Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.AL2_ALAS-2023-2226.NASL
HistorySep 08, 2023 - 12:00 a.m.

Amazon Linux 2 : openssl11 (ALAS-2023-2226)

2023-09-0800:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
4
openssl11
excessively long dh keys
vulnerabilities
denial of service
alas-2023-2226 advisory
vulnerable applications

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

0.003 Low

EPSS

Percentile

65.6%

JSON

The version of openssl11 installed on the remote host is prior to 1.1.1g-12. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2226 advisory.

  • Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary:
    Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus (‘p’ parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulernable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the ‘-check’ option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. (CVE-2023-3446)

  • Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary:
    Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check().
    Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the -check option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. (CVE-2023-3817)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2 Security Advisory ALAS-2023-2226.
##

include('compat.inc');

if (description)
{
  script_id(181169);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/09/15");

  script_cve_id("CVE-2023-3446", "CVE-2023-3817");
  script_xref(name:"IAVA", value:"2023-A-0398-S");

  script_name(english:"Amazon Linux 2 : openssl11 (ALAS-2023-2226)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2 host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The version of openssl11 installed on the remote host is prior to 1.1.1g-12. It is, therefore, affected by multiple
vulnerabilities as referenced in the ALAS2-2023-2226 advisory.

  - Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary:
    Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key
    or DH parameters may experience long delays. Where the key or parameters that are being checked have been
    obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs
    various checks on DH parameters. One of those checks confirms that the modulus ('p' parameter) is not too
    large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is
    over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or
    parameters that have been supplied. Some of those checks use the supplied modulus value even if it has
    already been found to be too large. An application that calls DH_check() and supplies a key or parameters
    obtained from an untrusted source could be vulernable to a Denial of Service attack. The function
    DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those
    other functions may similarly be affected. The other functions affected by this are DH_check_ex() and
    EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications
    when using the '-check' option. The OpenSSL SSL/TLS implementation is not affected by this issue. The
    OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. (CVE-2023-3446)

  - Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary:
    Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key
    or DH parameters may experience long delays. Where the key or parameters that are being checked have been
    obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs
    various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter
    value can also trigger an overly long computation during some of these checks. A correct q value, if
    present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if
    q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an
    untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself
    called by a number of other OpenSSL functions. An application calling any of those other functions may
    similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check().
    Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the -check
    option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS
    providers are not affected by this issue. (CVE-2023-3817)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2/ALAS-2023-2226.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2023-3446.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2023-3817.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/faqs.html");
  script_set_attribute(attribute:"solution", value:
"Run 'yum update openssl11' to update your system.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-3817");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/07/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/08/31");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/09/08");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl11");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl11-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl11-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl11-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl11-static");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Amazon Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var alas_release = get_kb_item("Host/AmazonLinux/release");
if (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, "Amazon Linux");
var os_ver = pregmatch(pattern: "^AL(A|\d+|-\d+)", string:alas_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "2")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var pkgs = [
    {'reference':'openssl11-1.1.1g-12.amzn2.0.16', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'openssl11-1.1.1g-12.amzn2.0.16', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'openssl11-1.1.1g-12.amzn2.0.16', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'openssl11-debuginfo-1.1.1g-12.amzn2.0.16', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'openssl11-debuginfo-1.1.1g-12.amzn2.0.16', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'openssl11-debuginfo-1.1.1g-12.amzn2.0.16', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'openssl11-devel-1.1.1g-12.amzn2.0.16', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'openssl11-devel-1.1.1g-12.amzn2.0.16', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'openssl11-devel-1.1.1g-12.amzn2.0.16', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'openssl11-libs-1.1.1g-12.amzn2.0.16', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'openssl11-libs-1.1.1g-12.amzn2.0.16', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'openssl11-libs-1.1.1g-12.amzn2.0.16', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'openssl11-static-1.1.1g-12.amzn2.0.16', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'openssl11-static-1.1.1g-12.amzn2.0.16', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'openssl11-static-1.1.1g-12.amzn2.0.16', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl11 / openssl11-debuginfo / openssl11-devel / etc");
}
VendorProductVersionCPE
amazonlinuxopenssl11p-cpe:/a:amazon:linux:openssl11
amazonlinuxopenssl11-debuginfop-cpe:/a:amazon:linux:openssl11-debuginfo
amazonlinuxopenssl11-develp-cpe:/a:amazon:linux:openssl11-devel
amazonlinuxopenssl11-staticp-cpe:/a:amazon:linux:openssl11-static
amazonlinux2cpe:/o:amazon:linux:2
amazonlinuxopenssl11-libsp-cpe:/a:amazon:linux:openssl11-libs

Related

nessus 89
amazon 4
ubuntu 4
openvas 58
osv 9
slackware 1
cvelist 1
broadcom 2
debiancve 1
nvd 2
f5 1
redos 1
debian 1
alpinelinux 2
cve 1
ibm 3
ubuntucve 1
prion 1
redhat 3
mageia 2
oraclelinux 3
almalinux 1
cloudfoundry 1
openssl 1
veracode 1
cgr 1
cbl_mariner 3
freebsd 1
nessus
nessus
FreeBSD : OpenSSL -- Excessive time spent checking DH q parameter value (bad6588e-2fe0-11ee-a0d1-84a93843eb75)
2023-07-31 00:00:00
SUSE SLES12 Security Update : openssl-1_0_0 (SUSE-SU-2023:3308-1)
2023-08-15 00:00:00
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openssl-3 (SUSE-SU-2023:3244-1)
2023-08-09 00:00:00
amazon
amazon
Medium: edk2
2023-08-17 11:58:00
Medium: openssl
2023-09-27 22:15:00
Medium: openssl11
2023-08-31 22:28:00
ubuntu
ubuntu
OpenSSL vulnerabilities
2023-10-18 00:00:00
OpenSSL vulnerabilities
2023-10-25 00:00:00
OpenSSL vulnerabilities
2023-10-24 00:00:00
openvas
openvas
Slackware: Security Advisory (SSA:2023-213-01)
2023-08-03 00:00:00
Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2023-3021)
2023-10-31 00:00:00
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2023-2883)
2023-10-09 00:00:00
osv
osv
openssl vulnerabilities
2023-10-25 12:40:20
openssl vulnerabilities
2023-10-18 19:51:24
CVE-2023-3817
2023-07-31 16:15:10
slackware
slackware
[slackware-security] openssl
2023-08-02 17:08:29
cvelist
cvelist
CVE-2023-3817 Excessive time spent checking DH q parameter value
2023-07-31 15:34:13
broadcom
broadcom
Excessive time spent checking DH q parameter value (CVE-2023-3817)
2024-04-16 00:00:00
Excessive time spent checking DH keys and parameters (CVE-2023-3446)
2024-04-16 00:00:00
debiancve
debiancve
CVE-2023-3817
2023-07-31 16:15:10
nvd
nvd
CVE-2023-3817
2023-07-31 16:15:10
CVE-2023-3446
2023-07-19 12:15:10
f5
f5
K000137969 : OpenSSL vulnerability CVE-2023-3817
2023-12-19 00:00:00
redos
redos
ROS-20230907-04
2023-09-07 00:00:00
debian
debian
[SECURITY] [DLA 3530-1] openssl security update
2023-08-16 05:56:34
alpinelinux
alpinelinux
CVE-2023-3817
2023-07-31 16:15:10
CVE-2023-3446
2023-07-19 12:15:10
cve
cve
CVE-2023-3817
2023-07-31 16:15:10
ibm
ibm
Security Bulletin: Due to the use of OpenSSL, IBM CICS TX Advanced is vulnerable to a denial of service (DOS) (CVE-2023-3817 and CVE-2023-3446).
2024-02-13 17:00:03
Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related to OpenSSL
2023-12-11 10:00:12
Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to OpenSSL. (CVE-2023-3446)
2023-12-12 09:08:17
ubuntucve
ubuntucve
CVE-2023-3817
2023-07-31 00:00:00
prion
prion
Design/Logic Flaw
2023-07-31 16:15:00
redhat
redhat
(RHSA-2024:0208) Low: openssl security update
2024-01-11 21:04:17
(RHSA-2024:0154) Low: openssl security update
2024-01-10 16:25:10
(RHSA-2023:7877) Low: openssl security update
2023-12-18 07:10:45
mageia
mageia
Updated openssl packages fix security vulnerability
2023-09-11 16:07:54
Updated quictls packages fix security vulnerabilities
2023-09-30 22:15:40
oraclelinux
oraclelinux
openssl security update
2023-12-18 00:00:00
openssl security update
2024-01-10 00:00:00
edk2 security update
2024-02-20 00:00:00
almalinux
almalinux
Low: openssl security update
2023-12-19 00:00:00
cloudfoundry
cloudfoundry
USN-6450-1: OpenSSL vulnerabilities | Cloud Foundry
2023-11-09 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2023-3446
2023-07-13 00:00:00
veracode
veracode
Denial Of Service (DoS)
2023-07-20 10:29:49
cgr
cgr
CVE-2023-3446 vulnerabilities
2024-05-19 03:07:16
cbl_mariner
cbl_mariner
CVE-2023-3817 affecting package hvloader for versions less than 1.0.1-3
2024-06-06 19:53:22
CVE-2023-3817 affecting package edk2 for versions less than 20230301gitf80f052277c8-37
2024-04-17 22:02:46
CVE-2023-3817 affecting package rust for versions less than 1.68.2-5
2024-07-09 03:08:39
freebsd
freebsd
OpenSSL -- Excessive time spent checking DH q parameter value
2023-07-31 00:00:00

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

0.003 Low

EPSS

Percentile

65.6%

JSON
Related for AL2_ALAS-2023-2226.NASL
nessus89amazon4ubuntu4openvas58osv9slackware1cvelist1broadcom2debiancve1nvd2f51redos1debian1alpinelinux2cve1ibm3ubuntucve1prion1redhat3mageia2oraclelinux3almalinux1cloudfoundry1openssl1veracode1cgr1cbl_mariner3freebsd1