Detections
Analytics

OpenSSL 0.9.8 < 0.9.8zf / 1.0.0 < 1.0.0r / 1.0.1 < 1.0.1m Multiple Vulnerabilities

medium Nessus Network Monitor Plugin ID 8662

Synopsis

The remote web server is running an outdated instance of OpenSSL and thus may be missing patches for multiple vulnerabilities.

Description

OpenSSL before 0.9.8zf, 1.0.0r, or 1.0.1m are unpatched for the following vulnerabilities :

 - An invalid read flaw exists in the 'ASN1_TYPE_cmp()' function due to improperly performed boolean-type comparisons. A remote attacker can exploit this, via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature, to cause an invalid read operation, resulting in a denial of service. (CVE-2015-0286)

 - A flaw exists in the 'ASN1_item_ex_d2i()' function due to a failure to reinitialize 'CHOICE' and 'ADB' data structures when reusing a structure in ASN.1 parsing. This allows a remote attacker to cause an invalid write operation and memory corruption, resulting in a denial of service. (CVE-2015-0287)

 - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing outer 'ContentInfo'. This allows a remote attacker, using an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, to cause a denial of service. (CVE-2015-0289)

 - A flaw exists in servers that both support SSLv2 and enable export cipher suites due to improper implementation of SSLv2. A remote attacker can exploit this, via a crafted CLIENT-MASTER-KEY message, to cause a denial of service. (CVE-2015-0293)

 - A NULL pointer dereference flaw exists in the 'X509_to_X509_REQ()' function due to improper processing of certificate keys. This allows a remote attacker, via a crafted X.509 certificate, to cause a denial of service. (CVE-2015-0288)

 - A use-after-free condition exists in the 'd2i_ECPrivateKey() function due to improper processing of malformed EC private key files during import. A remote attacker can exploit this to dereference or free already freed memory, resulting in a denial of service or other unspecified impact. (CVE-2015-0209)

Solution

OpenSSL versions 0.9.8zf, 1.0.0r, and 1.0.1m are patched against these vulnerabilities. Apply the vendors patch, or update to these versions or later.

See Also

https://www.openssl.org/news/vulnerabilities.html

https://www.openssl.org/news/secadv_20150319.txt

https://krebsonsecurity.com/2015/03/openssl-patch-to-plug-severe-security-holes

Plugin Details

Severity: Medium

ID: 8662

Family: Web Servers

Published: 3/27/2015

Updated: 3/6/2019

Nessus ID: 82030, 82031, 82032

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 5.4

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:openssl:openssl

Patch Publication Date: 3/19/2015

Vulnerability Publication Date: 3/19/2015

Reference Information

CVE: CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0293

BID: 73225, 73227, 73231, 73232, 73237, 73239