Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

New Scan Policies, Plugins and Dashboard for CVE-2016-0800: DROWN

No matter which product you have, Nessus®, SecurityCenter™, SecurityCenter CV™, or Passive Vulnerability Scanner™, Tenable can determine if you are at risk of “drowning.”

The DROWN CVE-2016-0800 vulnerability is a cross protocol vulnerability that enables an attacker to decrypt TLS connections between up-to-date clients and servers by sending packets to any server that supports SSLv2 using the same private key.

The DROWN vulnerability’s impact is made worse by two additional OpenSSL implementation vulnerabilities:

  • CVE-2015-3197, which allows a DROWN attacker to connect to the server with disabled SSLv2 ciphersuites, provided that support for SSLv2 itself is enabled
  • CVE-2016-0703, which greatly reduces the time of carrying out the DROWN attack

According to drownattack.com, at the time of vulnerability publication on March 1, 33% of all HTTPs sites were affected by this vulnerability. More information on DROWN severity is available in the OpenSSL advisory issued on March 1.

The Tenable Response

Nessus

Impacted operating system vendors are making updates available, and Tenable has released a new Nessus scan policy template specifically for DROWN.

DROWN scan policy template

We have also issued a series of local and remote Nessus® plugins to detect the presence of affected versions of OpenSSL:

ID Title Family

89058

SSL DROWN Attack Vulnerability (Decrypting RSA with Obsolete and Weakened eNcryption)

Misc.

89059

CentOS 6 / 7 : openssl (CESA-2016:0301) (DROWN)

CentOS Local Security Checks

89060

CentOS 5 : openssl (CESA-2016:0302) (DROWN)

CentOS Local Security Checks

89064

Oracle Linux 6 / 7 : openssl (ELSA-2016-0301) (DROWN)

Oracle Linux Local Security Checks

89065

Oracle Linux 5 : openssl (ELSA-2016-0302) (DROWN)

Oracle Linux Local Security Checks

89067

RHEL 6 / 7 : openssl (RHSA-2016:0301) (DROWN)

Red Hat Local Security Checks

89068

RHEL 5 : openssl (RHSA-2016:0302) (DROWN)

Red Hat Local Security Checks

89069

RHEL 6 : openssl (RHSA-2016:0303) (DROWN)

Red Hat Local Security Checks

89070

RHEL 5 : openssl (RHSA-2016:0304) (DROWN)

Red Hat Local Security Checks

89071

RHEL 6 / 7 : openssl (RHSA-2016:0305) (DROWN)

Red Hat Local Security Checks

89074

Scientific Linux Security Update : openssl on SL5.x i386/x86_64 (DROWN)

Scientific Linux Local Security Checks

89075

Scientific Linux Security Update : openssl on SL6.x, SL7.x i386/x86_64 (DROWN)

Scientific Linux Local Security Checks

89076

SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2016:0617-1) (DROWN)

SuSE Local Security Checks

89077

SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2016:0620-1) (DROWN)

SuSE Local Security Checks

89081

OpenSSL 1.0.1 < 1.0.1s Multiple Vulnerabilities (DROWN)

Web Servers

89082

OpenSSL 1.0.2 < 1.0.2g Multiple Vulnerabilities (DROWN)

Web Servers

89090

openSUSE Security Update : openssl (openSUSE-2016-288) (DROWN)

SuSE Local Security Checks

89091

openSUSE Security Update : openssl (openSUSE-2016-289) (DROWN)

SuSE Local Security Checks

89092

openSUSE Security Update : openssl (openSUSE-2016-292) (DROWN)

SuSE Local Security Checks

SecurityCenter

We have released a customized SecurityCenter™ dashboard to monitor, track and remediate critical assets affected by CVE-2016-0800. This dashboard is automatically available via the feed to provide insight on the impact to your environment and the progress of your efforts to remediate this vulnerability.

DROWN Dashboard

Passive Vulnerability Scanner

Note: Passive Vulnerability Scanner (PVS) is now Nessus Network Monitor. To learn more about this application and its latest capabilities, visit the Nessus Network Monitor web page.

The following plugins address DROWN:

Title ID

SSLv2 Cross-Protocol Session Decryption Vulnerability (DROWN)

9127

OpenSSL 1.0.1 &lt; 1.0.1s / 1.0.2 &lt; 1.0.2g Multiple Vulnerabilities (DROWN)

9128