OpenSSL 1.0.0 < 1.0.0n Multiple Vulnerabilities

high Nessus Plugin ID 77087

Synopsis

The remote service is affected by multiple vulnerabilities.

Description

The version of OpenSSL installed on the remote host is prior to 1.0.0n. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.0n advisory.

- The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake message in conjunction with a (1) anonymous DH or (2) anonymous ECDH ciphersuite. (CVE-2014-3510)

- Race condition in the ssl_parse_serverhello_tlsext function in t1_lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL servers to cause a denial of service (memory overwrite and client application crash) or possibly have unspecified other impact by sending Elliptic Curve (EC) Supported Point Formats Extension data. (CVE-2014-3509)

- The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions.
(CVE-2014-3508)

- Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of the return value of a certain insert function. (CVE-2014-3507)

- d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values. (CVE-2014-3506)

- Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition. (CVE-2014-3505)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to OpenSSL version 1.0.0n or later.

See Also

https://www.cve.org/CVERecord?id=CVE-2014-3505

https://www.cve.org/CVERecord?id=CVE-2014-3506

https://www.cve.org/CVERecord?id=CVE-2014-3507

https://www.cve.org/CVERecord?id=CVE-2014-3508

https://www.cve.org/CVERecord?id=CVE-2014-3509

https://www.cve.org/CVERecord?id=CVE-2014-3510

https://www.openssl.org/news/secadv/20140806.txt

Plugin Details

Severity: High

ID: 77087

File Name: openssl_1_0_0n.nasl

Version: 1.16

Type: combined

Agent: windows, macosx, unix

Family: Web Servers

Published: 8/8/2014

Updated: 10/23/2024

Configuration: Enable thorough checks

Supported Sensors: Continuous Assessment, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2014-3509

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2014-3507

Vulnerability Information

CPE: cpe:/a:openssl:openssl

Required KB Items: installed_sw/OpenSSL

Exploit Ease: No known exploits are available

Patch Publication Date: 8/6/2014

Vulnerability Publication Date: 8/6/2014

Reference Information

CVE: CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510

BID: 69075, 69076, 69078, 69081, 69082, 69084