This script is Copyright (C) 2015-2024 Tenable Network Security, Inc.OPENSSL_1_0_2A.NASLOpenSSL 1.0.2 < 1.0.2a Multiple Vulnerabilities
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
99.4%
The version of OpenSSL installed on the remote host is prior to 1.0.2a. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.2a advisory.
-
An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800. (CVE-2016-0704)
-
The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800. (CVE-2016-0703)
-
The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 before 1.0.2a, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote attackers to cause a denial of service (daemon crash) via a ClientKeyExchange message with a length of zero. (CVE-2015-1787)
-
The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message. (CVE-2015-0293)
-
The sigalgs implementation in t1_lib.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by using an invalid signature_algorithms extension in the ClientHello message during a renegotiation. (CVE-2015-0291)
-
The multi-block feature in the ssl3_write_bytes function in s3_pkt.c in OpenSSL 1.0.2 before 1.0.2a on 64-bit x86 platforms with AES NI support does not properly handle certain non-blocking I/O cases, which allows remote attackers to cause a denial of service (pointer corruption and application crash) via unspecified vectors. (CVE-2015-0290)
-
The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c. (CVE-2015-0289)
-
The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse. (CVE-2015-0287)
-
The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature. (CVE-2015-0286)
-
Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import.
(CVE-2015-0209) -
The ASN.1 signature-verification implementation in the rsa_item_verify function in crypto/rsa/rsa_ameth.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted RSA PSS parameters to an endpoint that uses the certificate-verification feature. (CVE-2015-0208)
-
The dtls1_listen function in d1_lib.c in OpenSSL 1.0.2 before 1.0.2a does not properly isolate the state information of independent data streams, which allows remote attackers to cause a denial of service (application crash) via crafted DTLS traffic, as demonstrated by DTLS 1.0 traffic to a DTLS 1.2 server.
(CVE-2015-0207) -
The ssl3_client_hello function in s3_clnt.c in OpenSSL 1.0.2 before 1.0.2a does not ensure that the PRNG is seeded before proceeding with a handshake, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and then conducting a brute-force attack.
(CVE-2015-0285) -
The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key. (CVE-2015-0288)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(82033);
script_version("1.19");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/07");
script_cve_id(
"CVE-2015-0207",
"CVE-2015-0208",
"CVE-2015-0209",
"CVE-2015-0285",
"CVE-2015-0286",
"CVE-2015-0287",
"CVE-2015-0288",
"CVE-2015-0289",
"CVE-2015-0290",
"CVE-2015-0291",
"CVE-2015-0293",
"CVE-2015-1787",
"CVE-2016-0703",
"CVE-2016-0704"
);
script_bugtraq_id(
73225,
73226,
73227,
73229,
73230,
73231,
73232,
73234,
73235,
73237,
73238,
73239
);
script_name(english:"OpenSSL 1.0.2 < 1.0.2a Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"The remote service is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of OpenSSL installed on the remote host is prior to 1.0.2a. It is, therefore, affected by multiple
vulnerabilities as referenced in the 1.0.2a advisory.
- An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2
implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before
1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for
remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a
related issue to CVE-2016-0800. (CVE-2016-0704)
- The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf,
1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY
CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to determine the
MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a
related issue to CVE-2016-0800. (CVE-2016-0703)
- The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 before 1.0.2a, when client
authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote attackers to cause a
denial of service (daemon crash) via a ClientKeyExchange message with a length of zero. (CVE-2015-1787)
- The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2
before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon
exit) via a crafted CLIENT-MASTER-KEY message. (CVE-2015-0293)
- The sigalgs implementation in t1_lib.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a
denial of service (NULL pointer dereference and daemon crash) by using an invalid signature_algorithms
extension in the ClientHello message during a renegotiation. (CVE-2015-0291)
- The multi-block feature in the ssl3_write_bytes function in s3_pkt.c in OpenSSL 1.0.2 before 1.0.2a on
64-bit x86 platforms with AES NI support does not properly handle certain non-blocking I/O cases, which
allows remote attackers to cause a denial of service (pointer corruption and application crash) via
unspecified vectors. (CVE-2015-0290)
- The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2
before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a
denial of service (NULL pointer dereference and application crash) by leveraging an application that
processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to
crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c. (CVE-2015-0289)
- The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r,
1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which
might allow attackers to cause a denial of service (invalid write operation and memory corruption) by
leveraging an application that relies on ASN.1 structure reuse. (CVE-2015-0287)
- The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1
before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows
remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted
X.509 certificate to an endpoint that uses the certificate-verification feature. (CVE-2015-0286)
- Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before
0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to
cause a denial of service (memory corruption and application crash) or possibly have unspecified other
impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import.
(CVE-2015-0209)
- The ASN.1 signature-verification implementation in the rsa_item_verify function in crypto/rsa/rsa_ameth.c
in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer
dereference and application crash) via crafted RSA PSS parameters to an endpoint that uses the
certificate-verification feature. (CVE-2015-0208)
- The dtls1_listen function in d1_lib.c in OpenSSL 1.0.2 before 1.0.2a does not properly isolate the state
information of independent data streams, which allows remote attackers to cause a denial of service
(application crash) via crafted DTLS traffic, as demonstrated by DTLS 1.0 traffic to a DTLS 1.2 server.
(CVE-2015-0207)
- The ssl3_client_hello function in s3_clnt.c in OpenSSL 1.0.2 before 1.0.2a does not ensure that the PRNG
is seeded before proceeding with a handshake, which makes it easier for remote attackers to defeat
cryptographic protection mechanisms by sniffing the network and then conducting a brute-force attack.
(CVE-2015-0285)
- The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r,
1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL
pointer dereference and application crash) via an invalid certificate key. (CVE-2015-0288)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://www.cve.org/CVERecord?id=CVE-2015-0207");
script_set_attribute(attribute:"see_also", value:"https://www.cve.org/CVERecord?id=CVE-2015-0208");
script_set_attribute(attribute:"see_also", value:"https://www.cve.org/CVERecord?id=CVE-2015-0209");
script_set_attribute(attribute:"see_also", value:"https://www.cve.org/CVERecord?id=CVE-2015-0285");
script_set_attribute(attribute:"see_also", value:"https://www.cve.org/CVERecord?id=CVE-2015-0286");
script_set_attribute(attribute:"see_also", value:"https://www.cve.org/CVERecord?id=CVE-2015-0287");
script_set_attribute(attribute:"see_also", value:"https://www.cve.org/CVERecord?id=CVE-2015-0288");
script_set_attribute(attribute:"see_also", value:"https://www.cve.org/CVERecord?id=CVE-2015-0289");
script_set_attribute(attribute:"see_also", value:"https://www.cve.org/CVERecord?id=CVE-2015-0290");
script_set_attribute(attribute:"see_also", value:"https://www.cve.org/CVERecord?id=CVE-2015-0291");
script_set_attribute(attribute:"see_also", value:"https://www.cve.org/CVERecord?id=CVE-2015-0293");
script_set_attribute(attribute:"see_also", value:"https://www.cve.org/CVERecord?id=CVE-2015-1787");
script_set_attribute(attribute:"see_also", value:"https://www.cve.org/CVERecord?id=CVE-2016-0703");
script_set_attribute(attribute:"see_also", value:"https://www.cve.org/CVERecord?id=CVE-2016-0704");
script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20150319.txt");
script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20160301.txt");
script_set_attribute(attribute:"solution", value:
"Upgrade to OpenSSL version 1.0.2a or later.");
script_set_attribute(attribute:"agent", value:"all");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-0209");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2016-0704");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/03/19");
script_set_attribute(attribute:"patch_publication_date", value:"2015/03/19");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/24");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/a:openssl:openssl");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Web Servers");
script_copyright(english:"This script is Copyright (C) 2015-2024 Tenable Network Security, Inc.");
script_dependencies("openssl_version.nasl", "openssl_nix_installed.nbin", "openssl_win_installed.nbin");
script_require_keys("installed_sw/OpenSSL");
exit(0);
}
include('vcf.inc');
include('vcf_extras_openssl.inc');
var app_info = vcf::combined_get_app_info(app:'OpenSSL');
vcf::check_all_backporting(app_info:app_info);
var constraints = [
{ 'min_version' : '1.0.2', 'fixed_version' : '1.0.2a' }
];
vcf::openssl::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_WARNING
);
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0207
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0208
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0285
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0290
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0291
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1787
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0703
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0704
www.cve.org/CVERecord?id=CVE-2015-0207
www.cve.org/CVERecord?id=CVE-2015-0208
www.cve.org/CVERecord?id=CVE-2015-0209
www.cve.org/CVERecord?id=CVE-2015-0285
www.cve.org/CVERecord?id=CVE-2015-0286
www.cve.org/CVERecord?id=CVE-2015-0287
www.cve.org/CVERecord?id=CVE-2015-0288
www.cve.org/CVERecord?id=CVE-2015-0289
www.cve.org/CVERecord?id=CVE-2015-0290
www.cve.org/CVERecord?id=CVE-2015-0291
www.cve.org/CVERecord?id=CVE-2015-0293
www.cve.org/CVERecord?id=CVE-2015-1787
www.cve.org/CVERecord?id=CVE-2016-0703
www.cve.org/CVERecord?id=CVE-2016-0704
www.openssl.org/news/secadv/20150319.txt
www.openssl.org/news/secadv/20160301.txt
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
99.4%