The remote Ubuntu 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6450-1 advisory.

    Tony Battersby discovered that OpenSSL incorrectly handled key and initialization vector (IV) lengths.
    This could lead to truncation issues and result in loss of confidentiality for some symmetric cipher     modes. (CVE-2023-5363)

    Juerg Wullschleger discovered that OpenSSL incorrectly handled the AES-SIV cipher. This could lead to     empty data entries being ignored, resulting in certain applications being misled. This issue only affected     Ubuntu 22.04 LTS and Ubuntu 23.04. (CVE-2023-2975)

    It was discovered that OpenSSL incorrectly handled checking excessively long DH keys or parameters. A     remote attacker could possibly use this issue to cause OpenSSL to consume resources, leading to a denial     of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 23.04. (CVE-2023-3446, CVE-2023-3817)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Ubuntu 22.04 LTS / 23.04 / 23.10 : OpenSSL vulnerabilities (USN-6450-1)

high Nessus Plugin ID 183790

Version 1.5

Version 1.4

Version 1.3

Version 1.2

Version 1.1

Version 1.1

Version 1.0

Version 1.5 Sep 18, 2024, 8:52 AM CVSS metrics ("Cvssv4 threat vector" set to "CVSS:4.0/E:U") Plugin Feed: 202409180852
Version 1.4 Aug 28, 2024, 7:43 PM CVSS metrics ("Cvssv4 score" set to 9.3) CVSS metrics ("Cvssv4 vector" set to "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N") Detection (updated detection logic) Plugin metadata Plugin Feed: 202408281943
Version 1.3 Mar 8, 2024, 6:26 PM IAVM reference Plugin Feed: 202403081826
Version 1.2 Nov 10, 2023, 2:22 PM CVSS metrics ("CVSSv2 score" set to 7.8. "CVSSv2 vector" set to "CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N". "CVSSv3 vector" set to "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N". "CVSSv3 score" set to 7.5) CVSSv2 score source (changed from "CVE-2023-2975" to "CVE-2023-5363") CVSSv2 severity (based on CVE-2023-5363, severity increased from "Medium" to "High") CVSSv3 severity (based on None, severity increased from "Medium" to "High") Plugin Feed: 202311101422
Version 1.1 Oct 27, 2023, 12:17 PM IAVM reference Plugin Feed: 202310271217
Version 1.1 Nov 10, 2023, 12:32 PM CVSS metrics ("CVSSv2 score" set to 7.8) CVSS metrics ("CVSSv2 vector" set to "CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N") CVSS metrics ("CVSSv3 score" set to 7.5) CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N") CVSSv2 score source (changed from "CVE-2023-2975" to "CVE-2023-5363") CVSSv2 severity (based on CVE-2023-5363, severity increased from "Medium" to "High") CVSSv3 severity (based on None, severity increased from "Medium" to "High") Plugin Feed: 202311101232
Version 1.0 Oct 25, 2023, 2:17 AM New Plugin Feed: 202310250217