Detections
Analytics

OpenSSL 1.0.2 < 1.0.2h Multiple Vulnerabilities

high Nessus Plugin ID 90891

Language:

Synopsis

The remote service is affected by multiple vulnerabilities.

Description

The version of OpenSSL installed on the remote host is prior to 1.0.2h. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.2h advisory.

 - The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data. (CVE-2016-2176)

 - The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding. (CVE-2016-2109)

 - The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169. (CVE-2016-2107)

 - Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data. (CVE-2016-2106)

 - Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data. (CVE-2016-2105)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to OpenSSL version 1.0.2h or later.

See Also

http://www.nessus.org/u?e0cc9197

https://www.cve.org/CVERecord?id=CVE-2016-2105

https://www.cve.org/CVERecord?id=CVE-2016-2106

https://www.cve.org/CVERecord?id=CVE-2016-2107

https://www.cve.org/CVERecord?id=CVE-2016-2109

https://www.cve.org/CVERecord?id=CVE-2016-2176

https://www.openssl.org/news/secadv/20160503.txt

Plugin Details

Severity: High

ID: 90891

File Name: openssl_1_0_2h.nasl

Version: 1.14

Type: combined

Agent: windows, macosx, unix

Family: Web Servers

Published: 5/4/2016

Updated: 10/23/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P

CVSS Score Source: CVE-2016-2176

CVSS v3

Risk Factor: High

Base Score: 8.2

Temporal Score: 7.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:openssl:openssl

Required KB Items: installed_sw/OpenSSL

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/3/2016

Vulnerability Publication Date: 4/22/2016

Reference Information

CVE: CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2109, CVE-2016-2176

BID: 87940, 89744, 89746, 89757, 89760