CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
97.9%
OpenSSL is prone to multiple vulnerabilities.
# Copyright (C) 2015 Greenbone Networks GmbH
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
CPE = "cpe:/a:openssl:openssl";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.806745");
script_version("2023-11-02T05:05:26+0000");
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_tag(name:"last_modification", value:"2023-11-02 05:05:26 +0000 (Thu, 02 Nov 2023)");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2017-11-15 02:29:00 +0000 (Wed, 15 Nov 2017)");
script_tag(name:"creation_date", value:"2015-12-01 09:41:47 +0530 (Tue, 01 Dec 2015)");
script_cve_id("CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792");
script_tag(name:"qod_type", value:"remote_banner_unreliable");
script_tag(name:"solution_type", value:"VendorFix");
script_name("OpenSSL Multiple Vulnerabilities (20150611 - 2) - Linux");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2015 Greenbone Networks GmbH");
script_family("General");
script_dependencies("gb_openssl_consolidation.nasl", "os_detection.nasl");
script_mandatory_keys("openssl/detected", "Host/runs_unixoide");
script_tag(name:"summary", value:"OpenSSL is prone to multiple vulnerabilities.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"The following flaws exist:
- CVE-2015-1789: X509_cmp_time does not properly check the length of the ASN1_TIME string and can
read a few bytes out of bounds. In addition, X509_cmp_time accepts an arbitrary number of
fractional seconds in the time string. An attacker can use this to craft malformed certificates
and CRLs of various sizes and potentially cause a segmentation fault, resulting in a DoS on
applications that verify certificates or CRLs. TLS clients that verify CRLs are affected. TLS
clients and servers with client authentication enabled may be affected if they use custom
verification callbacks.
- CVE-2015-1790: The PKCS#7 parsing code does not handle missing inner EncryptedContent correctly.
An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL
pointer dereference on parsing. Applications that decrypt PKCS#7 data or otherwise parse PKCS#7
structures from untrusted sources are affected. OpenSSL clients and servers are not affected.
- CVE-2015-1791: If a NewSessionTicket is received by a multi-threaded client when attempting to
reuse a previous ticket then a race condition can occur potentially leading to a double free of
the ticket data.
- CVE-2015-1792: When verifying a signedData message the CMS code can enter an infinite loop if
presented with an unknown hash function OID. This can be used to perform denial of service against
any system which verifies signedData messages using the CMS code.");
script_tag(name:"affected", value:"OpenSSL version 0.9.8 through 0.9.8zf, 1.0.0 through 1.0.0r,
1.0.1 through 1.0.1m and 1.0.2 through 1.0.2a.");
script_tag(name:"solution", value:"Update to version 0.9.8zg, 1.0.0s, 1.0.1n, 1.0.2b later.");
script_xref(name:"URL", value:"https://www.openssl.org/news/secadv/20150611.txt");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/75156");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/75157");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/75161");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/75154");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if(isnull(port = get_app_port(cpe:CPE)))
exit(0);
if(!infos = get_app_version_and_location(cpe:CPE, port:port, exit_no_version:TRUE))
exit(0);
vers = infos["version"];
path = infos["location"];
if(version_in_range(version:vers, test_version:"0.9.8", test_version2:"0.9.8zf")) {
report = report_fixed_ver(installed_version:vers, fixed_version:"0.9.8zg", install_path:path);
security_message(port:port, data:report);
exit(0);
}
if(version_in_range(version:vers, test_version:"1.0.0", test_version2:"1.0.0r")) {
report = report_fixed_ver(installed_version:vers, fixed_version:"1.0.0s", install_path:path);
security_message(port:port, data:report);
exit(0);
}
if(version_in_range(version:vers, test_version:"1.0.1", test_version2:"1.0.1m")) {
report = report_fixed_ver(installed_version:vers, fixed_version:"1.0.1n", install_path:path);
security_message(port:port, data:report);
exit(0);
}
if(version_in_range(version:vers, test_version:"1.0.2", test_version2:"1.0.2a")) {
report = report_fixed_ver(installed_version:vers, fixed_version:"1.0.2b", install_path:path);
security_message(port:port, data:report);
exit(0);
}
exit(99);
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
97.9%