Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.HP_VERSION_CONTROL_REPO_MANAGER_7_5_0_0.NASL
HistorySep 04, 2015 - 12:00 a.m.

HP Version Control Repository Manager < 7.5.0 Multiple Vulnerabilities (HPSBMU03396) (FREAK)

2015-09-0400:00:00
This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
www.tenable.com
31

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:P/A:C

EPSS

0.949

Percentile

99.3%

JSON

The version of HP Version Control Repository Manager (VCRM) installed on the remote Windows host is prior to 7.5.0. It is, therefore, affected by multiple vulnerabilities :

  • A NULL pointer dereference flaw exists when the SSLv3 option isn’t enabled and an SSLv3 ClientHello is received. This allows a remote attacker, using an unexpected handshake, to crash the daemon, resulting in a denial of service. (CVE-2014-3569)

  • The BIGNUM squaring (BN_sqr) implementation does not properly calculate the square of a BIGNUM value. This allows remote attackers to defeat cryptographic protection mechanisms. (CVE-2014-3570)

  • A NULL pointer dereference flaw exists in the dtls1_get_record() function when handling DTLS messages.
    A remote attacker, using a specially crafted DTLS message, can cause a denial of service. (CVE-2014-3571)

  • A flaw exists with ECDH handshakes when using an ECDSA certificate without a ServerKeyExchange message. This allows a remote attacker to trigger a loss of forward secrecy from the ciphersuite. (CVE-2014-3572)

  • A flaw exists when accepting non-DER variations of certificate signature algorithms and signature encodings due to a lack of enforcement of matches between signed and unsigned portions. A remote attacker, by including crafted data within a certificate’s unsigned portion, can bypass fingerprint-based certificate-blacklist protection mechanisms. (CVE-2014-8275)

  • A security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), exists due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic. (CVE-2015-0204)

  • A flaw exists when accepting DH certificates for client authentication without the CertificateVerify message.
    This allows a remote attacker to authenticate to the service without a private key. (CVE-2015-0205)

  • A memory leak occurs in dtls1_buffer_record() when handling a saturation of DTLS records containing the same number sequence but for the next epoch. This allows a remote attacker to cause a denial of service.
    (CVE-2015-0206)

  • An unspecified buffer overflow condition exists in VCRM due to improper validation of user-supplied input. A remote, authenticated attacker can exploit this to cause a denial of service or execute arbitrary code.
    (CVE-2015-5409)

  • An unspecified flaw exists in VCRM that allows a remote, authenticated attacker to modify values without proper authorization, gain unspecified access, cause a denial of service, or execute arbitrary code. (CVE-2015-5410)

  • An unspecified flaw exists in VCRM that allows a remote, authenticated attacker to gain access to sensitive information. (CVE-2015-5411, CVE-2015-5413)

  • A flaw exists in VCRM when handling certain sensitive actions due to HTTP requests not requiring multiple steps, explicit confirmation, or a unique token. A remote, authenticated attacker can exploit this to conduct a cross-site request forgery attack via a specially crafted link. (CVE-2015-5412)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(85802);
  script_version("1.8");
  script_cvs_date("Date: 2018/11/15 20:50:27");

  script_cve_id(
    "CVE-2014-3569",
    "CVE-2014-3570",
    "CVE-2014-3571",
    "CVE-2014-3572",
    "CVE-2014-8275",
    "CVE-2015-0204",
    "CVE-2015-0205",
    "CVE-2015-0206",
    "CVE-2015-5409",
    "CVE-2015-5410",
    "CVE-2015-5411",
    "CVE-2015-5412",
    "CVE-2015-5413"
  );
  script_bugtraq_id(
    71941,
    71942,
    71936,
    71939,
    71940,
    71934,
    71935,
    71937
  );
  script_xref(name:"CERT", value:"243585");
  script_xref(name:"HP", value:"emr_na-c04765115");
  script_xref(name:"HP", value:"HPSBMU03396");

  script_name(english:"HP Version Control Repository Manager < 7.5.0 Multiple Vulnerabilities (HPSBMU03396) (FREAK)");
  script_summary(english:"Checks the version of HP VCRM.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host has an application installed that is affected
by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of HP Version Control Repository Manager (VCRM) installed
on the remote Windows host is prior to 7.5.0. It is, therefore,
affected by multiple vulnerabilities :

  - A NULL pointer dereference flaw exists when the SSLv3
    option isn't enabled and an SSLv3 ClientHello is
    received. This allows a remote attacker, using an
    unexpected handshake, to crash the daemon, resulting in
    a denial of service. (CVE-2014-3569)

  - The BIGNUM squaring (BN_sqr) implementation does not
    properly calculate the square of a BIGNUM value. This
    allows remote attackers to defeat cryptographic
    protection mechanisms. (CVE-2014-3570)

  - A NULL pointer dereference flaw exists in the
    dtls1_get_record() function when handling DTLS messages.
    A remote attacker, using a specially crafted DTLS
    message, can cause a denial of service. (CVE-2014-3571)

  - A flaw exists with ECDH handshakes when using an ECDSA
    certificate without a ServerKeyExchange message. This
    allows a remote attacker to trigger a loss of forward
    secrecy from the ciphersuite. (CVE-2014-3572)

  - A flaw exists when accepting non-DER variations of
    certificate signature algorithms and signature encodings
    due to a lack of enforcement of matches between signed
    and unsigned portions. A remote attacker, by including
    crafted data within a certificate's unsigned portion,
    can bypass fingerprint-based certificate-blacklist
    protection mechanisms. (CVE-2014-8275)

  - A security feature bypass vulnerability, known as FREAK
    (Factoring attack on RSA-EXPORT Keys), exists due to the
    support of weak EXPORT_RSA cipher suites with keys less
    than or equal to 512 bits. A man-in-the-middle attacker
    may be able to downgrade the SSL/TLS connection to use
    EXPORT_RSA cipher suites which can be factored in a
    short amount of time, allowing the attacker to intercept
    and decrypt the traffic. (CVE-2015-0204)

  - A flaw exists when accepting DH certificates for client
    authentication without the CertificateVerify message.
    This allows a remote attacker to authenticate to the
    service without a private key. (CVE-2015-0205)

  - A memory leak occurs in dtls1_buffer_record() when
    handling a saturation of DTLS records containing the
    same number sequence but for the next epoch. This allows
    a remote attacker to cause a denial of service.
    (CVE-2015-0206)

  - An unspecified buffer overflow condition exists in VCRM
    due to improper validation of user-supplied input. A
    remote, authenticated attacker can exploit this to cause
    a denial of service or execute arbitrary code.
    (CVE-2015-5409)

  - An unspecified flaw exists in VCRM that allows a remote,
    authenticated attacker to modify values without proper
    authorization, gain unspecified access, cause a denial of
    service, or execute arbitrary code. (CVE-2015-5410)

  - An unspecified flaw exists in VCRM that allows a remote,
    authenticated attacker to gain access to sensitive
    information. (CVE-2015-5411, CVE-2015-5413)

  - A flaw exists in VCRM when handling certain sensitive
    actions due to HTTP requests not requiring multiple
    steps, explicit confirmation, or a unique token. A
    remote, authenticated attacker can exploit this to
    conduct a cross-site request forgery attack via a
    specially crafted link. (CVE-2015-5412)");
  # https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765115
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1b9cb578");
  script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20150108.txt");
  script_set_attribute(attribute:"see_also", value:"https://www.smacktls.com/#freak");
  script_set_attribute(attribute:"solution", value:
"Upgrade to HP Version Control Repository Manager 7.5.0 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/10/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/08/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/09/04");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:hp:version_control_repository_manager");
  script_set_attribute(attribute:"in_the_news", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.");

  script_dependencies("hp_version_control_repo_manager_installed.nbin");
  script_require_keys("installed_sw/HP Version Control Repository Manager");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("install_func.inc");

appname = "HP Version Control Repository Manager";
install = get_single_install(app_name:appname, exit_if_unknown_ver:TRUE);
version = install['version'];
path = install['path'];

if (ver_compare(ver:version, fix:'7.5.0.0', strict:FALSE) < 0)
{
  port = get_kb_item("SMB/transport");
  if (!port) port = 445;

  if (report_verbosity > 0)
  {
    report =
      '\n  Path              : ' + path +
      '\n  Installed version : ' + version +
      '\n  Fixed version     : 7.5.0.0' +
      '\n';
    security_hole(port:port, extra:report);
  }
  else security_hole(port);
  exit(0);
}
else audit(AUDIT_INST_PATH_NOT_VULN, appname, version, path);

Related

securityvulns 5
nessus 42
openvas 28
suse 2
altlinux 6
ibm 57
debian 3
archlinux 1
freebsd_advisory 1
freebsd 1
cisco 1
osv 2
ubuntu 1
slackware 1
kaspersky 1
redhat 1
aix 1
oraclelinux 6
centos 1
amazon 1
mageia 1
fedora 1
nvd 7
cvelist 6
prion 6
cve 6
f5 2
ubuntucve 1
debiancve 1
checkpoint_advisories 2
openssl 2
veracode 2
securityvulns
securityvulns
HP Version Control Repository Manager multiple security vulnerabilities
2015-09-14 00:00:00
[security bulletin] HPSBMU03396 rev.1 - HP Version Control Repository Manager &#40;VCRM&#41; on Windows and Linux, Multiple Vulnerabilities
2015-09-14 00:00:00
[USN-2459-1] OpenSSL vulnerabilities
2015-01-13 00:00:00
nessus
nessus
HP Version Control Repository Manager for Linux < 7.5.0 Multiple Vulnerabilities (HPSBMU03396) (FREAK)
2015-09-04 00:00:00
Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : openssl (SSA:2015-009-01) (FREAK)
2015-01-12 00:00:00
McAfee Firewall Enterprise OpenSSL Multiple Vulnerabilities (SB10102) (FREAK)
2015-03-13 00:00:00
openvas
openvas
Debian Security Advisory DSA 3125-1 (openssl - security update)
2015-01-11 00:00:00
Debian: Security Advisory (DSA-3125-1)
2015-01-10 00:00:00
Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
2016-05-10 00:00:00
suse
suse
Security update for openssl (important)
2015-01-23 20:05:13
Security update for libressl (important)
2015-07-22 15:08:14
altlinux
altlinux
Security fix for the ALT Linux 8 package openssl10 version 1.0.1k-alt1
2015-01-12 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.1k-alt1
2015-01-12 00:00:00
Security fix for the ALT Linux 6 package openssl10 version 1.0.0p-alt0.M60P.1
2015-04-23 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru Firmware and QLogic 8Gb FC Switch Module Firmware
2019-01-31 02:25:02
Security Bulletin: Vulnerabilities in OpenSSL affect MegaRAID Storage Manager
2019-01-31 02:25:02
Security Bulletin: January 2015 OpenSSL security vulnerabilities in Multiple IBM N Series Products
2021-12-15 18:04:22
debian
debian
[SECURITY] [DSA 3125-1] openssl security update
2015-01-11 11:05:13
[SECURITY] [DSA 3125-1] openssl security update
2015-01-11 11:05:13
[SECURITY] [DLA 132-1] openssl security update
2015-01-11 13:16:17
archlinux
archlinux
openssl: multiple issues
2015-01-09 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-15:01.openssl
2015-01-14 00:00:00
freebsd
freebsd
OpenSSL -- multiple vulnerabilities
2015-01-08 00:00:00
cisco
cisco
Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
2015-03-10 16:00:00
osv
osv
openssl - security update
2015-01-11 00:00:00
openssl - security update
2015-01-11 00:00:00
ubuntu
ubuntu
OpenSSL vulnerabilities
2015-01-12 00:00:00
slackware
slackware
[slackware-security] openssl
2015-01-09 18:34:39
kaspersky
kaspersky
KLA10460 Multiple vulnerabilities in OpenSSL
2015-01-08 00:00:00
redhat
redhat
(RHSA-2015:0066) Moderate: openssl security update
2015-01-20 00:00:00
aix
aix
Multiple Security vulnerabilities in AIX OpenSSL
2015-02-04 06:24:41
oraclelinux
oraclelinux
openssl security update
2015-01-20 00:00:00
openssl security update
2015-02-26 00:00:00
openssl security update
2015-12-14 00:00:00
centos
centos
openssl security update
2015-01-20 21:00:39
amazon
amazon
Medium: openssl
2015-01-11 12:36:00
mageia
mageia
Updated openssl packages fix security vulnerabilities
2015-01-11 22:54:28
fedora
fedora
[SECURITY] Fedora 21 Update: openssl-1.0.1k-1.fc21
2015-01-13 00:02:20
nvd
nvd
CVE-2015-5411
2015-08-26 18:59:02
CVE-2015-5409
2015-08-26 18:59:00
CVE-2015-5413
2015-08-26 18:59:05
cvelist
cvelist
CVE-2015-5409
2015-08-26 18:00:00
CVE-2015-5411
2015-08-26 18:00:00
CVE-2015-5413
2015-08-26 18:00:00
prion
prion
Design/Logic Flaw
2015-08-26 18:59:00
Buffer overflow
2015-08-26 18:59:00
Design/Logic Flaw
2015-08-26 18:59:00
cve
cve
CVE-2015-5411
2015-08-26 18:59:02
CVE-2015-5409
2015-08-26 18:59:00
CVE-2015-5413
2015-08-26 18:59:05
f5
f5
SOL16136 - OpenSSL vulnerability CVE-2014-8275
2015-02-12 00:00:00
K16136 : OpenSSL vulnerability CVE-2014-8275
2015-09-18 00:00:00
ubuntucve
ubuntucve
CVE-2014-8275
2015-01-08 00:00:00
debiancve
debiancve
CVE-2014-8275
2015-01-09 02:59:09
checkpoint_advisories
checkpoint_advisories
OpenSSL ssl23_get_client_hello Function Denial of Service (CVE-2014-3569)
2015-01-12 00:00:00
OpenSSL DTLS dtls1_buffer_record Denial of Service (CVE-2015-0206)
2015-01-19 00:00:00
openssl
openssl
Vulnerability in OpenSSL - no-ssl3 configuration sets method to NULL
2014-10-21 00:00:00
Vulnerability in OpenSSL - Certificate fingerprints can be modified
2015-01-05 00:00:00
veracode
veracode
Protection Mechanism Bypass
2019-01-15 09:05:35
Protection Mechanism Bypass
2017-02-06 02:21:32

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:P/A:C

EPSS

0.949

Percentile

99.3%

JSON
Related for HP_VERSION_CONTROL_REPO_MANAGER_7_5_0_0.NASL
securityvulns5nessus42openvas28suse2altlinux6ibm57debian3archlinux1freebsd_advisory1freebsd1cisco1osv2ubuntu1slackware1kaspersky1redhat1aix1oraclelinux6centos1amazon1mageia1fedora1nvd7cvelist6prion6cve6f52ubuntucve1debiancve1checkpoint_advisories2openssl2veracode2