wid-sec-w-2022-1914
Vulnerability from csaf_certbund
Published
2017-01-26 23:00
Modified
2024-01-25 23:00
Summary
OpenSSL: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
OpenSSL ist eine im Quelltext frei verfügbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in OpenSSL ausnutzen, um einen Denial of Service Angriff durchzuführen oder vertrauliche Daten einzusehen.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
- Juniper Appliance
- Appliance
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "OpenSSL ist eine im Quelltext frei verfügbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in OpenSSL ausnutzen, um einen Denial of Service Angriff durchzuführen oder vertrauliche Daten einzusehen.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux\n- Windows\n- Juniper Appliance\n- Appliance", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2022-1914 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2017/wid-sec-w-2022-1914.json", }, { category: "self", summary: "WID-SEC-2022-1914 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1914", }, { category: "external", summary: "OpenSSL Security Advisory 20170126 vom 2017-01-26", url: "https://www.openssl.org/news/secadv/20170126.txt", }, { category: "external", summary: "Debian Security Advisory DSA-3773 vom 2017-01-28", url: "https://www.debian.org/security/2017/dsa-3773", }, { category: "external", summary: "CISCO Security Advisory CISCO-SA-20170130-OPENSSL vom 2017-01-30", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170130-openssl?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Vulnerabilities%20in%20OpenSSL%20Affecting%20Cisco%20Products:%20January%202017&vs_k=1", }, { category: "external", summary: "Ubuntu Security Notice USN-3181-1 vom 2017-01-31", url: "http://www.ubuntu.com/usn/usn-3181-1/", }, { category: "external", summary: "NoMachine Knowledge Base Article", url: "https://www.nomachine.com/SU01O00180", }, { category: "external", summary: "Tenable Advisory ID: TNS-2017-03", url: "https://www.tenable.com/security/tns-2017-03", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2017:0431-1 vom 2017-02-09", url: "https://www.suse.com/support/update/announcement/2017/suse-su-20170431-1.html", }, { category: "external", summary: "BLUECOAT Security Advisory SA14 vom 2017-02-09", url: "https://bto.bluecoat.com/security-advisory/sa141", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2017:0441-1 vom 2017-02-11", url: "https://www.suse.com/support/update/announcement/2017/suse-su-20170441-1.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2017:0461-1 vom 2017-02-15", url: "https://www.suse.com/support/update/announcement/2017/suse-su-20170461-1.html", }, { category: "external", summary: "F5 Security Advisory K44512851 vom 2017-02-16", url: "https://support.f5.com/csp/article/K44512851", }, { category: "external", summary: "NetApp Advisory NTAP-20170127-0001", url: "https://kb.netapp.com/support/s/article/ka51A00000007AWQAY/NTAP-20170127-0001?language=en_US", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2017:0495-1 vom 2017-02-17", url: "https://www.suse.com/support/update/announcement/2017/suse-su-20170495-1.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2017:0286-1 vom 2017-02-20", url: "http://rhn.redhat.com/errata/RHSA-2017-0286.html", }, { category: "external", summary: "IBM Security Advisory openssl_advisory23.asc vom 2017-02-17", url: "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory23.asc", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2017-0286 vom 2017-02-20", url: "http://linux.oracle.com/errata/ELSA-2017-0286.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2017-3519 vom 2017-02-21", url: "http://linux.oracle.com/errata/ELSA-2017-3519.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2017-3518 vom 2017-02-21", url: "http://linux.oracle.com/errata/ELSA-2017-3518.html", }, { category: "external", summary: "F5 Security Advisory K37526132 vom 2017-02-23", url: "https://support.f5.com/csp/article/K37526132", }, { category: "external", summary: "FreeBSD Security Advisory: FreeBSD-SA-17:02.openssl", url: "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:02.openssl.asc", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2017:0855-1 vom 2017-03-29", url: "https://www.suse.com/support/update/announcement/2017/suse-su-20170855-1.html", }, { category: "external", summary: "Juniper Security Bulletin JSA10775 vom 2017-07-12", url: "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10775", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2017:3343-1 vom 2017-12-16", url: "https://www.suse.com/support/update/announcement/2017/suse-su-20173343-1.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2018:0112-1 vom 2018-01-16", url: "https://www.suse.com/support/update/announcement/2018/suse-su-20180112-1.html", }, { category: "external", summary: "Juniper Security Advisory JSA10851 vom 2018-04-12", url: "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10851", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2018:2185 vom 2018-07-13", url: "https://access.redhat.com/errata/RHSA-2018:2185", }, { category: "external", summary: "FortiGuard Labs OpenSSL Security Advisory", url: "https://fortiguard.com/psirt/FG-IR-17-019", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2018:2568 vom 2018-08-27", url: "http://rhn.redhat.com/errata/RHSA-2018-2568.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2018:2839-1 vom 2018-09-24", url: "https://www.suse.com/support/update/announcement/2018/suse-su-20182839-1.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2019-4747 vom 2019-08-16", url: "http://linux.oracle.com/errata/ELSA-2019-4747.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2021-9150 vom 2021-04-01", url: "https://linux.oracle.com/errata/ELSA-2021-9150.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2022-9272 vom 2022-04-08", url: "https://linux.oracle.com/errata/ELSA-2022-9272.html", }, { category: "external", summary: "IBM Security Bulletin 6833208 vom 2022-11-01", url: "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-vulnerable-to-a-flaw-in-openssl-cve-2017-3732/", }, { category: "external", summary: "Dell Knowledge Base Article", url: "https://www.dell.com/support/kbdoc/en-us/000221474/dsa-2024-059-security-update-for-dell-networker-multiple-components-vulnerabilities", }, ], source_lang: "en-US", title: "OpenSSL: Mehrere Schwachstellen", tracking: { current_release_date: "2024-01-25T23:00:00.000+00:00", generator: { date: "2024-08-15T17:37:20.775+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2022-1914", initial_release_date: "2017-01-26T23:00:00.000+00:00", revision_history: [ { date: "2017-01-26T23:00:00.000+00:00", number: "1", summary: "Initial Release", }, { date: "2017-01-26T23:00:00.000+00:00", number: "2", summary: "Version nicht vorhanden", }, { date: "2017-01-29T23:00:00.000+00:00", number: "3", summary: "New remediations available", }, { date: "2017-01-30T23:00:00.000+00:00", number: "4", summary: "New remediations available", }, { date: "2017-01-31T23:00:00.000+00:00", number: "5", summary: "New remediations available", }, { date: "2017-02-01T23:00:00.000+00:00", number: "6", summary: "New remediations available", }, { date: "2017-02-02T23:00:00.000+00:00", number: "7", summary: "New remediations available", }, { date: "2017-02-09T23:00:00.000+00:00", number: "8", summary: "New remediations available", }, { date: "2017-02-09T23:00:00.000+00:00", number: "9", summary: "Version nicht vorhanden", }, { date: "2017-02-12T23:00:00.000+00:00", number: "10", summary: "New remediations available", }, { date: "2017-02-15T23:00:00.000+00:00", number: "11", summary: "New remediations available", }, { date: "2017-02-16T23:00:00.000+00:00", number: "12", summary: "New remediations available", }, { date: "2017-02-19T23:00:00.000+00:00", number: "13", summary: "New remediations available", }, { date: "2017-02-19T23:00:00.000+00:00", number: "14", summary: "Version nicht vorhanden", }, { date: "2017-02-19T23:00:00.000+00:00", number: "15", summary: "New remediations available", }, { date: "2017-02-19T23:00:00.000+00:00", number: "16", summary: "New remediations available", }, { date: "2017-02-19T23:00:00.000+00:00", number: "17", summary: "Version nicht vorhanden", }, { date: "2017-02-20T23:00:00.000+00:00", number: "18", summary: "New remediations available", }, { date: "2017-02-20T23:00:00.000+00:00", number: "19", summary: "Version nicht vorhanden", }, { date: "2017-02-20T23:00:00.000+00:00", number: "20", summary: "New remediations available", }, { date: "2017-02-22T23:00:00.000+00:00", number: "21", summary: "New remediations available", }, { date: "2017-02-22T23:00:00.000+00:00", number: "22", summary: "New remediations available", }, { date: "2017-03-30T22:00:00.000+00:00", number: "23", summary: "New remediations available", }, { date: "2017-07-12T22:00:00.000+00:00", number: "24", summary: "New remediations available", }, { date: "2017-07-12T22:00:00.000+00:00", number: "25", summary: "Version nicht vorhanden", }, { date: "2017-07-23T22:00:00.000+00:00", number: "26", summary: "Added references", }, { date: "2018-01-16T23:00:00.000+00:00", number: "27", summary: "New remediations available", }, { date: "2018-04-12T22:00:00.000+00:00", number: "28", summary: "New remediations available", }, { date: "2018-07-12T22:00:00.000+00:00", number: "29", summary: "New remediations available", }, { date: "2018-07-15T22:00:00.000+00:00", number: "30", summary: "New remediations available", }, { date: "2018-07-15T22:00:00.000+00:00", number: "31", summary: "Version nicht vorhanden", }, { date: "2018-07-15T22:00:00.000+00:00", number: "32", summary: "Version nicht vorhanden", }, { date: "2018-07-15T22:00:00.000+00:00", number: "33", summary: "Version nicht vorhanden", }, { date: "2018-08-23T22:00:00.000+00:00", number: "34", summary: "Added references", }, { date: "2018-08-27T22:00:00.000+00:00", number: "35", summary: "New remediations available", }, { date: "2018-09-24T22:00:00.000+00:00", number: "36", summary: "New remediations available", }, { date: "2019-08-18T22:00:00.000+00:00", number: "37", summary: "Neue Updates von Oracle Linux aufgenommen", }, { date: "2021-03-31T22:00:00.000+00:00", number: "38", summary: "Neue Updates von Oracle Linux aufgenommen", }, { date: "2022-04-10T22:00:00.000+00:00", number: "39", summary: "Neue Updates von Oracle Linux aufgenommen", }, { date: "2022-10-31T23:00:00.000+00:00", number: "40", summary: "Neue Updates von IBM aufgenommen", }, { date: "2024-01-25T23:00:00.000+00:00", number: "41", summary: "Neue Updates von Dell aufgenommen", }, ], status: "final", version: "41", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Blue Coat Director 6.1 - 6.1.22.1", product: { name: "Blue Coat Director 6.1 - 6.1.22.1", product_id: "T009383", product_identification_helper: { cpe: "cpe:/a:bluecoat:director:6.1.22.1", }, }, }, { category: "product_name", name: "Blue Coat IntelligenceCenter 3.3", product: { name: "Blue Coat IntelligenceCenter 3.3", product_id: "T007083", product_identification_helper: { cpe: "cpe:/a:bluecoat:intelligencecenter:3.3", }, }, }, { category: "product_name", name: "Blue Coat ProxyAV 3.5", product: { name: "Blue Coat ProxyAV 3.5", product_id: "T003290", product_identification_helper: { cpe: "cpe:/h:bluecoat:proxyav:3.5", }, }, }, { branches: [ { category: "product_name", name: "Blue Coat ProxySG 6.6", product: { name: "Blue Coat ProxySG 6.6", product_id: "T006617", product_identification_helper: { cpe: "cpe:/h:bluecoat:proxysg:6.6", }, }, }, { category: "product_name", name: "Blue Coat ProxySG 6.5", product: { name: "Blue Coat ProxySG 6.5", product_id: "T006618", product_identification_helper: { cpe: "cpe:/h:bluecoat:proxysg:6.5", }, }, }, ], category: "product_name", name: "ProxySG", }, ], category: "vendor", name: "Blue Coat", }, { branches: [ { category: "product_name", name: "Debian Linux", product: { name: "Debian Linux", product_id: "2951", product_identification_helper: { cpe: "cpe:/o:debian:debian_linux:-", }, }, }, ], category: "vendor", name: "Debian", }, { branches: [ { category: "product_name", name: "Dell NetWorker < 19.10", product: { name: "Dell NetWorker < 19.10", product_id: "T032354", product_identification_helper: { cpe: "cpe:/a:dell:networker:19.10", }, }, }, ], category: "vendor", name: "Dell", }, { branches: [ { branches: [ { category: "product_name", name: "Fortinet FortiOS < 5.6.0", product: { name: "Fortinet FortiOS < 5.6.0", product_id: "T010101", product_identification_helper: { cpe: "cpe:/o:fortinet:fortios:5.6.0", }, }, }, { category: "product_name", name: "Fortinet FortiOS < 5.4.6", product: { name: "Fortinet FortiOS < 5.4.6", product_id: "T011155", product_identification_helper: { cpe: "cpe:/o:fortinet:fortios:5.4.6", }, }, }, ], category: "product_name", name: "FortiOS", }, ], category: "vendor", name: "Fortinet", }, { branches: [ { category: "product_name", name: "FreeBSD Project FreeBSD OS", product: { name: "FreeBSD Project FreeBSD OS", product_id: "4035", product_identification_helper: { cpe: "cpe:/o:freebsd:freebsd:-", }, }, }, ], category: "vendor", name: "FreeBSD Project", }, { branches: [ { branches: [ { category: "product_name", name: "IBM AIX 7.1", product: { name: "IBM AIX 7.1", product_id: "153340", product_identification_helper: { cpe: "cpe:/o:ibm:aix:7.1", }, }, }, { category: "product_name", name: "IBM AIX 5.3", product: { name: "IBM AIX 5.3", product_id: "30418", product_identification_helper: { cpe: "cpe:/o:ibm:aix:5.3", }, }, }, { category: "product_name", name: "IBM AIX 6.1", product: { name: "IBM AIX 6.1", product_id: "73182", product_identification_helper: { cpe: "cpe:/o:ibm:aix:6.1", }, }, }, { category: "product_name", name: "IBM AIX 7.2", product: { name: "IBM AIX 7.2", product_id: "T006613", product_identification_helper: { cpe: "cpe:/o:ibm:aix:7.2", }, }, }, ], category: "product_name", name: "AIX", }, { category: "product_name", name: "IBM DataPower Gateway", product: { name: "IBM DataPower Gateway", product_id: "393635", product_identification_helper: { cpe: "cpe:/a:ibm:datapower_gateway:-", }, }, }, { category: "product_name", name: "IBM VIOS 2.2.x", product: { name: "IBM VIOS 2.2.x", product_id: "T002859", product_identification_helper: { cpe: "cpe:/a:ibm:vios:2.2", }, }, }, ], category: "vendor", name: "IBM", }, { branches: [ { category: "product_name", name: "Juniper JUNOS", product: { name: "Juniper JUNOS", product_id: "5930", product_identification_helper: { cpe: "cpe:/o:juniper:junos:-", }, }, }, ], category: "vendor", name: "Juniper", }, { branches: [ { category: "product_name", name: "NetApp OnCommand Unified Manager", product: { name: "NetApp OnCommand Unified Manager", product_id: "T009408", product_identification_helper: { cpe: "cpe:/a:netapp:oncommand_unified_manager:-", }, }, }, ], category: "vendor", name: "NetApp", }, { branches: [ { branches: [ { category: "product_name", name: "Open Source OpenSSL < 1.0.2k", product: { name: "Open Source OpenSSL < 1.0.2k", product_id: "T009320", product_identification_helper: { cpe: "cpe:/a:openssl:openssl:1.0.2k", }, }, }, { category: "product_name", name: "Open Source OpenSSL < 1.1.0d", product: { name: "Open Source OpenSSL < 1.1.0d", product_id: "T009321", product_identification_helper: { cpe: "cpe:/a:openssl:openssl:1.1.0d", }, }, }, ], category: "product_name", name: "OpenSSL", }, ], category: "vendor", name: "Open Source", }, { branches: [ { category: "product_name", name: "Oracle Linux", product: { name: "Oracle Linux", product_id: "T004914", product_identification_helper: { cpe: "cpe:/o:oracle:linux:-", }, }, }, ], category: "vendor", name: "Oracle", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, ], category: "vendor", name: "Red Hat", }, { branches: [ { category: "product_name", name: "SUSE Linux", product: { name: "SUSE Linux", product_id: "T002207", product_identification_helper: { cpe: "cpe:/o:suse:suse_linux:-", }, }, }, ], category: "vendor", name: "SUSE", }, { branches: [ { category: "product_name", name: "Ubuntu Linux", product: { name: "Ubuntu Linux", product_id: "T000126", product_identification_helper: { cpe: "cpe:/o:canonical:ubuntu_linux:-", }, }, }, ], category: "vendor", name: "Ubuntu", }, ], }, vulnerabilities: [ { cve: "CVE-2017-3730", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in OpenSSL. Ein entfernter anonymer Angreifer kann durch das Senden speziell gestalteter Parameter für einen DHE- oder ECDHE-Schlüsselaustausch eine Nullzeiger-Dereferenzierung auslösen und so den Absturz des Ziel-Client-Dienstes herbeiführen.", }, ], product_status: { known_affected: [ "153340", "T009408", "67646", "4035", "T006613", "393635", "T004914", "T032354", "T002859", "73182", "2951", "T002207", "T000126", "5930", "30418", ], }, release_date: "2017-01-26T23:00:00.000+00:00", title: "CVE-2017-3730", }, { cve: "CVE-2017-3732", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in OpenSSL. Ein entfernter anonymer Angreifer kann einen Fehler in BN_mod_exp () ausnutzen, um unter bestimmten Umständen Informationen über den privaten Schlüssel zu erhalten.", }, ], product_status: { known_affected: [ "2951", "T002207", "4035", "T000126", "393635", "T004914", "T032354", ], }, release_date: "2017-01-26T23:00:00.000+00:00", title: "CVE-2017-3732", }, { cve: "CVE-2017-3731", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in OpenSSL. Ein entfernter anonymer Angreifer kann durch das Senden eines speziell bearbeiteten, verschlüsselten Datenpakets an ein betroffenes System einen Speicherfehler auslösen. In der Folge kann ein Denial of Service durch den Absturz des Dienstes verursacht werden.", }, ], product_status: { known_affected: [ "153340", "T009408", "67646", "4035", "T006613", "393635", "T006618", "T006617", "T004914", "T032354", "T002859", "73182", "2951", "T002207", "T000126", "5930", "T003290", "T007083", "T009383", "30418", ], }, release_date: "2017-01-26T23:00:00.000+00:00", title: "CVE-2017-3731", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.