OpenSSL < 1.0.1k / < 1.0.0p / < 0.9.8zd Multiple Vulnerabilities

medium Nessus Network Monitor Plugin ID 8617

Synopsis

The remote web server is running an outdated instance of OpenSSL and thus may be missing patches for multiple vulnerabilities.

Description

OpenSSL before 0.9.8zd, 1.0.0p, or 1.0.1k are unpatched for the following vulnerabilities:

- A DTLS segmentation fault due to a null pointer dereference, which can lead to a denial of service attack (CVE-2014-3571)

- A memory leak when handling repeated DTLS records with the same sequence number but the next epoch, which can result in denial of service (CVE-2015-0206)

- A null pointer dereference when handling SSL v3 ClientHelloes can result in denial of service when openssl is built with the no-ssl3 option (CVE-2014-3569)

- ECDHE silently downgrades to ECDH ciphersuite when the server key exchange message is omitted; this removes forward secrecy from the ciphersuite (CVE-2014-3572)

- A server could present a weak temporary RSA key to silently downgrade the session's security from a non-export RSA key exchange ciphersuite (CVE-2015-0204)

- For openssl servers that trust client certificate authorities that issue certificates containing DH keys, a bug exists wherein client certificates are accepted without verification (CVE-2015-0205)

- OpenSSL does not enforce a match between the signed and unsigned portions of the certificate for several non-DER variants of certificate signature algorithms and signature encodings; while this does not affect OpenSSL servers and clients, custom applications relying on the uniqueness of the fingerprint may be affected (CVE-2014-8275)

- Bignum squaring may produce incorrect results at random on some platforms, including x86_64, although the impact of this is unknown, and its occurrence is rare (CVE-2014-3570)

Solution

OpenSSL versions 0.9.8zd, 1.0.0p, and 1.0.1k are patched against these vulnerabilities. Apply the vendors patch, or update to these versions or later.

See Also

https://www.openssl.org/news/secadv_20150108.txt

Plugin Details

Severity: Medium

ID: 8617

Family: Web Servers

Published: 1/9/2015

Updated: 3/6/2019

Nessus ID: 80567, 80568

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 5.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:openssl:openssl

Patch Publication Date: 1/8/2015

Vulnerability Publication Date: 1/8/2015

Reference Information

CVE: CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206

BID: 71936, 71934, 71935, 71937, 71939, 71940, 71941, 71942