| nessus
via4
|
| NASL family | Fedora Local Security Checks | | NASL id | FEDORA_2010-5744.NASL | | description | Update to final release of upstream version 1.0.0. The update fixes important security vulnerabilities: CVE-2009-3245, CVE-2009-4355, CVE-2010-0433, and CVE-2010-0740. Refer to upstream CHANGES file for the detailed list of changes.
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. | | last seen | 2019-02-21 | | modified | 2018-11-28 | | plugin id | 47405 | | published | 2010-07-01 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=47405 | | title | Fedora 13 : openssl-1.0.0-1.fc13 (2010-5744) |
| NASL family | OracleVM Local Security Checks | | NASL id | ORACLEVM_OVMSA-2014-0007.NASL | | description | The remote OracleVM system is missing necessary patches to address critical security updates :
- fix for CVE-2014-0224 - SSL/TLS MITM vulnerability
- replace expired GlobalSign Root CA certificate in ca-bundle.crt
- fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589)
- fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052)
- enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB environment variable is set (fixes CVE-2012-4929 #857051)
- use __secure_getenv everywhere instead of getenv (#839735)
- fix for CVE-2012-2333 - improper checking for record length in DTLS (#820686)
- fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio (#814185)
- fix problem with the SGC restart patch that might terminate handshake incorrectly
- fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725)
- fix for CVE-2012-1165 - NULL read dereference on bad MIME headers (#802489)
- fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery vulnerability and additional DTLS fixes (#771770)
- fix for CVE-2011-4109 - double free in policy checks (#771771)
- fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775)
- fix for CVE-2011-4619 - SGC restart DoS attack (#771780)
- add known answer test for SHA2 algorithms (#740866)
- make default private key length in certificate Makefile 2048 bits (can be changed with PRIVATE_KEY_BITS setting) (#745410)
- fix incorrect return value in parse_yesno (#726593)
- added DigiCert CA certificates to ca-bundle (#735819)
- added a new section about error states to README.FIPS (#628976)
- add missing DH_check_pub_key call when DH key is computed (#698175)
- presort list of ciphers available in SSL (#688901)
- accept connection in s_server even if getaddrinfo fails (#561260)
- point to openssl dgst for list of supported digests (#608639)
- fix handling of future TLS versions (#599112)
- added VeriSign Class 3 Public Primary Certification Authority - G5 and StartCom Certification Authority certs to ca-bundle (#675671, #617856)
- upstream fixes for the CHIL engine (#622003, #671484)
- add SHA-2 hashes in SSL_library_init (#676384)
- fix CVE-2010-4180 - completely disable code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (#659462)
- fix CVE-2009-3245 - add missing bn_wexpand return checks (#570924)
- fix CVE-2010-0433 - do not pass NULL princ to krb5_kt_get_entry which in the RHEL-5 and newer versions will crash in such case (#569774)
- fix CVE-2009-3555 - support the safe renegotiation extension and do not allow legacy renegotiation on the server by default (#533125)
- fix CVE-2009-2409 - drop MD2 algorithm from EVP tables (#510197)
- fix CVE-2009-4355 - do not leak memory when CRYPTO_cleanup_all_ex_data is called prematurely by application (#546707) | | last seen | 2019-02-21 | | modified | 2018-07-24 | | plugin id | 79531 | | published | 2014-11-26 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=79531 | | title | OracleVM 2.2 : openssl (OVMSA-2014-0007) |
| NASL family | Slackware Local Security Checks | | NASL id | SLACKWARE_SSA_2010-060-02.NASL | | description | New openssl packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, and -current to fix security issues. | | last seen | 2019-02-21 | | modified | 2018-06-27 | | plugin id | 44946 | | published | 2010-03-02 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=44946 | | title | Slackware 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / current : openssl (SSA:2010-060-02) |
| NASL family | VMware ESX Local Security Checks | | NASL id | VMWARE_VMSA-2010-0009_REMOTE.NASL | | description | The remote VMware ESX / ESXi host is missing a security-related patch.
It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several components and third-party libraries :
- libpng
- VMnc Codec
- vmrun
- VMware Remote Console (VMrc)
- VMware Tools
- vmware-authd | | last seen | 2019-02-21 | | modified | 2018-08-06 | | plugin id | 89740 | | published | 2016-03-08 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=89740 | | title | VMware ESX / ESXi Third-Party Libraries and Components (VMSA-2010-0009) (remote check) |
| NASL family | OracleVM Local Security Checks | | NASL id | ORACLEVM_OVMSA-2014-0008.NASL | | description | The remote OracleVM system is missing necessary patches to address critical security updates :
- fix for CVE-2014-0224 - SSL/TLS MITM vulnerability
- replace expired GlobalSign Root CA certificate in ca-bundle.crt
- fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589)
- fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052)
- enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB environment variable is set (fixes CVE-2012-4929 #857051)
- use __secure_getenv everywhere instead of getenv (#839735)
- fix for CVE-2012-2333 - improper checking for record length in DTLS (#820686)
- fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio (#814185)
- fix problem with the SGC restart patch that might terminate handshake incorrectly
- fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725)
- fix for CVE-2012-1165 - NULL read dereference on bad MIME headers (#802489)
- fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery vulnerability and additional DTLS fixes (#771770)
- fix for CVE-2011-4109 - double free in policy checks (#771771)
- fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775)
- fix for CVE-2011-4619 - SGC restart DoS attack (#771780)
- add known answer test for SHA2 algorithms (#740866)
- make default private key length in certificate Makefile 2048 bits (can be changed with PRIVATE_KEY_BITS setting) (#745410)
- fix incorrect return value in parse_yesno (#726593)
- added DigiCert CA certificates to ca-bundle (#735819)
- added a new section about error states to README.FIPS (#628976)
- add missing DH_check_pub_key call when DH key is computed (#698175)
- presort list of ciphers available in SSL (#688901)
- accept connection in s_server even if getaddrinfo fails (#561260)
- point to openssl dgst for list of supported digests (#608639)
- fix handling of future TLS versions (#599112)
- added VeriSign Class 3 Public Primary Certification Authority - G5 and StartCom Certification Authority certs to ca-bundle (#675671, #617856)
- upstream fixes for the CHIL engine (#622003, #671484)
- add SHA-2 hashes in SSL_library_init (#676384)
- fix CVE-2010-4180 - completely disable code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (#659462)
- fix CVE-2009-3245 - add missing bn_wexpand return checks (#570924)
- fix CVE-2010-0433 - do not pass NULL princ to krb5_kt_get_entry which in the RHEL-5 and newer versions will crash in such case (#569774)
- fix CVE-2009-3555 - support the safe renegotiation extension and do not allow legacy renegotiation on the server by default (#533125)
- fix CVE-2009-2409 - drop MD2 algorithm from EVP tables (#510197)
- fix CVE-2009-4355 - do not leak memory when CRYPTO_cleanup_all_ex_data is called prematurely by application (#546707) | | last seen | 2019-02-21 | | modified | 2018-07-24 | | plugin id | 79532 | | published | 2014-11-26 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=79532 | | title | OracleVM 3.2 : onpenssl (OVMSA-2014-0008) |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_11_2_OPENSSL-CVE-2009-4355_PATCH-100115.NASL | | description | Incorrect use of an openssl cleanup function can lead to memory leaks in applications. For example an ssl enabled web server such as apache that uses php, curl and openssl leaks memory if a SIGHUP signal was sent to apache. The openssl cleanup function was made more robust to avoid memory leaks. (CVE-2009-4355) | | last seen | 2019-02-21 | | modified | 2018-07-31 | | plugin id | 44129 | | published | 2010-01-25 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=44129 | | title | SuSE 11.2 Security Update: openssl-CVE-2009-4355.patch (2010-01-15) |
| NASL family | VMware ESX Local Security Checks | | NASL id | VMWARE_VMSA-2010-0009.NASL | | description | a. Service Console update for COS kernel
Updated COS package 'kernel' addresses the security issues that are fixed through versions 2.6.18-164.11.1.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-2695, CVE-2009-2908, CVE-2009-3228, CVE-2009-3286, CVE-2009-3547, CVE-2009-3613 to the security issues fixed in kernel 2.6.18-164.6.1
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-3612, CVE-2009-3620, CVE-2009-3621, CVE-2009-3726 to the security issues fixed in kernel 2.6.18-164.9.1.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-4567, CVE-2009-4536, CVE-2009-4537, CVE-2009-4538 to the security issues fixed in kernel 2.6.18-164.10.1
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2006-6304, CVE-2009-2910, CVE-2009-3080, CVE-2009-3556, CVE-2009-3889, CVE-2009-3939, CVE-2009-4020, CVE-2009-4021, CVE-2009-4138, CVE-2009-4141, and CVE-2009-4272 to the security issues fixed in kernel 2.6.18-164.11.1.
b. ESXi userworld update for ntp
The Network Time Protocol (NTP) is used to synchronize the time of a computer client or server to another server or reference time source.
A vulnerability in ntpd could allow a remote attacker to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.
The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-3563 to this issue.
c. Service Console package openssl updated to 0.9.8e-12.el5_4.1
OpenSSL is a toolkit implementing SSL v2/v3 and TLS protocols with full-strength cryptography world-wide.
A memory leak in the zlib could allow a remote attacker to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function.
The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-4355 to this issue.
A vulnerability was discovered which may allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.
The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-2409 to this issue.
This update also includes security fixes that were first addressed in version openssl-0.9.8e-12.el5.i386.rpm.
The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the names CVE-2009-0590, CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, CVE-2009-1386 and CVE-2009-1387 to these issues.
d. Service Console update for krb5 to 1.6.1-36.el5_4.1 and pam_krb5 to 2.2.14-15.
Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography.
Multiple integer underflows in the AES and RC4 functionality in the crypto library could allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.
The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-4212 to this issue.
The service console package for pam_krb5 is updated to version pam_krb5-2.2.14-15. This update fixes a flaw found in pam_krb5. In some non-default configurations (specifically, where pam_krb5 would be the first module to prompt for a password), a remote attacker could use this flaw to recognize valid usernames, which would aid a dictionary-based password guess attack.
The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1384 to this issue.
e. Service Console package bind updated to 9.3.6-4.P1.el5_4.2
BIND (Berkeley Internet Name Daemon) is by far the most widely used Domain Name System (DNS) software on the Internet.
A vulnerability was discovered which could allow remote attacker to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain.
The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0097 to this issue.
A vulnerability was discovered which could allow remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains CNAME or DNAME records, which do not have the intended validation before caching.
The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0290 to this issue.
A vulnerability was found in the way that bind handles out-of- bailiwick data accompanying a secure response without re-fetching from the original source, which could allow remote attackers to have an unspecified impact via a crafted response.
The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0382 to this issue.
NOTE: ESX does not use the BIND name service daemon by default.
f. Service Console package gcc updated to 3.2.3-60
The GNU Compiler Collection includes front ends for C, C++, Objective-C, Fortran, Java, and Ada, as well as libraries for these languages
GNU Libtool's ltdl.c attempts to open .la library files in the current working directory. This could allow a local user to gain privileges via a Trojan horse file. The GNU C Compiler collection (gcc) provided in ESX contains a statically linked version of the vulnerable code, and is being replaced.
The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-3736 to this issue.
g. Service Console package gzip update to 1.3.3-15.rhel3
gzip is a software application used for file compression
An integer underflow in gzip's unlzw function on 64-bit platforms may allow a remote attacker to trigger an array index error leading to a denial of service (application crash) or possibly execute arbitrary code via a crafted LZW compressed file.
The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0001 to this issue.
h. Service Console package sudo updated to 1.6.9p17-6.el5_4
Sudo (su 'do') allows a system administrator to delegate authority to give certain users (or groups of users) the ability to run some (or all) commands as root or another user while providing an audit trail of the commands and their arguments.
When a pseudo-command is enabled, sudo permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file.
The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0426 to this issue.
When the runas_default option is used, sudo does not properly set group memberships, which allows local users to gain privileges via a sudo command.
The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0427 to this issue. | | last seen | 2019-02-21 | | modified | 2018-08-06 | | plugin id | 46765 | | published | 2010-06-01 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=46765 | | title | VMSA-2010-0009 : ESXi ntp and ESX Service Console third-party updates |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_11_1_OPENSSL-CVE-2009-4355_PATCH-100120.NASL | | description | Incorrect use of an openssl cleanup function can lead to memory leaks in applications. For example an ssl enabled web server such as apache that uses php, curl and openssl leaks memory if a SIGHUP signal was sent to apache. The openssl cleanup function was made more robust to avoid memory leaks (CVE-2009-4355).
Additionally a problem with creating pkcs12 files was fixed. | | last seen | 2019-02-21 | | modified | 2014-06-13 | | plugin id | 44127 | | published | 2010-01-25 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=44127 | | title | openSUSE Security Update : openssl-CVE-2009-4355.patch (openssl-CVE-2009-4355.patch-1834) |
| NASL family | Gentoo Local Security Checks | | NASL id | GENTOO_GLSA-201110-01.NASL | | description | The remote host is affected by the vulnerability described in GLSA-201110-01 (OpenSSL: Multiple vulnerabilities)
Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details.
Impact :
A context-dependent attacker could cause a Denial of Service, possibly execute arbitrary code, bypass intended key requirements, force the downgrade to unintended ciphers, bypass the need for knowledge of shared secrets and successfully authenticate, bypass CRL validation, or obtain sensitive information in applications that use OpenSSL.
Workaround :
There is no known workaround at this time. | | last seen | 2019-02-21 | | modified | 2018-07-11 | | plugin id | 56425 | | published | 2011-10-10 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=56425 | | title | GLSA-201110-01 : OpenSSL: Multiple vulnerabilities |
| NASL family | Scientific Linux Local Security Checks | | NASL id | SL_20100119_OPENSSL_ON_SL5_X.NASL | | description | CVE-2009-2409 deprecate MD2 in SSL cert validation (Kaminsky)
CVE-2009-4355 openssl significant memory leak in certain SSLv3 requests (DoS)
It was found that the OpenSSL library did not properly re-initialize its internal state in the SSL_library_init() function after previous calls to the CRYPTO_cleanup_all_ex_data() function, which would cause a memory leak for each subsequent SSL connection. This flaw could cause server applications that call those functions during reload, such as a combination of the Apache HTTP Server, mod_ssl, PHP, and cURL, to consume all available memory, resulting in a denial of service. (CVE-2009-4355)
Dan Kaminsky found that browsers could accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. OpenSSL now disables the use of the MD2 algorithm inside signatures by default. (CVE-2009-2409)
For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. | | last seen | 2019-02-21 | | modified | 2019-01-02 | | plugin id | 60725 | | published | 2012-08-01 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=60725 | | title | Scientific Linux Security Update : openssl on SL5.x i386/x86_64 |
| NASL family | Fedora Local Security Checks | | NASL id | FEDORA_2010-5357.NASL | | description | Update to upstream version 0.9.8n fixing multiple security issues:
CVE-2009-3555, CVE-2009-3245, CVE-2009-4355, and CVE-2010-0433. Refer to upstream CHANGES file for the detailed list of changes since version 0.9.8k :
- http://cvs.openssl.org/fileview?f=openssl/CHANGES&v=1.12 38.2.193
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. | | last seen | 2019-02-21 | | modified | 2018-07-12 | | plugin id | 47385 | | published | 2010-07-01 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=47385 | | title | Fedora 11 : openssl-0.9.8n-1.fc11 (2010-5357) |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_11_0_OPENSSL-CVE-2009-4355_PATCH-100115.NASL | | description | Incorrect use of an openssl cleanup function can lead to memory leaks in applications. For example an ssl enabled web server such as apache that uses php, curl and openssl leaks memory if a SIGHUP signal was sent to apache. The openssl cleanup function was made more robust to avoid memory leaks (CVE-2009-4355). | | last seen | 2019-02-21 | | modified | 2014-06-13 | | plugin id | 44125 | | published | 2010-01-25 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=44125 | | title | openSUSE Security Update : openssl-CVE-2009-4355.patch (openssl-CVE-2009-4355.patch-1833) |
| NASL family | Mandriva Local Security Checks | | NASL id | MANDRIVA_MDVSA-2010-022.NASL | | description | Some vulnerabilities were discovered and corrected in openssl :
Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_free_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678 (CVE-2009-4355).
Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.
The updated packages have been patched to correct thies issue. | | last seen | 2019-02-21 | | modified | 2018-07-19 | | plugin id | 44103 | | published | 2010-01-21 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=44103 | | title | Mandriva Linux Security Advisory : openssl (MDVSA-2010:022) |
| NASL family | Ubuntu Local Security Checks | | NASL id | UBUNTU_USN-884-1.NASL | | description | It was discovered that OpenSSL did not correctly free unused memory in certain situations. A remote attacker could trigger this flaw in services that used SSL, causing the service to use all available system memory, leading to a denial of service.
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. | | last seen | 2019-02-21 | | modified | 2019-01-02 | | plugin id | 43898 | | published | 2010-01-14 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=43898 | | title | Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : openssl vulnerability (USN-884-1) |
| NASL family | Debian Local Security Checks | | NASL id | DEBIAN_DSA-1970.NASL | | description | It was discovered that a significant memory leak could occur in OpenSSL, related to the reinitialization of zlib. This could result in a remotely exploitable denial of service vulnerability when using the Apache httpd server in a configuration where mod_ssl, mod_php5, and the php5-curl extension are loaded. | | last seen | 2019-02-21 | | modified | 2018-11-10 | | plugin id | 44835 | | published | 2010-02-24 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=44835 | | title | Debian DSA-1970-1 : openssl - denial of service |
| NASL family | Oracle Linux Local Security Checks | | NASL id | ORACLELINUX_ELSA-2010-0054.NASL | | description | From Red Hat Security Advisory 2010:0054 :
Updated openssl packages that fix two security issues are now available for Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red Hat Security Response Team.
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.
It was found that the OpenSSL library did not properly re-initialize its internal state in the SSL_library_init() function after previous calls to the CRYPTO_cleanup_all_ex_data() function, which would cause a memory leak for each subsequent SSL connection. This flaw could cause server applications that call those functions during reload, such as a combination of the Apache HTTP Server, mod_ssl, PHP, and cURL, to consume all available memory, resulting in a denial of service. (CVE-2009-4355)
Dan Kaminsky found that browsers could accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. OpenSSL now disables the use of the MD2 algorithm inside signatures by default. (CVE-2009-2409)
All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. | | last seen | 2019-02-21 | | modified | 2019-01-02 | | plugin id | 67989 | | published | 2013-07-12 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=67989 | | title | Oracle Linux 5 : openssl (ELSA-2010-0054) |
| NASL family | Web Servers | | NASL id | OPENSSL_0_9_8M.NASL | | description | According to its banner, the remote web server uses a version of OpenSSL older than 0.9.8m. Such versions have the following vulnerabilities :
- Session renegotiations are not handled properly, which could be exploited to insert arbitrary plaintext by a man-in-the-middle. (CVE-2009-3555)
- The library does not check for a NULL return value from calls to the bn_wexpand() function, which has unspecified impact.
(CVE-2009-3245)
- A memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c allows remote attackers to cause a denial of service via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function.
(CVE-2008-1678, CVE-2009-4355) For this vulnerability to be exploitable, compression must be enabled in OpenSSL for SSL/TLS connections. | | last seen | 2019-02-21 | | modified | 2018-11-15 | | plugin id | 45039 | | published | 2010-03-11 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=45039 | | title | OpenSSL < 0.9.8m Multiple Vulnerabilities |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_OPENSSL-CVE-2009-4355.PATCH-6784.NASL | | description | Incorrect use of an OpenSSL cleanup function can lead to memory leaks in applications. For example an SSL enabled web server such as Apache that uses PHP, curl and OpenSSL leaks memory if a SIGHUP signal was sent to Apache. The OpenSSL cleanup function was made more robust to avoid memory leaks. (CVE-2009-4355) | | last seen | 2019-02-21 | | modified | 2012-05-17 | | plugin id | 44132 | | published | 2010-01-25 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=44132 | | title | SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 6784) |
| NASL family | Red Hat Local Security Checks | | NASL id | REDHAT-RHSA-2010-0054.NASL | | description | Updated openssl packages that fix two security issues are now available for Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red Hat Security Response Team.
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.
It was found that the OpenSSL library did not properly re-initialize its internal state in the SSL_library_init() function after previous calls to the CRYPTO_cleanup_all_ex_data() function, which would cause a memory leak for each subsequent SSL connection. This flaw could cause server applications that call those functions during reload, such as a combination of the Apache HTTP Server, mod_ssl, PHP, and cURL, to consume all available memory, resulting in a denial of service. (CVE-2009-4355)
Dan Kaminsky found that browsers could accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. OpenSSL now disables the use of the MD2 algorithm inside signatures by default. (CVE-2009-2409)
All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. | | last seen | 2019-02-21 | | modified | 2019-01-02 | | plugin id | 44063 | | published | 2010-01-20 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=44063 | | title | RHEL 5 : openssl (RHSA-2010:0054) |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_OPENSSL-CVE-2009-4355.PATCH-6783.NASL | | description | Incorrect use of an OpenSSL cleanup function can lead to memory leaks in applications. For example an SSL enabled web server such as Apache that uses PHP, curl and OpenSSL leaks memory if a SIGHUP signal was sent to Apache. The OpenSSL cleanup function was made more robust to avoid memory leaks. (CVE-2009-4355) | | last seen | 2019-02-21 | | modified | 2012-05-17 | | plugin id | 49910 | | published | 2010-10-11 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=49910 | | title | SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 6783) |
| NASL family | CentOS Local Security Checks | | NASL id | CENTOS_RHSA-2010-0054.NASL | | description | Updated openssl packages that fix two security issues are now available for Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red Hat Security Response Team.
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.
It was found that the OpenSSL library did not properly re-initialize its internal state in the SSL_library_init() function after previous calls to the CRYPTO_cleanup_all_ex_data() function, which would cause a memory leak for each subsequent SSL connection. This flaw could cause server applications that call those functions during reload, such as a combination of the Apache HTTP Server, mod_ssl, PHP, and cURL, to consume all available memory, resulting in a denial of service. (CVE-2009-4355)
Dan Kaminsky found that browsers could accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. OpenSSL now disables the use of the MD2 algorithm inside signatures by default. (CVE-2009-2409)
All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. | | last seen | 2019-02-21 | | modified | 2018-11-28 | | plugin id | 44097 | | published | 2010-01-21 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=44097 | | title | CentOS 5 : openssl (CESA-2010:0054) |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_11_OPENSSL-CVE-2009-4355_PATCH-100115.NASL | | description | Incorrect use of an OpenSSL cleanup function can lead to memory leaks in applications. For example an SSL enabled web server such as Apache that uses PHP, curl and OpenSSL leaks memory if a SIGHUP signal was sent to Apache. The OpenSSL cleanup function was made more robust to avoid memory leaks. (CVE-2009-4355) | | last seen | 2019-02-21 | | modified | 2013-10-25 | | plugin id | 44131 | | published | 2010-01-25 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=44131 | | title | SuSE 11 Security Update : OpenSSL (SAT Patch Number 1810) |
|
