Lucene search
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2014-509.NASLHistoryAug 22, 2014 - 12:00 a.m.
openSUSE Security Update : openssl (openSUSE-SU-2014:1052-1)
2014-08-2200:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
31
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.928 High
EPSS
Percentile
99.0%
This openssl update fixes the following security issues :
-
openssl 1.0.1i
-
Information leak in pretty printing functions (CVE-2014-3508)
-
Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139)
-
Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509)
-
Double Free when processing DTLS packets (CVE-2014-3505)
-
DTLS memory exhaustion (CVE-2014-3506)
-
DTLS memory leak from zero-length fragments (CVE-2014-3507)
-
OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)
-
OpenSSL TLS protocol downgrade attack (CVE-2014-3511)
-
SRP buffer overrun (CVE-2014-3512)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2014-509.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(77317);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2014-3505", "CVE-2014-3506", "CVE-2014-3507", "CVE-2014-3508", "CVE-2014-3509", "CVE-2014-3510", "CVE-2014-3511", "CVE-2014-3512", "CVE-2014-5139");
script_name(english:"openSUSE Security Update : openssl (openSUSE-SU-2014:1052-1)");
script_summary(english:"Check for the openSUSE-2014-509 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"This openssl update fixes the following security issues :
- openssl 1.0.1i
- Information leak in pretty printing functions
(CVE-2014-3508)
- Crash with SRP ciphersuite in Server Hello message
(CVE-2014-5139)
- Race condition in ssl_parse_serverhello_tlsext
(CVE-2014-3509)
- Double Free when processing DTLS packets (CVE-2014-3505)
- DTLS memory exhaustion (CVE-2014-3506)
- DTLS memory leak from zero-length fragments
(CVE-2014-3507)
- OpenSSL DTLS anonymous EC(DH) denial of service
(CVE-2014-3510)
- OpenSSL TLS protocol downgrade attack (CVE-2014-3511)
- SRP buffer overrun (CVE-2014-3512)"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=890764"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=890765"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=890766"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=890767"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=890768"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=890769"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=890770"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=890771"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=890772"
);
script_set_attribute(
attribute:"see_also",
value:"https://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected openssl packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl-devel-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl1_0_0");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openssl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openssl-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openssl-debugsource");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
script_set_attribute(attribute:"patch_publication_date", value:"2014/08/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/22");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE12\.3|SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.3 / 13.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE12.3", reference:"libopenssl-devel-1.0.1i-1.64.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"libopenssl1_0_0-1.0.1i-1.64.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"libopenssl1_0_0-debuginfo-1.0.1i-1.64.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"openssl-1.0.1i-1.64.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"openssl-debuginfo-1.0.1i-1.64.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"openssl-debugsource-1.0.1i-1.64.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libopenssl-devel-32bit-1.0.1i-1.64.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libopenssl1_0_0-32bit-1.0.1i-1.64.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libopenssl1_0_0-debuginfo-32bit-1.0.1i-1.64.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"libopenssl-devel-1.0.1i-11.52.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"libopenssl1_0_0-1.0.1i-11.52.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"libopenssl1_0_0-debuginfo-1.0.1i-11.52.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"openssl-1.0.1i-11.52.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"openssl-debuginfo-1.0.1i-11.52.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"openssl-debugsource-1.0.1i-11.52.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libopenssl-devel-32bit-1.0.1i-11.52.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libopenssl1_0_0-32bit-1.0.1i-11.52.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libopenssl1_0_0-debuginfo-32bit-1.0.1i-11.52.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libopenssl-devel / libopenssl-devel-32bit / libopenssl1_0_0 / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | opensuse | libopenssl-devel | p-cpe:/a:novell:opensuse:libopenssl-devel |
| novell | opensuse | libopenssl-devel-32bit | p-cpe:/a:novell:opensuse:libopenssl-devel-32bit |
| novell | opensuse | libopenssl1_0_0 | p-cpe:/a:novell:opensuse:libopenssl1_0_0 |
| novell | opensuse | libopenssl1_0_0-32bit | p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit |
| novell | opensuse | libopenssl1_0_0-debuginfo | p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo |
| novell | opensuse | libopenssl1_0_0-debuginfo-32bit | p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit |
| novell | opensuse | openssl | p-cpe:/a:novell:opensuse:openssl |
| novell | opensuse | openssl-debuginfo | p-cpe:/a:novell:opensuse:openssl-debuginfo |
| novell | opensuse | openssl-debugsource | p-cpe:/a:novell:opensuse:openssl-debugsource |
| novell | opensuse | 12.3 | cpe:/o:novell:opensuse:12.3 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3512
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5139
bugzilla.novell.com/show_bug.cgi?id=890764
bugzilla.novell.com/show_bug.cgi?id=890765
bugzilla.novell.com/show_bug.cgi?id=890766
bugzilla.novell.com/show_bug.cgi?id=890767
bugzilla.novell.com/show_bug.cgi?id=890768
bugzilla.novell.com/show_bug.cgi?id=890769
bugzilla.novell.com/show_bug.cgi?id=890770
bugzilla.novell.com/show_bug.cgi?id=890771
bugzilla.novell.com/show_bug.cgi?id=890772
lists.opensuse.org/opensuse-updates/2014-08/msg00036.html
Related
nessus
nessus
OpenSSL 1.0.1 < 1.0.1i Multiple Vulnerabilities
2014-08-08 00:00:00
Ubuntu 14.04 LTS : OpenSSL vulnerabilities (USN-2308-1)
2014-08-08 00:00:00
pfSense < 2.1.5 Multiple Vulnerabilities ( SA-14_14 )
2018-03-21 00:00:00
ibm
ibm
openvas
openvas
Mageia: Security Advisory (MGASA-2014-0325)
2022-01-28 00:00:00
Debian Security Advisory DSA 2998-1 (openssl - security update)
2014-08-07 00:00:00
Slackware: Security Advisory (SSA:2014-220-01)
2022-04-21 00:00:00
huawei
huawei
Security Advisory-9 OpenSSL vulnerabilities on Huawei products
2014-10-08 00:00:00
ubuntu
ubuntu
OpenSSL vulnerabilities
2014-08-07 00:00:00
slackware
slackware
[slackware-security] openssl
2014-08-08 21:22:00
freebsd
freebsd
OpenSSL -- multiple vulnerabilities
2014-08-06 00:00:00
aix
aix
AIX OpenSSL Denial of Service due to double free and others
2014-09-09 00:50:00
mageia
mageia
Updated openssl packages fix security vulnerabilities
2014-08-12 13:16:46
amazon
amazon
Medium: openssl
2014-08-07 12:26:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-14:18.openssl
2014-09-09 00:00:00
debian
debian
[SECURITY] [DSA 2998-1] openssl security update
2014-08-06 23:44:13
[DLA 33-1] openssl security update
2014-08-07 20:36:09
osv
osv
openssl - security update
2014-08-07 00:00:00
kaspersky
kaspersky
KLA10343 Multiple vulnerabilities in Stunnel
2014-08-07 00:00:00
securityvulns
securityvulns
OpenSSL multiple security vulnerabilities
2014-08-07 00:00:00
redhat
redhat
(RHSA-2014:1052) Moderate: openssl security update
2014-08-13 00:00:00
(RHSA-2014:1054) Moderate: openssl security update
2014-08-14 00:00:00
(RHSA-2014:1053) Moderate: openssl security update
2014-08-13 00:00:00
oraclelinux
oraclelinux
openssl security update
2014-08-13 00:00:00
openssl security update
2014-08-13 00:00:00
openssl security update
2014-10-16 00:00:00
centos
centos
openssl security update
2014-08-13 20:10:43
openssl security update
2014-08-13 19:52:24
altlinux
altlinux
Security fix for the ALT Linux 8 package openssl10 version 1.0.1j-alt1
2014-10-30 00:00:00
Security fix for the ALT Linux 9 package openssl10 version 1.0.1j-alt1
2014-10-30 00:00:00
f5
f5
K15573 : OpenSSL DTLS vulnerabilities CVE-2014-3505, CVE-2014-3506, and CVE-2014-3507
2015-09-15 00:00:00
SOL15573 - OpenSSL DTLS vulnerabilities CVE-2014-3505, CVE-2014-3506, and CVE-2014-3507
2014-09-05 00:00:00
K15567 : OpenSSL vulnerability CVE-2014-5139
2014-09-05 00:00:00
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2014-12-26 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: mingw-openssl-1.0.1j-1.fc21
2015-01-02 05:06:53
[SECURITY] Fedora 20 Update: openssl-1.0.1e-39.fc20
2014-08-09 07:36:05
[SECURITY] Fedora 19 Update: openssl-1.0.1e-39.fc19
2014-08-09 07:34:58
prion
prion
Buffer overflow
2014-08-13 23:55:00
Null pointer dereference
2014-08-13 23:55:00
Double free
2014-08-13 23:55:00
cve
cve
checkpoint_advisories
checkpoint_advisories
OpenSSL TLS Missing SRP Extension Denial of Service (CVE-2014-5139)
2015-01-27 00:00:00
OpenSSL Multiple Invalid SRP Parameters Buffer Overflow (CVE-2014-3512)
2014-12-25 00:00:00
OpenSSL dtls1_process_out_of_seq_message Denial of Service (CVE-2014-3507)
2014-10-07 00:00:00
ubuntucve
ubuntucve
veracode
veracode
Denial Of Service (DoS) Through Null Pointer Dereference
2017-02-06 05:58:10
Denial Of Service (DoS)
2017-02-07 00:49:39
Denial Of Service (DoS)
2019-01-15 08:59:12
cvelist
cvelist
debiancve
debiancve
openssl
openssl
Vulnerability in OpenSSL CVE-2014-3512
2014-08-06 00:00:00
Vulnerability in OpenSSL CVE-2014-3505
2014-08-06 00:00:00
Vulnerability in OpenSSL CVE-2014-5139
2014-08-06 00:00:00
nvd
nvd
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.928 High
EPSS
Percentile
99.0%
Related for OPENSUSE-2014-509.NASL