Lucene search
This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2017-222.NASLHistoryFeb 09, 2017 - 12:00 a.m.
openSUSE Security Update : libressl (openSUSE-2017-222)
2017-02-0900:00:00
This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
31
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.0004 Low
EPSS
Percentile
10.1%
This update for libressl fixes the following issues :
- CVE-2016-7056: Difficult to execute cache timing attack that may have allowed a local user to recover the private part from ECDSA P-256 keys (boo#1019334)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2017-222.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(97076);
script_version("3.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2016-7056");
script_name(english:"openSUSE Security Update : libressl (openSUSE-2017-222)");
script_summary(english:"Check for the openSUSE-2017-222 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"This update for libressl fixes the following issues :
- CVE-2016-7056: Difficult to execute cache timing attack
that may have allowed a local user to recover the
private part from ECDSA P-256 keys (boo#1019334)"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1019334"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected libressl packages."
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libcrypto36");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libcrypto36-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libcrypto36-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libcrypto36-debuginfo-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libcrypto37");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libcrypto37-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libcrypto37-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libcrypto37-debuginfo-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libressl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libressl-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libressl-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libressl-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libressl-devel-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libssl37");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libssl37-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libssl37-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libssl37-debuginfo-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libssl38");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libssl38-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libssl38-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libssl38-debuginfo-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtls10");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtls10-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtls10-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtls10-debuginfo-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtls9");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtls9-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtls9-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtls9-debuginfo-32bit");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2");
script_set_attribute(attribute:"patch_publication_date", value:"2017/02/07");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/02/09");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.1|SUSE42\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.1 / 42.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE42.1", reference:"libcrypto36-2.3.0-10.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libcrypto36-debuginfo-2.3.0-10.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libressl-2.3.0-10.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libressl-debuginfo-2.3.0-10.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libressl-debugsource-2.3.0-10.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libressl-devel-2.3.0-10.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libssl37-2.3.0-10.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libssl37-debuginfo-2.3.0-10.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libtls9-2.3.0-10.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libtls9-debuginfo-2.3.0-10.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libcrypto36-32bit-2.3.0-10.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libcrypto36-debuginfo-32bit-2.3.0-10.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libressl-devel-32bit-2.3.0-10.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libssl37-32bit-2.3.0-10.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libssl37-debuginfo-32bit-2.3.0-10.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libtls9-32bit-2.3.0-10.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libtls9-debuginfo-32bit-2.3.0-10.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"libcrypto37-2.3.4-3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"libcrypto37-debuginfo-2.3.4-3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"libressl-2.3.4-3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"libressl-debuginfo-2.3.4-3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"libressl-debugsource-2.3.4-3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"libressl-devel-2.3.4-3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"libssl38-2.3.4-3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"libssl38-debuginfo-2.3.4-3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"libtls10-2.3.4-3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"libtls10-debuginfo-2.3.4-3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libcrypto37-32bit-2.3.4-3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libcrypto37-debuginfo-32bit-2.3.4-3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libressl-devel-32bit-2.3.4-3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libssl38-32bit-2.3.4-3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libssl38-debuginfo-32bit-2.3.4-3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libtls10-32bit-2.3.4-3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libtls10-debuginfo-32bit-2.3.4-3.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
else security_note(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libcrypto36 / libcrypto36-32bit / libcrypto36-debuginfo / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | opensuse | libcrypto36 | p-cpe:/a:novell:opensuse:libcrypto36 |
| novell | opensuse | libcrypto36-32bit | p-cpe:/a:novell:opensuse:libcrypto36-32bit |
| novell | opensuse | libcrypto36-debuginfo | p-cpe:/a:novell:opensuse:libcrypto36-debuginfo |
| novell | opensuse | libcrypto36-debuginfo-32bit | p-cpe:/a:novell:opensuse:libcrypto36-debuginfo-32bit |
| novell | opensuse | libcrypto37 | p-cpe:/a:novell:opensuse:libcrypto37 |
| novell | opensuse | libcrypto37-32bit | p-cpe:/a:novell:opensuse:libcrypto37-32bit |
| novell | opensuse | libcrypto37-debuginfo | p-cpe:/a:novell:opensuse:libcrypto37-debuginfo |
| novell | opensuse | libcrypto37-debuginfo-32bit | p-cpe:/a:novell:opensuse:libcrypto37-debuginfo-32bit |
| novell | opensuse | libressl | p-cpe:/a:novell:opensuse:libressl |
| novell | opensuse | libressl-debuginfo | p-cpe:/a:novell:opensuse:libressl-debuginfo |
Related
veracode
veracode
Cache-timing Attack
2017-01-25 02:53:57
openvas
openvas
OpenSSL: Information Disclosure Vulnerability (CVE-2016-7056) - Windows
2018-09-11 00:00:00
Apple Mac OS X Information Disclosure Vulnerability (HT207615)
2017-05-19 00:00:00
OpenSSL: Information Disclosure Vulnerability (CVE-2016-7056) - Linux
2018-09-11 00:00:00
osv
osv
CVE-2016-7056
2018-09-10 16:29:00
openssl - security update
2017-01-27 00:00:00
openssl - security update
2017-02-01 00:00:00
redhatcve
redhatcve
CVE-2016-7056
2019-10-09 15:49:25
f5
f5
K32743437 : OpenSSL vulnerability CVE-2016-7056
2017-01-31 00:00:00
nvd
nvd
CVE-2016-7056
2018-09-10 16:29:00
debiancve
debiancve
CVE-2016-7056
2018-09-10 16:29:00
ubuntucve
ubuntucve
CVE-2016-7056
2016-12-31 00:00:00
prion
prion
Code injection
2018-09-10 16:29:00
nessus
nessus
FreeBSD : openssl -- timing attack vulnerability (7caebe30-d7f1-11e6-a9a5-b499baebfeaf)
2017-01-12 00:00:00
openSUSE Security Update : libressl (openSUSE-2017-561)
2017-05-09 00:00:00
openSUSE Security Update : libressl (openSUSE-2017-560)
2017-05-09 00:00:00
cve
cve
CVE-2016-7056
2018-09-10 16:29:00
freebsd
freebsd
openssl -- timing attack vulnerability
2017-01-10 00:00:00
cvelist
cvelist
CVE-2016-7056
2018-09-10 16:00:00
threatpost
threatpost
Ubuntu Update Includes OpenSSL Fixes
2017-02-01 14:50:11
OpenSSL Update Fixes High Severity DoS Vulnerability
2017-02-21 16:02:20
debian
debian
[SECURITY] [DLA 814-1] openssl security update
2017-02-01 23:12:31
[SECURITY] [DSA 3773-1] openssl security update
2017-01-27 19:48:57
suse
suse
Security update for openssl (important)
2018-01-16 18:08:42
Security update for openssl-steam (important)
2018-02-16 12:07:45
Security update for SLES 12-SP1 Docker image (important)
2017-10-11 03:07:32
ubuntu
ubuntu
OpenSSL vulnerabilities
2017-01-31 00:00:00
cloudfoundry
cloudfoundry
USN-3181-1: OpenSSL vulnerabilities | Cloud Foundry
2017-06-02 00:00:00
ibm
ibm
WebSphere Application Server and IBM HTTP Server Security Bulletin List
2022-07-13 18:04:48
redhat
redhat
androidsecurity
androidsecurity
Android Security BulletinβMay 2017
2017-05-01 00:00:00
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.0004 Low
EPSS
Percentile
10.1%
Related for OPENSUSE-2017-222.NASL