OpenSSL 1.1.0 < 1.1.0d Multiple Vulnerabilities

medium Nessus Plugin ID 96874

Synopsis

The remote service is affected by multiple vulnerabilities.

Description

The version of OpenSSL installed on the remote host is prior to 1.1.0d. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.1.0d advisory.

- There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem. (CVE-2017-3732)

- If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k. (CVE-2017-3731)

- In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack. (CVE-2017-3730)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to OpenSSL version 1.1.0d or later.

See Also

http://www.nessus.org/u?19532289

http://www.nessus.org/u?8ee7e7fd

http://www.nessus.org/u?c4271253

https://www.cve.org/CVERecord?id=CVE-2017-3730

https://www.cve.org/CVERecord?id=CVE-2017-3731

https://www.cve.org/CVERecord?id=CVE-2017-3732

https://www.openssl.org/news/secadv/20170126.txt

Plugin Details

Severity: Medium

ID: 96874

File Name: openssl_1_1_0d.nasl

Version: 1.12

Type: combined

Agent: windows, macosx, unix

Family: Web Servers

Published: 1/30/2017

Updated: 10/23/2024

Configuration: Enable thorough checks

Supported Sensors: Continuous Assessment, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.4

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2017-3732

CVSS v3

Risk Factor: Medium

Base Score: 5.9

Temporal Score: 5.3

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:openssl:openssl

Required KB Items: installed_sw/OpenSSL

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/26/2017

Vulnerability Publication Date: 1/26/2017

Reference Information

CVE: CVE-2017-3730, CVE-2017-3731, CVE-2017-3732

BID: 95812, 95813, 95814