Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2024 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2014-1054.NASL
HistoryNov 08, 2014 - 12:00 a.m.

RHEL 6 : openssl (RHSA-2014:1054)

2014-11-0800:00:00
This script is Copyright (C) 2014-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
28

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.928 High

EPSS

Percentile

99.0%

JSON

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:1054 advisory.

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),     Transport Layer Security (TLS), and Datagram Transport Layer Security     (DTLS) protocols, as well as a full-strength, general purpose cryptography     library.

A race condition was found in the way OpenSSL handled ServerHello messages     with an included Supported EC Point Format extension. A malicious server     could possibly use this flaw to cause a multi-threaded TLS/SSL client using     OpenSSL to write into freed memory, causing the client to crash or execute     arbitrary code. (CVE-2014-3509)

It was discovered that the OBJ_obj2txt() function could fail to properly     NUL-terminate its output. This could possibly cause an application using     OpenSSL functions to format fields of X.509 certificates to disclose     portions of its memory. (CVE-2014-3508)

A flaw was found in the way OpenSSL handled fragmented handshake packets.
A man-in-the-middle attacker could use this flaw to force a TLS/SSL server     using OpenSSL to use TLS 1.0, even if both the client and the server     supported newer protocol versions. (CVE-2014-3511)

Multiple flaws were discovered in the way OpenSSL handled DTLS packets.
A remote attacker could use these flaws to cause a DTLS server or client     using OpenSSL to crash or use excessive amounts of memory. (CVE-2014-3505,     CVE-2014-3506, CVE-2014-3507)

A NULL pointer dereference flaw was found in the way OpenSSL performed a     handshake when using the anonymous Diffie-Hellman (DH) key exchange. A     malicious server could cause a DTLS client using OpenSSL to crash if that     client had anonymous DH cipher suites enabled. (CVE-2014-3510)

All OpenSSL users are advised to upgrade to these updated packages, which     contain backported patches to correct these issues. For the update to take     effect, all services linked to the OpenSSL library must be restarted or the     system rebooted.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2014:1054. The text 
# itself is copyright (C) Red Hat, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(79040);
  script_version("1.17");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/03");

  script_cve_id(
    "CVE-2014-3505",
    "CVE-2014-3506",
    "CVE-2014-3507",
    "CVE-2014-3508",
    "CVE-2014-3509",
    "CVE-2014-3510",
    "CVE-2014-3511"
  );
  script_bugtraq_id(
    69075,
    69076,
    69078,
    69079,
    69081,
    69082,
    69084
  );
  script_xref(name:"RHSA", value:"2014:1054");

  script_name(english:"RHEL 6 : openssl (RHSA-2014:1054)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates for openssl.");
  script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as
referenced in the RHSA-2014:1054 advisory.

    OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),
    Transport Layer Security (TLS), and Datagram Transport Layer Security
    (DTLS) protocols, as well as a full-strength, general purpose cryptography
    library.

    A race condition was found in the way OpenSSL handled ServerHello messages
    with an included Supported EC Point Format extension. A malicious server
    could possibly use this flaw to cause a multi-threaded TLS/SSL client using
    OpenSSL to write into freed memory, causing the client to crash or execute
    arbitrary code. (CVE-2014-3509)

    It was discovered that the OBJ_obj2txt() function could fail to properly
    NUL-terminate its output. This could possibly cause an application using
    OpenSSL functions to format fields of X.509 certificates to disclose
    portions of its memory. (CVE-2014-3508)

    A flaw was found in the way OpenSSL handled fragmented handshake packets.
    A man-in-the-middle attacker could use this flaw to force a TLS/SSL server
    using OpenSSL to use TLS 1.0, even if both the client and the server
    supported newer protocol versions. (CVE-2014-3511)

    Multiple flaws were discovered in the way OpenSSL handled DTLS packets.
    A remote attacker could use these flaws to cause a DTLS server or client
    using OpenSSL to crash or use excessive amounts of memory. (CVE-2014-3505,
    CVE-2014-3506, CVE-2014-3507)

    A NULL pointer dereference flaw was found in the way OpenSSL performed a
    handshake when using the anonymous Diffie-Hellman (DH) key exchange. A
    malicious server could cause a DTLS client using OpenSSL to crash if that
    client had anonymous DH cipher suites enabled. (CVE-2014-3510)

    All OpenSSL users are advised to upgrade to these updated packages, which
    contain backported patches to correct these issues. For the update to take
    effect, all services linked to the OpenSSL library must be restarted or the
    system rebooted.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  # https://access.redhat.com/security/data/csaf/v2/advisories/2014/rhsa-2014_1054.json
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ab7f9ef6");
  script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv_20140806.txt");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2014:1054");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#moderate");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1127490");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1127498");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1127499");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1127500");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1127502");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1127503");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1127504");
  script_set_attribute(attribute:"solution", value:
"Update the RHEL openssl package based on the guidance in RHSA-2014:1054.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-3509");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2014-3507");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(200, 362, 390, 400, 401, 476, 672);
  script_set_attribute(attribute:"vendor_severity", value:"Moderate");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/08/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/08/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/08");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl-perl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl-static");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Red Hat Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2014-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("redhat_repos.nasl", "ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');
include('rhel.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '6')) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);

var constraints = [
  {
    'repo_relative_urls': [
      'content/dist/rhs/server/2.1/x86_64/debug',
      'content/dist/rhs/server/2.1/x86_64/os',
      'content/dist/rhs/server/2.1/x86_64/source/SRPMS'
    ],
    'pkgs': [
      {'reference':'openssl-1.0.1e-16.el6_5.15', 'cpu':'x86_64', 'release':'6', 'el_string':'el6_5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs'},
      {'reference':'openssl-devel-1.0.1e-16.el6_5.15', 'cpu':'x86_64', 'release':'6', 'el_string':'el6_5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs'},
      {'reference':'openssl-perl-1.0.1e-16.el6_5.15', 'cpu':'x86_64', 'release':'6', 'el_string':'el6_5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs'},
      {'reference':'openssl-static-1.0.1e-16.el6_5.15', 'cpu':'x86_64', 'release':'6', 'el_string':'el6_5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs'}
    ]
  }
];

var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);

var flag = 0;
foreach var constraint_array ( constraints ) {
  var repo_relative_urls = NULL;
  if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
  foreach var pkg ( constraint_array['pkgs'] ) {
    var reference = NULL;
    var _release = NULL;
    var sp = NULL;
    var _cpu = NULL;
    var el_string = NULL;
    var rpm_spec_vers_cmp = NULL;
    var epoch = NULL;
    var allowmaj = NULL;
    var exists_check = NULL;
    var cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        _release &&
        rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
        (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
        rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  var extra = NULL;
  if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
  else extra = rpm_report_get();
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : extra
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssl / openssl-devel / openssl-perl / openssl-static');
}
VendorProductVersionCPE
redhatenterprise_linuxopenssl-develp-cpe:/a:redhat:enterprise_linux:openssl-devel
redhatenterprise_linuxopenssl-staticp-cpe:/a:redhat:enterprise_linux:openssl-static
redhatenterprise_linuxopensslp-cpe:/a:redhat:enterprise_linux:openssl
redhatenterprise_linux6cpe:/o:redhat:enterprise_linux:6
redhatenterprise_linuxopenssl-perlp-cpe:/a:redhat:enterprise_linux:openssl-perl

References

Related

redhat 4
nessus 43
openvas 27
oraclelinux 4
ibm 39
centos 2
debian 2
slackware 1
freebsd 1
mageia 1
aix 1
amazon 1
osv 1
huawei 1
ubuntu 1
kaspersky 1
securityvulns 1
freebsd_advisory 1
f5 7
altlinux 5
fedora 7
gentoo 1
cve 5
prion 5
debiancve 5
checkpoint_advisories 5
openssl 6
ubuntucve 5
cvelist 5
nvd 5
veracode 6
redhat
redhat
(RHSA-2014:1052) Moderate: openssl security update
2014-08-13 00:00:00
(RHSA-2014:1054) Moderate: openssl security update
2014-08-14 00:00:00
(RHSA-2014:1053) Moderate: openssl security update
2014-08-13 00:00:00
nessus
nessus
Oracle Linux 6 / 7 : openssl (ELSA-2014-1052)
2014-08-14 00:00:00
OpenSSL 1.0.0 < 1.0.0n Multiple Vulnerabilities
2014-08-08 00:00:00
RHEL 6 / 7 : openssl (RHSA-2014:1052)
2014-08-14 00:00:00
openvas
openvas
CentOS Update for openssl CESA-2014:1052 centos7
2014-09-10 00:00:00
Oracle: Security Advisory (ELSA-2014-1052)
2015-10-06 00:00:00
RedHat Update for openssl RHSA-2014:1052-01
2014-08-14 00:00:00
oraclelinux
oraclelinux
openssl security update
2014-08-13 00:00:00
openssl security update
2014-08-13 00:00:00
openssl security update
2014-10-16 00:00:00
ibm
ibm
Security Bulletin: OpenSSL security vulnerabilities in IBM SONAS (CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511)
2018-06-18 00:08:42
Security Bulletin: Multiple potential vulnerabilities in OpenSSL fixed in Chassis Management Module (CMM) (CVE-2014-3509, CVE-2014-3506, CVE-2014-3507, CVE-2014-3511, CVE-2014-3505, CVE-2014-3510, CVE-2014-3508)
2019-01-31 01:35:01
Security Bulletin: Seven (7) Vulnerabilities in OpenSSL affect IBM FlashSystem 840 and V840 (CVEs)
2023-02-18 01:45:50
centos
centos
openssl security update
2014-08-13 20:10:43
openssl security update
2014-08-13 19:52:24
debian
debian
[DLA 33-1] openssl security update
2014-08-07 20:36:09
[SECURITY] [DSA 2998-1] openssl security update
2014-08-06 23:44:13
slackware
slackware
[slackware-security] openssl
2014-08-08 21:22:00
freebsd
freebsd
OpenSSL -- multiple vulnerabilities
2014-08-06 00:00:00
mageia
mageia
Updated openssl packages fix security vulnerabilities
2014-08-12 13:16:46
aix
aix
AIX OpenSSL Denial of Service due to double free and others
2014-09-09 00:50:00
amazon
amazon
Medium: openssl
2014-08-07 12:26:00
osv
osv
openssl - security update
2014-08-07 00:00:00
huawei
huawei
Security Advisory-9 OpenSSL vulnerabilities on Huawei products
2014-10-08 00:00:00
ubuntu
ubuntu
OpenSSL vulnerabilities
2014-08-07 00:00:00
kaspersky
kaspersky
KLA10343 Multiple vulnerabilities in Stunnel
2014-08-07 00:00:00
securityvulns
securityvulns
OpenSSL multiple security vulnerabilities
2014-08-07 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-14:18.openssl
2014-09-09 00:00:00
f5
f5
K15573 : OpenSSL DTLS vulnerabilities CVE-2014-3505, CVE-2014-3506, and CVE-2014-3507
2015-09-15 00:00:00
SOL15573 - OpenSSL DTLS vulnerabilities CVE-2014-3505, CVE-2014-3506, and CVE-2014-3507
2014-09-05 00:00:00
SOL15568 - OpenSSL vulnerability CVE-2014-3510
2014-09-05 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 7 package openssl10 version 1.0.1j-alt0.M70P.1
2014-10-31 00:00:00
Security fix for the ALT Linux 8 package openssl10 version 1.0.1j-alt1
2014-10-30 00:00:00
Security fix for the ALT Linux 9 package openssl10 version 1.0.1j-alt1
2014-10-30 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: mingw-openssl-1.0.1j-1.fc21
2015-01-02 05:06:53
[SECURITY] Fedora 20 Update: openssl-1.0.1e-39.fc20
2014-08-09 07:36:05
[SECURITY] Fedora 19 Update: openssl-1.0.1e-39.fc19
2014-08-09 07:34:58
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2014-12-26 00:00:00
cve
cve
CVE-2014-3505
2014-08-13 23:55:07
CVE-2014-3508
2014-08-13 23:55:07
CVE-2014-3510
2014-08-13 23:55:07
prion
prion
Double free
2014-08-13 23:55:00
Null pointer dereference
2014-08-13 23:55:00
Design/Logic Flaw
2014-08-13 23:55:00
debiancve
debiancve
CVE-2014-3505
2014-08-13 23:55:07
CVE-2014-3507
2014-08-13 23:55:07
CVE-2014-3510
2014-08-13 23:55:07
checkpoint_advisories
checkpoint_advisories
OpenSSL DTLS Handshake Double Free (CVE-2014-3505)
2014-09-30 00:00:00
OpenSSL DTLS Handshake Memory Exhaustion (CVE-2014-3506)
2014-09-28 00:00:00
OpenSSL dtls1_process_out_of_seq_message Denial of Service (CVE-2014-3507)
2014-10-07 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2014-3507
2014-08-06 00:00:00
Vulnerability in OpenSSL CVE-2014-3505
2014-08-06 00:00:00
Vulnerability in OpenSSL CVE-2014-3509
2014-08-06 00:00:00
ubuntucve
ubuntucve
CVE-2014-3507
2014-08-07 00:00:00
CVE-2014-3505
2014-08-07 00:00:00
CVE-2014-3506
2014-08-07 00:00:00
cvelist
cvelist
CVE-2014-3506
2014-08-13 23:00:00
CVE-2014-3505
2014-08-13 23:00:00
CVE-2014-3508
2014-08-13 23:00:00
nvd
nvd
CVE-2014-3505
2014-08-13 23:55:07
CVE-2014-3507
2014-08-13 23:55:07
CVE-2014-3508
2014-08-13 23:55:07
veracode
veracode
Denial Of Service (DoS)
2019-01-15 08:59:12
Denial Of Service (DoS)
2017-02-07 01:37:14
Denial Of Service (DoS) Through Memory Consumption
2017-02-07 01:31:35

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.928 High

EPSS

Percentile

99.0%

JSON
Related for REDHAT-RHSA-2014-1054.NASL
redhat4nessus43openvas27oraclelinux4ibm39centos2debian2slackware1freebsd1mageia1aix1amazon1osv1huawei1ubuntu1kaspersky1securityvulns1freebsd_advisory1f57altlinux5fedora7gentoo1cve5prion5debiancve5checkpoint_advisories5openssl6ubuntucve5cvelist5nvd5veracode6