VMware OVF Tool 3.x < 3.5.2 Multiple OpenSSL Vulnerabilities (VMSA-2014-0006) (Mac OS X)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote Mac OS X host has an application installed that is affected
by multiple vulnerabilities.

Description :

The version of VMware OVF (Open Virtualization Format) Tool installed
on the remote Mac OS X host is version 3.x prior to 3.5.2. It is,
therefore, affected by multiple vulnerabilities in the bundled version
of OpenSSL :

- An error exists in the 'ssl3_read_bytes' function
that permits data to be injected into other sessions
or allows denial of service attacks. Note that this
issue is exploitable only if SSL_MODE_RELEASE_BUFFERS
is enabled. (CVE-2010-5298)

- An error exists in the 'do_ssl3_write' function that
permits a NULL pointer to be dereferenced, which could
allow denial of service attacks. Note that this issue
is exploitable only if SSL_MODE_RELEASE_BUFFERS is
enabled. (CVE-2014-0198)

- An error exists in the processing of ChangeCipherSpec
messages that allows the usage of weak keying material.
This permits simplified man-in-the-middle attacks to be
done. (CVE-2014-0224)

- An error exists in the 'dtls1_get_message_fragment'
function related to anonymous ECDH cipher suites. This
could allow denial of service attacks. Note that this
issue only affects OpenSSL TLS clients. (CVE-2014-3470)

See also :

http://www.vmware.com/security/advisories/VMSA-2014-0006.html
http://www.openssl.org/news/secadv_20140605.txt

Solution :

Upgrade to VMware OVF Tool 3.5.2 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: MacOS X Local Security Checks

Nessus Plugin ID: 77331 ()

Bugtraq ID: 66801
67193
67898
67899

CVE ID: CVE-2010-5298
CVE-2014-0198
CVE-2014-0224
CVE-2014-3470