0.9.8zg
  • OpenSSL Project OpenSSL 1.0.0
    cpe:2.3:a:openssl:openssl:1.0.0
  • OpenSSL Project OpenSSL 1.0.0 Beta1
    cpe:2.3:a:openssl:openssl:1.0.0:beta1
  • OpenSSL Project OpenSSL 1.0.0 Beta2
    cpe:2.3:a:openssl:openssl:1.0.0:beta2
  • OpenSSL Project OpenSSL 1.0.0 Beta3
    cpe:2.3:a:openssl:openssl:1.0.0:beta3
  • OpenSSL Project OpenSSL 1.0.0 Beta4
    cpe:2.3:a:openssl:openssl:1.0.0:beta4
  • OpenSSL Project OpenSSL 1.0.0 Beta5
    cpe:2.3:a:openssl:openssl:1.0.0:beta5
  • OpenSSL Project OpenSSL 1.0.0a
    cpe:2.3:a:openssl:openssl:1.0.0a
  • OpenSSL Project OpenSSL 1.0.0b
    cpe:2.3:a:openssl:openssl:1.0.0b
  • OpenSSL Project OpenSSL 1.0.0c
    cpe:2.3:a:openssl:openssl:1.0.0c
  • OpenSSL Project OpenSSL 1.0.0d
    cpe:2.3:a:openssl:openssl:1.0.0d
  • OpenSSL Project OpenSSL 1.0.0e
    cpe:2.3:a:openssl:openssl:1.0.0e
  • OpenSSL Project OpenSSL 1.0.0f
    cpe:2.3:a:openssl:openssl:1.0.0f
  • OpenSSL Project OpenSSL 1.0.0g
    cpe:2.3:a:openssl:openssl:1.0.0g
  • OpenSSL Project OpenSSL 1.0.0h
    cpe:2.3:a:openssl:openssl:1.0.0h
  • OpenSSL Project OpenSSL 1.0.0i
    cpe:2.3:a:openssl:openssl:1.0.0i
  • OpenSSL Project OpenSSL 1.0.0j
    cpe:2.3:a:openssl:openssl:1.0.0j
  • OpenSSL Project OpenSSL 1.0.0k
    cpe:2.3:a:openssl:openssl:1.0.0k
  • OpenSSL Project OpenSSL 1.0.0l
    cpe:2.3:a:openssl:openssl:1.0.0l
  • OpenSSL Project OpenSSL 1.0.0m
    cpe:2.3:a:openssl:openssl:1.0.0m
  • OpenSSL Project OpenSSL 1.0.0n
    cpe:2.3:a:openssl:openssl:1.0.0n
  • OpenSSL OpenSSL 1.0.0o
    cpe:2.3:a:openssl:openssl:1.0.0o
  • OpenSSL Project OpenSSL 1.0.0p
    cpe:2.3:a:openssl:openssl:1.0.0p
  • OpenSSL Project OpenSSL 1.0.0q
    cpe:2.3:a:openssl:openssl:1.0.0q
  • OpenSSL OpenSSL 1.0.0r
    cpe:2.3:a:openssl:openssl:1.0.0r
  • OpenSSL OpenSSL 1.0.0s
    cpe:2.3:a:openssl:openssl:1.0.0s
  • OpenSSL Project OpenSSL 1.0.1
    cpe:2.3:a:openssl:openssl:1.0.1
  • OpenSSL Project OpenSSL 1.0.1 Beta1
    cpe:2.3:a:openssl:openssl:1.0.1:beta1
  • OpenSSL Project OpenSSL 1.0.1 Beta2
    cpe:2.3:a:openssl:openssl:1.0.1:beta2
  • OpenSSL Project OpenSSL 1.0.1 Beta3
    cpe:2.3:a:openssl:openssl:1.0.1:beta3
  • OpenSSL Project OpenSSL 1.0.1a
    cpe:2.3:a:openssl:openssl:1.0.1a
  • OpenSSL Project OpenSSL 1.0.1b
    cpe:2.3:a:openssl:openssl:1.0.1b
  • OpenSSL Project OpenSSL 1.0.1c
    cpe:2.3:a:openssl:openssl:1.0.1c
  • OpenSSL Project OpenSSL 1.0.1d
    cpe:2.3:a:openssl:openssl:1.0.1d
  • OpenSSL Project OpenSSL 1.0.1e
    cpe:2.3:a:openssl:openssl:1.0.1e
  • OpenSSL Project OpenSSL 1.0.1f
    cpe:2.3:a:openssl:openssl:1.0.1f
  • OpenSSL Project OpenSSL 1.0.1g
    cpe:2.3:a:openssl:openssl:1.0.1g
  • OpenSSL Project OpenSSL 1.0.1h
    cpe:2.3:a:openssl:openssl:1.0.1h
  • OpenSSL Project OpenSSL 1.0.1i
    cpe:2.3:a:openssl:openssl:1.0.1i
  • OpenSSL Project OpenSSL 1.0.1j
    cpe:2.3:a:openssl:openssl:1.0.1j
  • OpenSSL Project OpenSSL 1.0.1k
    cpe:2.3:a:openssl:openssl:1.0.1k
  • OpenSSL Project OpenSSL 1.0.1l
    cpe:2.3:a:openssl:openssl:1.0.1l
  • OpenSSL Project OpenSSL 1.0.2
    cpe:2.3:a:openssl:openssl:1.0.2
  • OpenSSL Project OpenSSL 1.0.2-beta1
    cpe:2.3:a:openssl:openssl:1.0.2:beta1
  • OpenSSL 1.0.2 Beta 2
    cpe:2.3:a:openssl:openssl:1.0.2:beta2
  • OpenSSL 1.0.2 Beta 3
    cpe:2.3:a:openssl:openssl:1.0.2:beta3
  • OpenSSL OpenSSL 1.0.2a
    cpe:2.3:a:openssl:openssl:1.0.2a
  • OpenSSL Project OpenSSL 1.0.2b
    cpe:2.3:a:openssl:openssl:1.0.2b
  • OpenSSL Project OpenSSL 1.0.2c
    cpe:2.3:a:openssl:openssl:1.0.2c
  • OpenSSL OpenSSL 1.0.2d
    cpe:2.3:a:openssl:openssl:1.0.2d
  • OpenSSL 1.0.2e
    cpe:2.3:a:openssl:openssl:1.0.2e
  • OpenSSL 1.0.2f
    cpe:2.3:a:openssl:openssl:1.0.2f
  • OpenSSL 1.0.2h
    cpe:2.3:a:openssl:openssl:1.0.2h
  • OpenSSL Project OpenSSL 1.0.2i
    cpe:2.3:a:openssl:openssl:1.0.2i
  • OpenSSL1.0.2j
    cpe:2.3:a:openssl:openssl:1.0.2j
  • OpenSSL 1.0.2k
    cpe:2.3:a:openssl:openssl:1.0.2k
  • OpenSSL 1.0.2l
    cpe:2.3:a:openssl:openssl:1.0.2l
  • OpenSSL Project OpenSSL 1.1.0
    cpe:2.3:a:openssl:openssl:1.1.0
  • OpenSSL Project OpenSSL 1.1.0a
    cpe:2.3:a:openssl:openssl:1.1.0a
  • OpenSSL Project OpenSSL 1.1.0b
    cpe:2.3:a:openssl:openssl:1.1.0b
  • OpenSSL Project OpenSSL 1.1.0c
    cpe:2.3:a:openssl:openssl:1.1.0c
  • OpenSSL Project OpenSSL 1.1.0d
    cpe:2.3:a:openssl:openssl:1.1.0d
  • OpenSSL Project OpenSSL 1.1.0e
    cpe:2.3:a:openssl:openssl:1.1.0e
  • OpenSSL Project OpenSSL 1.1.0f
    cpe:2.3:a:openssl:openssl:1.1.0f
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Debian Linux 9.0
    cpe:2.3:o:debian:debian_linux:9.0
CVSS
Base: 5.0
Impact:
Exploitability:
CWE CWE-119
CAPEC
  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
  • Overflow Binary Resource File
    An attack of this type exploits a buffer overflow vulnerability in the handling of binary resources. Binary resources may include music files like MP3, image files like JPEG files, and any other binary file. These attacks may pass unnoticed to the client machine through normal usage of files, such as a browser loading a seemingly innocent JPEG file. This can allow the attacker access to the execution stack and execute arbitrary code in the target process. This attack pattern is a variant of standard buffer overflow attacks using an unexpected vector (binary files) to wrap its attack and open up a new attack vector. The attacker is required to either directly serve the binary content to the victim, or place it in a locale like a MP3 sharing application, for the victim to download. The attacker then is notified upon the download or otherwise locates the vulnerability opened up by the buffer overflow.
  • Buffer Overflow via Symbolic Links
    This type of attack leverages the use of symbolic links to cause buffer overflows. An attacker can try to create or manipulate a symbolic link file such that its contents result in out of bounds data. When the target software processes the symbolic link file, it could potentially overflow internal buffers with insufficient bounds checking.
  • Overflow Variables and Tags
    This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The attacker crafts a malicious HTML page or configuration file that includes oversized strings, thus causing an overflow.
  • Buffer Overflow via Parameter Expansion
    In this attack, the target software is given input that the attacker knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.
  • Buffer Overflow in an API Call
    This attack targets libraries or shared code modules which are vulnerable to buffer overflow attacks. An attacker who has access to an API may try to embed malicious code in the API function call and exploit a buffer overflow vulnerability in the function's implementation. All clients that make use of the code library thus become vulnerable by association. This has a very broad effect on security across a system, usually affecting more than one software process.
  • Buffer Overflow in Local Command-Line Utilities
    This attack targets command-line utilities available in a number of shells. An attacker can leverage a vulnerability found in a command-line utility to escalate privilege to root.
nessus via4
  • NASL family Misc.
    NASL id ORACLE_SECURE_GLOBAL_DESKTOP_JAN_2018_CPU.NASL
    description The version of Oracle Secure Global Desktop installed on the remote host is 5.3 and is missing a security patch from the January 2018 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities: - The included OpenSSL library has a off-by-one out-of-bounds read flaw within the X509v3_addr_get_afi() function of crypto/x509v3/v3_addr.c when handling the IPAddressFamily extension of X.509 certificates. A content-dependent attacker, with a specially crafted request, could potentially read limited memory information. (CVE-2017-3735) - The included OpenSSL library has a carry propagating flaw within the bn_sqrx8x_internal() function in crypto/bn/asm/x86_64-mont5.pl when handling RSA / DSA encryption. A content-dependent attacker, with a specially crafted request, could potentially determine the private key. (CVE-2017-3736) - The included Apache Log4j contains a flaw due to improper validation of log events before deserializing. A remote attacker, with a specially crafted log event, could potentially execute arbitrary script code. (CVE-2017-5645)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 106199
    published 2018-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106199
    title Oracle Secure Global Desktop Multiple Vulnerabilities (January 2018 CPU)
  • NASL family Misc.
    NASL id ORACLE_E-BUSINESS_CPU_JAN_2018.NASL
    description The version of Oracle E-Business installed on the remote host is missing the January 2018 Oracle Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities as noted in the January 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 106105
    published 2018-01-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106105
    title Oracle E-Business Multiple Vulnerabilities (January 2018 CPU)
  • NASL family Misc.
    NASL id VIRTUALBOX_5_2_6.NASL
    description The version of Oracle VM VirtualBox running on the remote host is 5.1.x prior to 5.1.32 or 5.2.x prior to 5.2.6. It is, therefore, affected by multiple vulnerabilities as noted in the January 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-11-08
    plugin id 106104
    published 2018-01-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106104
    title Oracle VM VirtualBox 5.1.x < 5.1.32 / 5.2.x < 5.2.6 (January 2018 CPU)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2017-005.NASL
    description The remote host is running Mac OS X 10.11.6 or Mac OS X 10.12.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities affecting the following components : - apache - curl - IOAcceleratorFamily - IOKit - Kernel - OpenSSL - Screen Sharing Server
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 105081
    published 2017-12-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105081
    title macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-002 and 2017-005)
  • NASL family Firewalls
    NASL id PFSENSE_SA-17_07.NASL
    description According to its self-reported version number, the remote pfSense install is a version prior to 2.4.2 It is, therefore, affected by multiple vulnerabilities as stated in the referenced vendor advisories.
    last seen 2019-02-21
    modified 2018-09-17
    plugin id 108517
    published 2018-03-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108517
    title pfSense < 2.4.2 Multiple Vulnerabilities (SA-17_07)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2018-3221.NASL
    description An update for openssl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es) : * openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) * openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang (CVE-2018-0732) * openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739) * openssl: Malformed X.509 IPAdressFamily could cause OOB read (CVE-2017-3735) * openssl: RSA key generation cache timing vulnerability in crypto/rsa/ rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 118998
    published 2018-11-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118998
    title CentOS 7 : openssl (CESA-2018:3221)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201712-03.NASL
    description The remote host is affected by the vulnerability described in GLSA-201712-03 (OpenSSL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in OpenSSL. Please review the referenced CVE identifiers for details. Impact : A remote attacker could cause a Denial of Service condition, recover a private key in unlikely circumstances, circumvent security restrictions to perform unauthorized actions, or gain access to sensitive information. Workaround : There are no known workarounds at this time.
    last seen 2019-02-21
    modified 2018-08-24
    plugin id 105263
    published 2017-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105263
    title GLSA-201712-03 : OpenSSL: Multiple vulnerabilities
  • NASL family Misc.
    NASL id JUNIPER_NSM_JSA10851.NASL
    description The remote host is running a version of NSM (Network and Security Manager) Server that is prior to 2012.2R14. It is, therefore, affected by multiple vulnerabilities in the bundled version of OpenSSL.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 109406
    published 2018-04-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109406
    title Juniper NSM < 2012.2R14 OpenSSL Multiple Vulnerabilities (JSA10851)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0053-1.NASL
    description The Docker images provided with SUSE CaaS Platform 2.0 have been updated to include the following updates: binutils : - Update to version 2.29 - 18750 bsc#1030296 CVE-2014-9939 - 20891 bsc#1030585 CVE-2017-7225 - 20892 bsc#1030588 CVE-2017-7224 - 20898 bsc#1030589 CVE-2017-7223 - 20905 bsc#1030584 CVE-2017-7226 - 20908 bsc#1031644 CVE-2017-7299 - 20909 bsc#1031656 CVE-2017-7300 - 20921 bsc#1031595 CVE-2017-7302 - 20922 bsc#1031593 CVE-2017-7303 - 20924 bsc#1031638 CVE-2017-7301 - 20931 bsc#1031590 CVE-2017-7304 - 21135 bsc#1030298 CVE-2017-7209 - 21137 bsc#1029909 CVE-2017-6965 - 21139 bsc#1029908 CVE-2017-6966 - 21156 bsc#1029907 CVE-2017-6969 - 21157 bsc#1030297 CVE-2017-7210 - 21409 bsc#1037052 CVE-2017-8392 - 21412 bsc#1037057 CVE-2017-8393 - 21414 bsc#1037061 CVE-2017-8394 - 21432 bsc#1037066 CVE-2017-8396 - 21440 bsc#1037273 CVE-2017-8421 - 21580 bsc#1044891 CVE-2017-9746 - 21581 bsc#1044897 CVE-2017-9747 - 21582 bsc#1044901 CVE-2017-9748 - 21587 bsc#1044909 CVE-2017-9750 - 21594 bsc#1044925 CVE-2017-9755 - 21595 bsc#1044927 CVE-2017-9756 - 21787 bsc#1052518 CVE-2017-12448 - 21813 bsc#1052503, CVE-2017-12456, bsc#1052507, CVE-2017-12454, bsc#1052509, CVE-2017-12453, bsc#1052511, CVE-2017-12452, bsc#1052514, CVE-2017-12450, bsc#1052503, CVE-2017-12456, bsc#1052507, CVE-2017-12454, bsc#1052509, CVE-2017-12453, bsc#1052511, CVE-2017-12452, bsc#1052514, CVE-2017-12450 - 21933 bsc#1053347 CVE-2017-12799 - 21990 bsc#1058480 CVE-2017-14333 - 22018 bsc#1056312 CVE-2017-13757 - 22047 bsc#1057144 CVE-2017-14129 - 22058 bsc#1057149 CVE-2017-14130 - 22059 bsc#1057139 CVE-2017-14128 - 22113 bsc#1059050 CVE-2017-14529 - 22148 bsc#1060599 CVE-2017-14745 - 22163 bsc#1061241 CVE-2017-14974 - 22170 bsc#1060621 CVE-2017-14729 - Make compressed debug section handling explicit, disable for old products and enable for gas on all architectures otherwise. [bsc#1029995] - Remove empty rpath component removal optimization from to workaround CMake rpath handling. [bsc#1025282] - Fix alignment frags for aarch64 (bsc#1003846) coreutils : - Fix df(1) to no longer interact with excluded file system types, so for example specifying -x nfs no longer hangs with problematic nfs mounts. (bsc#1026567) - Ensure df -l no longer interacts with dummy file system types, so for example no longer hangs with problematic NFS mounted via system.automount(5). (bsc#1043059) - Significantly speed up df(1) for huge mount lists. (bsc#965780) file : - update to version 5.22. - CVE-2014-9621: The ELF parser in file allowed remote attackers to cause a denial of service via a long string. (bsc#913650) - CVE-2014-9620: The ELF parser in file allowed remote attackers to cause a denial of service via a large number of notes. (bsc#913651) - CVE-2014-9653: readelf.c in file did not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file. (bsc#917152) - CVE-2014-8116: The ELF parser (readelf.c) in file allowed remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities. (bsc#910253) - CVE-2014-8117: softmagic.c in file did not properly limit recursion, which allowed remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. (bsc#910253) - Fixed a memory corruption during rpmbuild (bsc#1063269) - Backport of a fix for an increased printable string length as found in file 5.30 (bsc#996511) - file command throws 'Composite Document File V2 Document, corrupt: Can't read SSAT' error against excel 97/2003 file format. (bsc#1009966) gcc7 : - Support for specific IBM Power9 processor instructions. - Support for specific IBM zSeries z14 processor instructions. - New packages cross-npvtx-gcc7 and nvptx-tools added to the Toolchain Module for specific NVIDIA Card offload support. gzip : - fix mishandling of leading zeros in the end-of-block code (bsc#1067891) libsolv : - Many fixes and improvements for cleandeps. - Always create dup rules for 'distupgrade' jobs. - Use recommends also for ordering packages. - Fix splitprovides handling with addalreadyrecommended turned off. (bsc#1059065) - Expose solver_get_recommendations() in bindings. - Fix bug in solver_prune_to_highest_prio_per_name resulting in bad output from solver_get_recommendations(). - Support 'without' and 'unless' dependencies. - Use same heuristic as upstream to determine source RPMs. - Fix memory leak in bindings. - Add pool_best_solvables() function. - Fix 64bit integer parsing from RPM headers. - Enable bzip2 and xz/lzma compression support. - Enable complex/rich dependencies on distributions with RPM 4.13+. libtool : - Add missing dependencies and provides to baselibs.conf to make sure libltdl libraries are properly installed. (bsc#1056381) libzypp : - Fix media handling in presence of a repo path prefix. (bsc#1062561) - Fix RepoProvideFile ignoring a repo path prefix. (bsc#1062561) - Remove unused legacy notify-message script. (bsc#1058783) - Support multiple product licenses in repomd. (fate#322276) - Propagate 'rpm --import' errors. (bsc#1057188) - Fix typos in zypp.conf. openssl : - CVE-2017-3735: openssl1,openssl: Malformed X.509 IPAdressFamily could cause OOB read (bsc#1056058) - CVE-2017-3736: openssl: bn_sqrx8x_internal carry bug on x86_64 (bsc#1066242) - Out of bounds read+crash in DES_fcrypt (bsc#1065363) - openssl DEFAULT_SUSE cipher list is missing ECDHE-ECDSA ciphers (bsc#1055825) perl: Security issues for perl : - CVE-2017-12837: Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a escape and the case-insensitive modifier. (bnc#1057724) - CVE-2017-12883: Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid escape. (bnc#1057721) - CVE-2017-6512: Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic. (bnc#1047178) Bug fixes for perl : - backport set_capture_string changes from upstream (bsc#999735) - reformat baselibs.conf as source validator workaround systemd : - unit: When JobTimeoutSec= is turned off, implicitly turn off JobRunningTimeoutSec= too. (bsc#1048605, bsc#1004995) - compat-rules: Generate compat by-id symlinks with 'nvme' prefix missing and warn users that have broken symlinks. (bsc#1063249) - compat-rules: Allow to specify the generation number through the kernel command line. - scsi_id: Fixup prefix for pre-SPC inquiry reply. (bsc#1039099) - tmpfiles: Remove old ICE and X11 sockets at boot. - tmpfiles: Silently ignore any path that passes through autofs. (bsc#1045472) - pam_logind: Skip leading /dev/ from PAM_TTY field before passing it on. - shared/machine-pool: Fix another mkfs.btrfs checking. (bsc#1053595) - shutdown: Fix incorrect fscanf() result check. - shutdown: Don't remount,ro network filesystems. (bsc#1035386) - shutdown: Don't be fooled when detaching DM devices with BTRFS. (bsc#1055641) - bash-completion: Add support for --now. (bsc#1053137) - Add convert-lib-udev-path.sh script to convert /lib/udev directory into a symlink pointing to /usr/lib/udev when upgrading from SLE11. (bsc#1050152) - Add a rule to teach hotplug to offline containers transparently. (bsc#1040800) timezone : - Northern Cyprus switches from +03 to +02/+03 on 2017-10-29 - Fiji ends DST 2018-01-14, not 2018-01-21 - Namibia switches from +01/+02 to +02 on 2018-04-01 - Sudan switches from +03 to +02 on 2017-11-01 - Tonga likely switches from +13/+14 to +13 on 2017-11-05 - Turks and Caicos switches from -04 to -05/-04 on 2018-11-04 - Corrections to past DST transitions - Move oversized Canada/East-Saskatchewan to 'backward' file - zic(8) and the reference runtime now reject multiple leap seconds within 28 days of each other, or leap seconds before the Epoch. util-linux : - Allow unmounting of filesystems without calling stat() on the mount point, when '-c' is used. (bsc#1040968) - Fix an infinite loop, a crash and report the correct minimum and maximum frequencies in lscpu for some processors. (bsc#1055446) - Fix a lscpu failure on Sydney Amazon EC2 region. (bsc#1066500) - If multiple subvolumes are mounted, report the default subvolume. (bsc#1039276) velum : - Fix logout issue on DEX download page * page doesn't exist (bsc#1066611) - Handle invalid sessions more user friendly - Fix undesired minimum nodes alert blink (bsc#1066371) wicked : - A regression in wicked was causing the hostname not to be set correctly via DHCP in some cases (bsc#1057007,bsc#1050258) - Configure the interface MTU correctly even in cases where the interface was up already (bsc#1059292) - Don't abort the process that adds configures routes if one route fails (bsc#1036619) - Handle DHCP4 user-class ids properly (bsc#1045522) - ethtool: handle channels parameters (bsc#1043883) zypper : - Locale: Fix possible segmentation fault. (bsc#1064999) - Add summary hint if product is better updated by a different command. This is mainly used by rolling distributions like openSUSE Tumbleweed to remind their users to use 'zypper dup' to update (not zypper up or patch). (bsc#1061384) - Unify '(add|modify)(repo|service)' property related arguments. - Fixed 'add' commands supporting to set only a subset of properties. - Introduced '-f/-F' as preferred short option for --[no-]refresh in all four commands. (bsc#661410, bsc#1053671) - Fix missing package names in installation report. (bsc#1058695) - Differ between unsupported and packages with unknown support status. (bsc#1057634) - Return error code '107' if an RPM's %post configuration script fails, but only if ZYPPER_ON_CODE12_RETURN_107=1 is set in the environment. (bsc#1047233) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 106092
    published 2018-01-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106092
    title SUSE SLES12 Security Update : CaaS Platform 2.0 images (SUSE-SU-2018:0053-1)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2019-1009.NASL
    description According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) - openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang (CVE-2018-0732) - openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739) - openssl: Malformed X.509 IPAdressFamily could cause OOB read (CVE-2017-3735) - openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-08
    plugin id 120997
    published 2019-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120997
    title EulerOS 2.0 SP5 : openssl (EulerOS-SA-2019-1009)
  • NASL family Amazon Linux Local Security Checks
    NASL id AL2_ALAS-2018-1102.NASL
    description During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack.(CVE-2018-0732) Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.(CVE-2018-0495) Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe.(CVE-2018-0739) While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006.(CVE-2017-3735)
    last seen 2019-02-21
    modified 2018-11-09
    plugin id 118833
    published 2018-11-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118833
    title Amazon Linux 2 : openssl (ALAS-2018-1102)
  • NASL family MacOS X Local Security Checks
    NASL id MACOS_10_13_2.NASL
    description The remote host is running a version of Mac OS X that is 10.13.x prior to 10.13.2. It is, therefore, affected by multiple vulnerabilities in the following components : - apache - curl - Directory Utility - IOAcceleratorFamily - IOKit - Intel Graphics Driver - Kernel - Mail - Mail Drafts - OpenSSL - Screen Sharing Server Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 105080
    published 2017-12-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105080
    title macOS 10.13.x < 10.13.2 Multiple Vulnerabilities (Meltdown)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1420.NASL
    description According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) - openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang (CVE-2018-0732) - openssl: Malformed X.509 IPAdressFamily could cause OOB read (CVE-2017-3735) - openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) - openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-08
    plugin id 119909
    published 2018-12-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119909
    title EulerOS 2.0 SP2 : openssl (EulerOS-SA-2018-1420)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1392.NASL
    description According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) - openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang (CVE-2018-0732) - openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739) - openssl: Malformed X.509 IPAdressFamily could cause OOB read (CVE-2017-3735) - openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-10
    plugin id 119520
    published 2018-12-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119520
    title EulerOS 2.0 SP3 : openssl (EulerOS-SA-2018-1392)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2018-1102.NASL
    description Libgcrypt allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.(CVE-2018-0495) While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006.(CVE-2017-3735) Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe.(CVE-2018-0739)
    last seen 2019-02-21
    modified 2018-12-07
    plugin id 119464
    published 2018-12-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119464
    title Amazon Linux AMI : openssl (ALAS-2018-1102)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3475-1.NASL
    description It was discovered that OpenSSL incorrectly parsed the IPAddressFamily extension in X.509 certificates, resulting in an erroneous display of the certificate in text format. (CVE-2017-3735) It was discovered that OpenSSL incorrectly performed the x86_64 Montgomery squaring procedure. While unlikely, a remote attacker could possibly use this issue to recover private keys. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. (CVE-2017-3736). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 104432
    published 2017-11-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104432
    title Ubuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : openssl vulnerabilities (USN-3475-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-3221.NASL
    description From Red Hat Security Advisory 2018:3221 : An update for openssl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es) : * openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) * openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang (CVE-2018-0732) * openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739) * openssl: Malformed X.509 IPAdressFamily could cause OOB read (CVE-2017-3735) * openssl: RSA key generation cache timing vulnerability in crypto/rsa/ rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-07
    plugin id 118777
    published 2018-11-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118777
    title Oracle Linux 7 : openssl (ELSA-2018-3221)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-DBEC196DD8.NASL
    description Minor security update release 1.1.0g. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-02
    plugin id 104830
    published 2017-11-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104830
    title Fedora 26 : 1:openssl (2017-dbec196dd8)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-7F30914972.NASL
    description Minor update release 1.0.2m from upstream. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-02
    plugin id 104729
    published 2017-11-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104729
    title Fedora 26 : 1:compat-openssl10 (2017-7f30914972)
  • NASL family AIX Local Security Checks
    NASL id AIX_OPENSSL_ADVISORY24.NASL
    description The version of OpenSSL installed on the remote AIX host is affected by an off-by-one out-of-bounds read flaw in when processing X.509 certificates. This allows a context-dependent attacker to disclose limited memory contents.
    last seen 2019-02-21
    modified 2018-07-17
    plugin id 107231
    published 2018-03-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107231
    title AIX OpenSSL Advisory : openssl_advisory24.asc
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0002-1.NASL
    description This update for nodejs4 fixes the following issues: Security issues fixed : - CVE-2017-15896: Vulnerable to CVE-2017-3737 due to embedded OpenSSL (bsc#1072322). - CVE-2017-14919: Embedded zlib issue could cause a DoS via specific windowBits value. - CVE-2017-3738: Embedded OpenSSL is vulnerable to rsaz_1024_mul_avx2 overflow bug on x86_64. - CVE-2017-3736: Embedded OpenSSL is vulnerable to bn_sqrx8x_internal carry bug on x86_64 (bsc#1066242). - CVE-2017-3735: Embedded OpenSSL is vulnerable to malformed X.509 IPAdressFamily that could cause OOB read (bsc#1056058). Bug fixes : - Update to release 4.8.7 (bsc#1072322): https://nodejs.org/en/blog/vulnerability/december-2017-s ecurity-releases/ - https://nodejs.org/en/blog/release/v4.8.7/ - https://nodejs.org/en/blog/release/v4.8.6/ - https://nodejs.org/en/blog/release/v4.8.5/ Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 120012
    published 2019-01-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120012
    title SUSE SLES12 Security Update : nodejs4 (SUSE-SU-2018:0002-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-3169-1.NASL
    description This update for openssl fixes the following issues: Security issues fixed : - CVE-2017-3735: openssl1,openssl: Malformed X.509 IPAdressFamily could cause OOB read (bsc#1056058) - CVE-2017-3736: openssl: bn_sqrx8x_internal carry bug on x86_64 (bsc#1066242) - Out of bounds read+crash in DES_fcrypt (bsc#1065363) - openssl DEFAULT_SUSE cipher list is missing ECDHE-ECDSA ciphers (bsc#1055825) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 104967
    published 2017-12-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104967
    title SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2017:3169-1)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2017-0042.NASL
    description An update of [linux,openssl] packages for PhotonOS has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 111891
    published 2018-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111891
    title Photon OS 1.0: Linux / Openssl PHSA-2017-0042 (deprecated)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-4CF72E2C11.NASL
    description Minor security update release 1.1.0g. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-01
    plugin id 105872
    published 2018-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105872
    title Fedora 27 : 1:openssl (2017-4cf72e2c11)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-2981-1.NASL
    description This update for openssl fixes the following issues: Security issues fixed : - CVE-2017-3735: Malformed X.509 IPAdressFamily could cause OOB read (bsc#1056058) - adjust DEFAULT_SUSE to meet 1.0.2 and current state (bsc#1027908) - out of bounds read+crash in DES_fcrypt (bsc#1065363) - DEFAULT_SUSE cipher list is missing ECDHE-ECDSA ciphers (bsc#1055825) - Missing important ciphers in openssl 1.0.1i-47.1 (bsc#990592) Bug fixes : - support alternate root ca chains (bsc#1032261) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 104530
    published 2017-11-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104530
    title SUSE SLES12 Security Update : openssl (SUSE-SU-2017:2981-1)
  • NASL family Misc.
    NASL id ORACLE_ENTERPRISE_MANAGER_APR_2018_CPU.NASL
    description The version of Oracle Enterprise Manager Cloud Control installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities: - A carry propagating bug exists in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This issue affects only processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen. (CVE-2017-3736) - A flaw exists in parsing routine of IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. An attacker can exploit this issue to display an incorrect text of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g. (CVE-2017-3735)
    last seen 2019-02-21
    modified 2018-07-26
    plugin id 109204
    published 2018-04-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109204
    title Oracle Enterprise Manager Cloud Control Multiple Vulnerabilities (Apr 2018 CPU)
  • NASL family Web Servers
    NASL id OPENSSL_1_0_2M.NASL
    description According to its banner, the version of OpenSSL running on the remote host is 1.0.x prior to 1.0.2m. It is, therefore, affected by an unspecified carry vulnerability.
    last seen 2019-02-21
    modified 2018-07-17
    plugin id 104408
    published 2017-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104408
    title OpenSSL 1.0.x < 1.0.2m RSA/DSA Unspecified Carry Issue
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20181030_OPENSSL_ON_SL7_X.NASL
    description Security Fix(es) : - openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) - openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang (CVE-2018-0732) - openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739) - openssl: Malformed X.509 IPAdressFamily could cause OOB read (CVE-2017-3735) - openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737)
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 119194
    published 2018-11-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119194
    title Scientific Linux Security Update : openssl on SL7.x x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0293-1.NASL
    description This update for nodejs6 fixes the following issues: Security issues fixed : - CVE-2017-15896: Vulnerable to CVE-2017-3737 due to embedded OpenSSL (bsc#1072322). - CVE-2017-14919: Embedded zlib issue could cause a DoS via specific windowBits value. - CVE-2017-3738: Embedded OpenSSL is vulnerable to rsaz_1024_mul_avx2 overflow bug on x86_64. - CVE-2017-3736: Embedded OpenSSL is vulnerable to bn_sqrx8x_internal carry bug on x86_64 (bsc#1066242). - CVE-2017-3735: Embedded OpenSSL is vulnerable to malformed X.509 IPAdressFamily that could cause OOB read (bsc#1056058). Bug fixes : - Update to LTS release 6.12.2 (bsc#1072322): https://nodejs.org/en/blog/vulnerability/december-2017-s ecurity-releases/ - https://nodejs.org/en/blog/release/v6.12.2/ - https://nodejs.org/en/blog/release/v6.12.1/ - https://nodejs.org/en/blog/release/v6.12.0/ - https://nodejs.org/en/blog/release/v6.11.5/ - https://nodejs.org/en/blog/release/v6.11.4/ - https://nodejs.org/en/blog/release/v6.11.3/ - https://nodejs.org/en/blog/release/v6.11.2/ Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 120014
    published 2019-01-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120014
    title SUSE SLES12 Security Update : nodejs6 (SUSE-SU-2018:0293-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-512A6C5AAE.NASL
    description Minor update release 1.0.2m from upstream. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-01
    plugin id 105877
    published 2018-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105877
    title Fedora 27 : 1:compat-openssl10 (2017-512a6c5aae)
  • NASL family Misc.
    NASL id SECURITYCENTER_OPENSSL_1_0_2M.NASL
    description The Tenable SecurityCenter application installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities in the bundled version of OpenSSL.
    last seen 2019-02-21
    modified 2018-12-14
    plugin id 104639
    published 2017-11-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104639
    title Tenable SecurityCenter OpenSSL 1.0.2 < 1.0.2m Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-5.NASL
    description This update for nodejs4 fixes the following issues : Security issues fixed : - CVE-2017-15896: Vulnerable to CVE-2017-3737 due to embedded OpenSSL (bsc#1072322). - CVE-2017-14919: Embedded zlib issue could cause a DoS via specific windowBits value. - CVE-2017-3738: Embedded OpenSSL is vulnerable to rsaz_1024_mul_avx2 overflow bug on x86_64. - CVE-2017-3736: Embedded OpenSSL is vulnerable to bn_sqrx8x_internal carry bug on x86_64 (bsc#1066242). - CVE-2017-3735: Embedded OpenSSL is vulnerable to malformed X.509 IPAdressFamily that could cause OOB read (bsc#1056058). Bug fixes : - Update to release 4.8.7 (bsc#1072322) : - https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/ - https://nodejs.org/en/blog/release/v4.8.7/ - https://nodejs.org/en/blog/release/v4.8.6/ - https://nodejs.org/en/blog/release/v4.8.5/ This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2018-08-24
    plugin id 105638
    published 2018-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105638
    title openSUSE Security Update : nodejs4 (openSUSE-2018-5)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-116.NASL
    description This update for nodejs6 fixes the following issues : Security issues fixed : - CVE-2017-15896: Vulnerable to CVE-2017-3737 due to embedded OpenSSL (bsc#1072322). - CVE-2017-14919: Embedded zlib issue could cause a DoS via specific windowBits value. - CVE-2017-3738: Embedded OpenSSL is vulnerable to rsaz_1024_mul_avx2 overflow bug on x86_64. - CVE-2017-3736: Embedded OpenSSL is vulnerable to bn_sqrx8x_internal carry bug on x86_64 (bsc#1066242). - CVE-2017-3735: Embedded OpenSSL is vulnerable to malformed X.509 IPAdressFamily that could cause OOB read (bsc#1056058). Bug fixes : - Update to LTS release 6.12.2 (bsc#1072322) : - https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/ - https://nodejs.org/en/blog/release/v6.12.2/ - https://nodejs.org/en/blog/release/v6.12.1/ - https://nodejs.org/en/blog/release/v6.12.0/ - https://nodejs.org/en/blog/release/v6.11.5/ - https://nodejs.org/en/blog/release/v6.11.4/ - https://nodejs.org/en/blog/release/v6.11.3/ - https://nodejs.org/en/blog/release/v6.11.2/ This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2018-08-24
    plugin id 106547
    published 2018-02-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106547
    title openSUSE Security Update : nodejs6 (openSUSE-2018-116)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-55A3247CFD.NASL
    description Minor security update 1.0.2m. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-01
    plugin id 104826
    published 2017-11-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104826
    title Fedora 25 : 1:openssl (2017-55a3247cfd)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2017-0042_OPENSSL.NASL
    description An update of the openssl package has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 121753
    published 2019-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121753
    title Photon OS 1.0: Openssl PHSA-2017-0042
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4018.NASL
    description Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2017-3735 It was discovered that OpenSSL is prone to a one-byte buffer overread while parsing a malformed IPAddressFamily extension in an X.509 certificate. Details can be found in the upstream advisory: https://www.openssl.org/news/secadv/20170828.txt - CVE-2017-3736 It was discovered that OpenSSL contains a carry propagation bug in the x86_64 Montgomery squaring procedure. Details can be found in the upstream advisory: https://www.openssl.org/news/secadv/20171102.txt
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 104402
    published 2017-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104402
    title Debian DSA-4018-1 : openssl - security update
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0112-1.NASL
    description This update for openssl fixes the following issues: Security issues fixed : - CVE-2016-7056: ECSDA P-256 timing attack key recovery (bsc#1019334) - CVE-2017-3731: Truncated packet could crash via OOB read (bsc#1022085) - CVE-2016-8610: remote denial of service in SSL alert handling (bsc#1005878) - CVE-2017-3735: Malformed X.509 IPAdressFamily could cause OOB read (bsc#1056058) Bug fixes : - support alternate root ca chains (bsc#1032261) - X509_get_default_cert_file() returns an incorrect path (bsc#1022271) - Segmentation fault in 'openssl speed' when engine library file cannot be found (bsc#1000677) - adjust DEFAULT_SUSE to meet 1.0.2 and current state (bsc#1027908) - Missing important ciphers in openssl 1.0.1i-47.1 on SLES12 SP1 (bsc#990592) - out of bounds read+crash in DES_fcrypt (bsc#1065363) - tracker bug for January 26th 2017 release (bsc#1021641) - patch for CVE-2016-2108 fails negative zero exploit (bsc#1001502) - Birthday attacks on 64-bit block ciphers aka triple-des (SWEET32) (bsc#1001912) - Include additional patch for CVE-2016-2108 (bsc#1004499) - openssl DEFAULT_SUSE cipher list is missing ECDHE-ECDSA ciphers (bsc#1055825) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 106093
    published 2018-01-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106093
    title SUSE SLES12 Security Update : openssl (SUSE-SU-2018:0112-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-1324.NASL
    description This update for openssl fixes the following issues : Security issues fixed : - CVE-2017-3735: openssl1,openssl: Malformed X.509 IPAdressFamily could cause OOB read (bsc#1056058) - CVE-2017-3736: openssl: bn_sqrx8x_internal carry bug on x86_64 (bsc#1066242) - Out of bounds read+crash in DES_fcrypt (bsc#1065363) - openssl DEFAULT_SUSE cipher list is missing ECDHE-ECDSA ciphers (bsc#1055825) This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen 2019-02-21
    modified 2018-01-26
    plugin id 105224
    published 2017-12-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105224
    title openSUSE Security Update : openssl (openSUSE-2017-1324)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1157.NASL
    description A security vulnerability was discovered in OpenSSL, the Secure Sockets Layer toolkit. CVE-2017-3735 It was discovered that OpenSSL is prone to a one-byte buffer overread while parsing a malformed IPAddressFamily extension in an X.509 certificate. Details can be found in the upstream advisory: https://www.openssl.org/news/secadv/20170828.txt For Debian 7 'Wheezy', these problems have been fixed in version 1.0.1t-1+deb7u3. We recommend that you upgrade your openssl packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 104481
    published 2017-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104481
    title Debian DLA-1157-1 : openssl security update
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-3221.NASL
    description An update for openssl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es) : * openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) * openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang (CVE-2018-0732) * openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739) * openssl: Malformed X.509 IPAdressFamily could cause OOB read (CVE-2017-3735) * openssl: RSA key generation cache timing vulnerability in crypto/rsa/ rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 118534
    published 2018-10-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118534
    title RHEL 7 : openssl (RHSA-2018:3221)
  • NASL family Web Servers
    NASL id OPENSSL_1_1_0G.NASL
    description According to its banner, the version of OpenSSL running on the remote host is 1.1.0 prior to 1.1.0g. It is, therefore, affected by an unspecified carry vulnerability.
    last seen 2019-02-21
    modified 2018-07-17
    plugin id 104409
    published 2017-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104409
    title OpenSSL 1.1.0 < 1.1.0g RSA/DSA Unspecified Carry Issue
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_F40F07AAC00F11E7AC58B499BAEBFEAF.NASL
    description The OpenSSL project reports : bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) Severity: Moderate There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735) Severity: Low This issue was previously announced in security advisory https://www.openssl.org/news/secadv/20170828.txt, but the fix has not previously been included in a release due to its low severity.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 104367
    published 2017-11-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104367
    title FreeBSD : OpenSSL -- Multiple vulnerabilities (f40f07aa-c00f-11e7-ac58-b499baebfeaf)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_9442A811DAB311E7B5AFA4BADB2F4699.NASL
    description If an X.509 certificate has a malformed IPAddressFamily extension, OpenSSL could do a one-byte buffer overread. [CVE-2017-3735] There is a carry propagating bug in the x86_64 Montgomery squaring procedure. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen. [CVE-2017-3736] This bug only affects FreeBSD 11.x. Impact : Application using OpenSSL may display erroneous certificate in text format. [CVE-2017-3735] Mishandling of carry propagation will produce incorrect output, and make it easier for a remote attacker to obtain sensitive private-key information. No EC algorithms are affected, analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. [CVE-2017-3736]
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 105067
    published 2017-12-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105067
    title FreeBSD : FreeBSD -- OpenSSL multiple vulnerabilities (9442a811-dab3-11e7-b5af-a4badb2f4699)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4017.NASL
    description Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2017-3735 It was discovered that OpenSSL is prone to a one-byte buffer overread while parsing a malformed IPAddressFamily extension in an X.509 certificate. Details can be found in the upstream advisory: https://www.openssl.org/news/secadv/20170828.txt - CVE-2017-3736 It was discovered that OpenSSL contains a carry propagation bug in the x86_64 Montgomery squaring procedure. Details can be found in the upstream advisory: https://www.openssl.org/news/secadv/20171102.txt
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 104401
    published 2017-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104401
    title Debian DSA-4017-1 : openssl1.0 - security update
redhat via4
advisories
  • rhsa
    id RHSA-2018:3221
  • rhsa
    id RHSA-2018:3505
rpms
  • openssl-1:1.0.2k-16.el7
  • openssl-devel-1:1.0.2k-16.el7
  • openssl-libs-1:1.0.2k-16.el7
  • openssl-perl-1:1.0.2k-16.el7
  • openssl-static-1:1.0.2k-16.el7
refmap via4
bid 100515
confirm
debian
  • DSA-4017
  • DSA-4018
freebsd FreeBSD-SA-17:11
gentoo GLSA-201712-03
misc
mlist [debian-lts-announce] 20171109 [SECURITY] [DLA-1157-1] openssl security update
sectrack 1039726
ubuntu USN-3611-2
Last major update 28-08-2017 - 15:29
Published 28-08-2017 - 15:29
Last modified 23-04-2019 - 15:30
Back to Top