Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can a cause a denial of service. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address when comparing the expected name with an `otherName` subject alternative name of an X.509 certificate. This may result in an exception that terminates the application program. Note that basic certificate chain validation (signatures, dates, ...) is not affected, the denial of service can occur only when the application also specifies an expected DNS name, Email address or IP address. TLS servers rarely solicit client certificates, and even when they do, they generally don't perform a name check against a reference identifier (expected identity), but rather extract the presented identity after checking the certificate chain. So TLS servers are generally not affected and the severity of the issue is Moderate. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:3107-1 advisory.

    - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:3106-1 advisory.

    - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465)

    Other fixes:

    - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365).
    - FIPS: RSA keygen PCT requirements.
    - FIPS: Check that the fips provider is available before setting       it as the default provider in FIPS mode (bsc#1220523).
    - FIPS: Port openssl to use jitterentropy (bsc#1220523).
    - FIPS: Block non-Approved Elliptic Curves (bsc#1221786).
    - FIPS: Service Level Indicator (bsc#1221365).
    - FIPS: Output the FIPS-validation name and module version which uniquely       identify the FIPS validated module (bsc#1221751).
    - FIPS: Add required selftests: (bsc#1221760).
    - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821).
    - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827).
    - FIPS: Zero initialization required (bsc#1221752).
    - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696).
    - FIPS: NIST SP 800-56Brev2 (bsc#1221824).
    - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787).
    - FIPS: Port openssl to use jitterentropy (bsc#1220523).
    - FIPS: NIST SP 800-56Arev3 (bsc#1221822).
    - FIPS: Error state has to be enforced (bsc#1221753).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:3105-1 advisory.

    - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 21f505f4-6a1c-11ef-b611-84a93843eb75 advisory.

    The OpenSSL project reports:
    Possible denial of service in X.509 name checks [Moderate severity]                 Applications performing certificate name checks (e.g., TLS clients                 checking server certificates) may attempt to read an invalid                 memory address resulting in abnormal termination of the application                 process.
    SSL_select_next_proto buffer overread [Low severity]                 Calling the OpenSSL API function SSL_select_next_proto with an empty                 supported client protocols buffer may cause a crash or memory                 contents to be sent to the peer.

Tenable has extracted the preceding description block directly from the FreeBSD security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5764 advisory.

    - -------------------------------------------------------------------------     Debian Security Advisory DSA-5764-1                   security@debian.org     https://www.debian.org/security/                     Salvatore Bonaccorso     September 03, 2024                    https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package        : openssl     CVE ID         : CVE-2024-6119

    David Benjamin reported a flaw in the X.509 name checks in OpenSSL, a     Secure Sockets Layer toolkit, which may cause an application performing     certificate name checks to crash, resulting in denial of service.

    Additional details can be found in the upstream advisory:
    https://openssl-library.org/news/secadv/20240903.txt

    For the stable distribution (bookworm), this problem has been fixed in     version 3.0.14-1~deb12u2.

    We recommend that you upgrade your openssl packages.

    For the detailed security status of openssl please refer to its security     tracker page at:
    https://security-tracker.debian.org/tracker/openssl

    Further information about Debian Security Advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Ubuntu 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6986-1 advisory.

    David Benjamin discovered that OpenSSL incorrectly handled certain X.509 certificates. An attacker could     possible use this issue to cause a denial of service or expose sensitive information.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
206576	SUSE SLES15 Security Update : openssl-3 (SUSE-SU-2024:3107-1)	Nessus	SuSE Local Security Checks	high
206575	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openssl-3 (SUSE-SU-2024:3106-1)	Nessus	SuSE Local Security Checks	high
206570	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openssl-3 (SUSE-SU-2024:3105-1)	Nessus	SuSE Local Security Checks	high
206514	FreeBSD : OpenSSL -- Multiple vulnerabilities (21f505f4-6a1c-11ef-b611-84a93843eb75)	Nessus	FreeBSD Local Security Checks	critical
206483	Debian dsa-5764 : libcrypto3-udeb - security update	Nessus	Debian Local Security Checks	high
206480	Ubuntu 22.04 LTS / 24.04 LTS : OpenSSL vulnerability (USN-6986-1)	Nessus	Ubuntu Local Security Checks	high

Detections

Analytics

CVE-2024-6119

high

Tenable Plugins

high

high

high

critical

high

high