Detections
Analytics

OpenSSL 1.0.1 < 1.0.1n Multiple Vulnerabilities (Logjam)

medium Nessus Plugin ID 84153

Language:

Synopsis

The remote service is affected by multiple vulnerabilities.

Description

According to its banner, the remote web server uses a version of OpenSSL 1.0.1 prior to 1.0.1n. The OpenSSL library is, therefore, affected by the following vulnerabilities :

 - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788)

 - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected.
 TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. (CVE-2015-1789)

 - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner 'EncryptedContent'. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790)

 - A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. (CVE-2015-1791)

 - A denial of service vulnerability exists in the CMS code due to an infinite loop that occurs when verifying a signedData message. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1792)

 - A man-in-the-middle vulnerability exists, known as Logjam, due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000)

Solution

Upgrade to OpenSSL 1.0.1n or later.

See Also

https://www.openssl.org/news/secadv/20150611.txt

https://weakdh.org/

Plugin Details

Severity: Medium

ID: 84153

File Name: openssl_1_0_1n.nasl

Version: 1.10

Type: combined

Agent: windows, macosx, unix

Family: Web Servers

Published: 6/12/2015

Updated: 8/21/2023

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2015-1791

Vulnerability Information

CPE: cpe:/a:openssl:openssl

Required KB Items: installed_sw/OpenSSL

Exploit Ease: No known exploits are available

Patch Publication Date: 6/11/2015

Vulnerability Publication Date: 5/20/2015

Reference Information

CVE: CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-4000

BID: 74733, 75154, 75156, 75157, 75158, 75161