A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - openssl: doapr_outch function does not verify that certain memory allocation succeeds (CVE-2016-2842)

  - The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and     1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via     a DTLS hello message in an invalid DTLS handshake. (CVE-2014-0221)

  - The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n,     and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters,     which allows context-dependent attackers to obtain sensitive information from process stack memory by     reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions.
    (CVE-2014-3508)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is installed.

The version of IBM HTTP Server running on the remote host is affected by multiple vulnerabilities, including the following:

  - IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) duplicates the PRNG state across     fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and     a risk of duplicate key material. (CVE-2018-1426)

  - The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.1.6)     CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A     weak password may be recovered. Note: After update the customer should change password to ensure the new     password is stored more securely. Products should encourage customers to take this step as a high priority     action. (CVE-2018-1447)

  - There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before     1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA     and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks     against DH are considered just feasible (although very difficult) because most of the work necessary to     deduce information about a private key may be performed offline. The amount of resources required for such     an attack would be very significant and likely only accessible to a limited number of attackers. An     attacker would additionally need online access to an unpatched system using the target private key in a     scenario with persistent DH parameters and a private key that is shared between multiple clients. For     example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very     similar to CVE-2015-3193 but must be treated as a separate problem. (CVE-2017-3732)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

An update is now available for Red Hat JBoss Core Services on RHEL 6.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.

This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes, which are documented in the Release Notes document linked to in the References.

Security Fix(es) :

* A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support. (CVE-2016-6304)

* It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack.
(CVE-2016-0736)

* It was discovered that the mod_auth_digest module of httpd did not properly check for memory allocation failures. A remote attacker could use this flaw to cause httpd child processes to repeatedly crash if the server used HTTP digest authentication. (CVE-2016-2161)

* A timing attack flaw was found in OpenSSL that could allow a malicious user with local access to recover ECDSA P-256 private keys.
(CVE-2016-7056)

* A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. (CVE-2016-8610)

* It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743)

* A vulnerability was found in httpd's handling of the LimitRequestFields directive in mod_http2, affecting servers with HTTP/2 enabled. An attacker could send crafted requests with headers larger than the server's available memory, causing httpd to crash.
(CVE-2016-8740)

Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6304 and Shi Lei (Gear Team of Qihoo 360 Inc.) for reporting CVE-2016-8610. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6304.

An update is now available for Red Hat JBoss Core Services on RHEL 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.

This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes, which are documented in the Release Notes document linked to in the References.

Security Fix(es) :

* A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support. (CVE-2016-6304)

* It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack.
(CVE-2016-0736)

* It was discovered that the mod_auth_digest module of httpd did not properly check for memory allocation failures. A remote attacker could use this flaw to cause httpd child processes to repeatedly crash if the server used HTTP digest authentication. (CVE-2016-2161)

* A timing attack flaw was found in OpenSSL that could allow a malicious user with local access to recover ECDSA P-256 private keys.
(CVE-2016-7056)

* A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. (CVE-2016-8610)

* It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743)

* A vulnerability was found in httpd's handling of the LimitRequestFields directive in mod_http2, affecting servers with HTTP/2 enabled. An attacker could send crafted requests with headers larger than the server's available memory, causing httpd to crash.
(CVE-2016-8740)

Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6304 and Shi Lei (Gear Team of Qihoo 360 Inc.) for reporting CVE-2016-8610. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6304.

An update is now available for Red Hat JBoss Web Server 3.1 for RHEL 6 and Red Hat JBoss Web Server 3.1 for RHEL 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.

This release of Red Hat JBoss Web Server 3.1 Service Pack 1 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References.

Security Fix(es) :

* It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application. (CVE-2017-5645)

* A vulnerability was discovered in tomcat's handling of pipelined requests when 'Sendfile' was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647)

* A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-5664)

* A vulnerability was discovered in tomcat. When running an untrusted application under a SecurityManager it was possible, under some circumstances, for that application to retain references to the request or response objects and thereby access and/or modify information associated with another web application. (CVE-2017-5648)

This update for openssl-steam fixes the following issues :

  - Merged changes from upstream openssl (Factory rev 137)     into this fork for Steam.

Updated to openssl 1.0.2k :

  - CVE-2016-7055: Montgomery multiplication may produce     incorrect results (boo#1009528)

  - CVE-2016-7056: ECSDA P-256 timing attack key recovery     (boo#1019334)

  - CVE-2017-3731: Truncated packet could crash via OOB read     (boo#1022085)

  - CVE-2017-3732: BN_mod_exp may produce incorrect results     on x86_64 (boo#1022086)

Update to openssl-1.0.2j :

  - CVE-2016-7052: Missing CRL sanity check (boo#1001148)

OpenSSL Security Advisory [22 Sep 2016] (boo#999665)

  - Severity: High

  - CVE-2016-6304: OCSP Status Request extension unbounded     memory growth (boo#999666)

  - Severity: Low

  - CVE-2016-2177: Pointer arithmetic undefined behaviour     (boo#982575)

  - CVE-2016-2178: Constant time flag not preserved in DSA     signing (boo#983249)

  - CVE-2016-2179: DTLS buffered message DoS (boo#994844)

  - CVE-2016-2180: OOB read in TS_OBJ_print_bio()     (boo#990419)

  - CVE-2016-2181: DTLS replay protection DoS (boo#994749)

  - CVE-2016-2182: OOB write in BN_bn2dec() (boo#993819)

  - CVE-2016-2183: Birthday attack against 64-bit block     ciphers (SWEET32) (boo#995359)

  - CVE-2016-6302: Malformed SHA512 ticket DoS (boo#995324)

  - CVE-2016-6303: OOB write in MDC2_Update() (boo#995377)

  - CVE-2016-6306: Certificate message OOB reads     (boo#999668)

ALso fixed :

  - fixed a crash in print_notice (boo#998190)

  - fix X509_CERT_FILE path (boo#1022271) and rename

  - resume reading from /dev/urandom when interrupted by a     signal (boo#995075)

  - fix problems with locking in FIPS mode (boo#992120)

  - duplicates: boo#991877, boo#991193, boo#990392,     boo#990428 and boo#990207

  - drop openssl-fips_RSA_compute_d_with_lcm.patch     (upstream) (boo#984323)

  - don't check for /etc/system-fips (boo#982268)

This update for openssl fixes the following issues: Security issues fixed :

  - CVE-2016-7056: ECSDA P-256 timing attack key recovery     (bsc#1019334)

  - CVE-2017-3731: Truncated packet could crash via OOB read     (bsc#1022085)

  - CVE-2016-8610: remote denial of service in SSL alert     handling (bsc#1005878)

  - CVE-2017-3735: Malformed X.509 IPAdressFamily could     cause OOB read (bsc#1056058) Bug fixes :

  - support alternate root ca chains (bsc#1032261)

  - X509_get_default_cert_file() returns an incorrect path     (bsc#1022271)

  - Segmentation fault in 'openssl speed' when engine     library file cannot be found (bsc#1000677)

  - adjust DEFAULT_SUSE to meet 1.0.2 and current state     (bsc#1027908)

  - Missing important ciphers in openssl 1.0.1i-47.1 on     SLES12 SP1 (bsc#990592)

  - out of bounds read+crash in DES_fcrypt (bsc#1065363)

  - tracker bug for January 26th 2017 release (bsc#1021641)

  - patch for CVE-2016-2108 fails negative zero exploit     (bsc#1001502)

  - Birthday attacks on 64-bit block ciphers aka triple-des     (SWEET32) (bsc#1001912)

  - Include additional patch for CVE-2016-2108 (bsc#1004499)

  - openssl DEFAULT_SUSE cipher list is missing ECDHE-ECDSA     ciphers (bsc#1055825)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for libressl to version 2.5.1 fixes the following issues :

These security issues were fixed :

  - CVE-2016-0702: Prevent side channel attack on modular     exponentiation (boo#968050).

  - CVE-2016-7056: Avoid a side-channel cache-timing attack     that can leak the ECDSA private keys when signing     (boo#1019334).

These non-security issues were fixed :

  - Detect zero-length encrypted session data early

  - Curve25519 Key Exchange support.

  - Support for alternate chains for certificate     verification.

  - Added EVP interface for MD5+SHA1 hashes

  - Fixed DTLS client failures when the server sends a     certificate request.

  - Corrected handling of padding when upgrading an SSLv2     challenge into an SSLv3/TLS connection. 

  - Allowed protocols and ciphers to be set on a TLS config     object in libtls.

For additional changes please refer to the changelog.

This update for libressl to version 2.5.1 fixes the following issues :

These security issues were fixed :

  - CVE-2016-0702: Prevent side channel attack on modular     exponentiation (boo#968050).

  - CVE-2016-7056: Avoid a side-channel cache-timing attack     that can leak the ECDSA private keys when signing     (boo#1019334).

These non-security issues were fixed :

  - Detect zero-length encrypted session data early

  - Curve25519 Key Exchange support.

  - Support for alternate chains for certificate     verification.

  - Added EVP interface for MD5+SHA1 hashes

  - Fixed DTLS client failures when the server sends a     certificate request.

  - Corrected handling of padding when upgrading an SSLv2     challenge into an SSLv3/TLS connection.

  - Allowed protocols and ciphers to be set on a TLS config     object in libtls.

The remote host is running a version of Mac OS X 10.10.5 or 10.11.6 that is missing a security update. It is therefore, affected by multiple vulnerabilities :

  - An information disclosure vulnerability exists in the     LibreSSL component due to a flaw in the ECDSA     implementation that is triggered when not properly     setting a flag in ECDSA signing nonces to indicate that     only constant-time code paths should be followed. An     unauthenticated, remote attacker can exploit this to     conduct side-channel cache-timing attacks, allowing the     attacker to recover the  modular inversion state     sequences and the ECDSA private keys. Note that this     vulnerability does not affect Mac OS X 10.10.5.
    (CVE-2016-7056)

  - An integer overflow condition exists in the ImageIO     component due to improper validation of user-supplied     input. An unauthenticated, remote attacker can exploit     this, by convincing a user to open a specially crafted     JPEG file, to cause a denial of service condition or the     execution of arbitrary code. (CVE-2017-2432)

  - Multiple memory corruption issues exist in the libxslt     component that allow an unauthenticated, remote attacker     to cause a denial of service condition or the execution     of arbitrary code. (CVE-2017-2477)

  - An integer overflow condition exists in the libxslt     component in the xsltAddTextString() function in     transform.c. An unauthenticated, remote attacker can     exploit this, by convincing a user to open a specially     crafted file, to cause an out-of-bounds write,     potentially allowing the execution of arbitrary code.
    (CVE-2017-5029)

The remote host is running a version of macOS that is 10.12.x prior to 10.12.4. It is, therefore, affected by multiple vulnerabilities in multiple components, some of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these remote code execution vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user. The affected components are as follows :

  - apache
  - apache_mod_php
  - AppleGraphicsPowerManagement
  - AppleRAID
  - Audio
  - Bluetooth
  - Carbon
  - CoreGraphics
  - CoreMedia
  - CoreText
  - curl
  - EFI
  - FinderKit
  - FontParser
  - HTTPProtocol
  - Hypervisor
  - iBooks
  - ImageIO
  - Intel Graphics Driver
  - IOATAFamily
  - IOFireWireAVC
  - IOFireWireFamily
  - Kernel
  - Keyboards
  - libarchive
  - libc++abi
  - LibreSSL
  - MCX Client
  - Menus
  - Multi-Touch
  - OpenSSH
  - OpenSSL
  - Printing
  - python
  - QuickTime
  - Security
  - SecurityFoundation
  - sudo
  - System Integrity Protection
  - tcpdump
  - tiffutil
  - WebKit

This update for compat-openssl098 fixes the following issues contained in the OpenSSL Security Advisory [26 Jan 2017] (bsc#1021641) Security issues fixed :

  - CVE-2016-7056: A local ECSDA P-256 timing attack that     might have allowed key recovery was fixed (bsc#1019334)

  - CVE-2016-8610: A remote denial of service in SSL alert     handling was fixed (bsc#1005878)

  - degrade 3DES to MEDIUM in SSL2 (bsc#1001912)

  - CVE-2016-2108: Added a missing commit for CVE-2016-2108,     fixing the negative zero handling in the ASN.1 decoder     (bsc#1004499) Bugs fixed :

  - fix crash in openssl speed (bsc#1000677)

  - don't attempt session resumption if no ticket is present     and session ID length is zero (bsc#984663)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for openssl fixes the following issues contained in the OpenSSL Security Advisory [26 Jan 2017] (bsc#1021641) Security issues fixed :

  - CVE-2016-7056: A local ECSDA P-256 timing attack that     might have allowed key recovery was fixed (bsc#1019334)

  - CVE-2016-8610: A remote denial of service in SSL alert     handling was fixed (bsc#1005878)

  - degrade 3DES to MEDIUM in SSL2 (bsc#1001912)

  - CVE-2016-2108: Added a missing commit for CVE-2016-2108,     fixing the negative zero handling in the ASN.1 decoder     (bsc#1004499) Bugs fixed :

  - fix crash in openssl speed (bsc#1000677)

  - don't attempt session resumption if no ticket is present     and session ID length is zero (bsc#984663)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for openssl fixes the following issues contained in the OpenSSL Security Advisory [26 Jan 2017] (bsc#1021641)

Security issues fixed :

  - CVE-2016-7056: A local ECSDA P-256 timing attack that     might have allowed key recovery was fixed (bsc#1019334)

  - CVE-2016-8610: A remote denial of service in SSL alert     handling was fixed (bsc#1005878)

  - CVE-2016-2108: Added a missing commit for CVE-2016-2108,     fixing the negative zero handling in the ASN.1 decoder     (bsc#1004499)

  - CVE-2017-3731: Truncated packet could crash via OOB read     (bsc#1022085, CVE-2017-3731)

  - Degrade the 3DES cipher to MEDIUM in SSLv2 (bsc#1001912)

Bugs fixed :

  - fix crash in openssl speed (bsc#1000677)

  - fix ca-bundle path (bsc#1022271)

This update was imported from the SUSE:SLE-12-SP1:Update update project.

This update for openssl fixes the following issues contained in the OpenSSL Security Advisory [26 Jan 2017] (bsc#1021641) Security issues fixed :

  - CVE-2016-7056: A local ECSDA P-256 timing attack that     might have allowed key recovery was fixed (bsc#1019334)

  - CVE-2016-8610: A remote denial of service in SSL alert     handling was fixed (bsc#1005878)

  - CVE-2016-2108: Added a missing commit for CVE-2016-2108,     fixing the negative zero handling in the ASN.1 decoder     (bsc#1004499)

  - CVE-2017-3731: Truncated packet could crash via OOB read     (bsc#1022085, CVE-2017-3731)

  - Degrade the 3DES cipher to MEDIUM in SSLv2 (bsc#1001912)     Bugs fixed :

  - fix crash in openssl speed (bsc#1000677)

  - fix ca-bundle path (bsc#1022271)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for libressl fixes the following issues :

  - CVE-2016-7056: Difficult to execute cache timing attack     that may have allowed a local user to recover the     private part from ECDSA P-256 keys (boo#1019334)

Several vulnerabilities were discovered in OpenSSL :

CVE-2016-7056

A local timing attack was discovered against ECDSA P-256.

CVE-2016-8610

It was discovered that no limit was imposed on alert packets during an SSL handshake.

CVE-2017-3731

Robert Swiecki discovered that the RC4-MD5 cipher when running on 32 bit systems could be forced into an out-of-bounds read, resulting in denial of service.

For Debian 7 'Wheezy', these problems have been fixed in version 1.0.1t-1+deb7u2.

We recommend that you upgrade your openssl packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3181-1 advisory.

    Guido Vranken discovered that OpenSSL used undefined behaviour when performing pointer arithmetic. A     remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service.
    This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS as other releases were fixed in a     previous security update. (CVE-2016-2177)

    It was discovered that OpenSSL did not properly handle Montgomery multiplication, resulting in incorrect     results leading to transient failures. This issue only applied to Ubuntu 16.04 LTS, and Ubuntu 16.10.
    (CVE-2016-7055)

    It was discovered that OpenSSL did not properly use constant-time operations when performing ECDSA P-256     signing. A remote attacker could possibly use this issue to perform a timing attack and recover private     ECDSA keys. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-7056)

    Shi Lei discovered that OpenSSL incorrectly handled certain warning alerts. A remote attacker could     possibly use this issue to cause OpenSSL to stop responding, resulting in a denial of service.
    (CVE-2016-8610)

    Robert wicki discovered that OpenSSL incorrectly handled certain truncated packets. A remote attacker     could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2017-3731)

    It was discovered that OpenSSL incorrectly performed the x86_64 Montgomery squaring procedure. While     unlikely, a remote attacker could possibly use this issue to recover private keys. This issue only applied     to Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2017-3732)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Several vulnerabilities were discovered in OpenSSL :

  - CVE-2016-7056     A local timing attack was discovered against ECDSA     P-256.

  - CVE-2016-8610     It was discovered that no limit was imposed on alert     packets during an SSL handshake.

  - CVE-2017-3731     Robert Swiecki discovered that the RC4-MD5 cipher when     running on 32 bit systems could be forced into an     out-of-bounds read, resulting in denial of service.

Cesar Pereida Garcia reports :

The signing function in crypto/ecdsa/ecdsa_ossl.c in certain OpenSSL versions and forks is vulnerable to timing attacks when signing with the standardized elliptic curve P-256 despite featuring constant-time curve operations and modular inversion. A software defect omits setting the BN_FLG_CONSTTIME flag for nonces, failing to take a secure code path in the BN_mod_inverse method and therefore resulting in a cache-timing attack vulnerability. A malicious user with local access can recover ECDSA P-256 private keys.

ID	Name	Product	Family	Severity
199286	RHEL 7 : openssl (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	critical
144773	IBM HTTP Server 7.0.0.0 <= 7.0.0.43 / 8.0.0.0 <= 8.0.0.14 / 8.5.0.0 < 8.5.5.14 / 9.0.0.0 < 9.0.0.8 Multiple Vulnerabilities (569301)	Nessus	Web Servers	critical
117316	RHEL 6 : JBoss Core Services (RHSA-2017:1414)	Nessus	Red Hat Local Security Checks	high
117315	RHEL 7 : JBoss Core Services (RHSA-2017:1413)	Nessus	Red Hat Local Security Checks	high
112177	RHEL 6 / 7 : Red Hat JBoss Web Server 3.1.0 Service Pack 1 (RHSA-2017:1801)	Nessus	Red Hat Local Security Checks	critical
106863	openSUSE Security Update : openssl-steam (openSUSE-2018-168)	Nessus	SuSE Local Security Checks	critical
106093	SUSE SLES12 Security Update : openssl (SUSE-SU-2018:0112-1)	Nessus	SuSE Local Security Checks	critical
100043	openSUSE Security Update : libressl (openSUSE-2017-561)	Nessus	SuSE Local Security Checks	medium
100042	openSUSE Security Update : libressl (openSUSE-2017-560)	Nessus	SuSE Local Security Checks	medium
99135	Mac OS X Multiple Vulnerabilities (Security Update 2017-001	Nessus	MacOS X Local Security Checks	critical
99134	macOS 10.12.x < 10.12.4 Multiple Vulnerabilities (httpoxy)	Nessus	MacOS X Local Security Checks	critical
97550	SUSE SLED12 / SLES12 Security Update : compat-openssl098 (SUSE-SU-2017:0605-1)	Nessus	SuSE Local Security Checks	critical
97494	SUSE SLES11 Security Update : openssl (SUSE-SU-2017:0585-1)	Nessus	SuSE Local Security Checks	critical
97275	openSUSE Security Update : openssl (openSUSE-2017-255)	Nessus	SuSE Local Security Checks	critical
97188	SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2017:0461-1)	Nessus	SuSE Local Security Checks	critical
97076	openSUSE Security Update : libressl (openSUSE-2017-222)	Nessus	SuSE Local Security Checks	medium
96931	Debian DLA-814-1 : openssl security update	Nessus	Debian Local Security Checks	high
96927	Ubuntu 14.04 LTS / 16.04 LTS : OpenSSL vulnerabilities (USN-3181-1)	Nessus	Ubuntu Local Security Checks	critical
96842	Debian DSA-3773-1 : openssl - security update	Nessus	Debian Local Security Checks	high
96412	FreeBSD : openssl -- timing attack vulnerability (7caebe30-d7f1-11e6-a9a5-b499baebfeaf)	Nessus	FreeBSD Local Security Checks	medium

Detections

Analytics

CVE-2016-7056

medium

Tenable Plugins

critical

critical

high

high

critical

critical

critical

medium

medium

critical

critical

critical

critical

critical

critical

medium

high

critical

high

medium