CVE-2015-0293

MEDIUM

Description

The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message.

References

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10680

http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156823.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157177.html

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.html

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html

http://lists.opensuse.org/opensuse-updates/2015-03/msg00062.html

http://marc.info/?l=bugtraq&m=143213830203296&w=2

http://marc.info/?l=bugtraq&m=143748090628601&w=2

http://marc.info/?l=bugtraq&m=144050155601375&w=2

http://marc.info/?l=bugtraq&m=144050297101809&w=2

http://rhn.redhat.com/errata/RHSA-2015-0715.html

http://rhn.redhat.com/errata/RHSA-2015-0716.html

http://rhn.redhat.com/errata/RHSA-2015-0752.html

http://rhn.redhat.com/errata/RHSA-2015-0800.html

http://support.apple.com/kb/HT204942

http://www.mandriva.com/security/advisories?name=MDVSA-2015:062

http://www.mandriva.com/security/advisories?name=MDVSA-2015:063

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

http://www.securityfocus.com/bid/73232

http://www.securitytracker.com/id/1031929

http://www.ubuntu.com/usn/USN-2537-1

https://access.redhat.com/articles/1384453

https://bto.bluecoat.com/security-advisory/sa92

https://bugzilla.redhat.com/show_bug.cgi?id=1202404

https://git.openssl.org/?p=openssl.git;a=commit;h=86f8fb0e344d62454f8daf3e15236b2b59210756

https://kc.mcafee.com/corporate/index?page=content&id=SB10110

https://security.gentoo.org/glsa/201503-11

https://support.citrix.com/article/CTX216642

https://www.freebsd.org/security/advisories/FreeBSD-SA-15%3A06.openssl.asc

https://www.openssl.org/news/secadv_20150319.txt

Details

Source: MITRE

Published: 2015-03-19

Updated: 2018-01-18

Type: CWE-20

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions up to 0.9.8ze (inclusive)

cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0p:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0q:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*

Tenable Plugins

View all (73 total)

IDNameProductFamilySeverity
125001EulerOS Virtualization 3.0.1.0 : openssl (EulerOS-SA-2019-1548)NessusHuawei Local Security Checks
high
119963SUSE SLES12 Security Update : compat-openssl098 (SUSE-SU-2015:0553-1)NessusSuSE Local Security Checks
high
90526Cisco IOS XE Multiple OpenSSL Vulnerabilities (CSCut46130 / CSCut46126)NessusCISCO
high
90525Cisco IOS Multiple OpenSSL Vulnerabilities (CSCut46130)NessusCISCO
high
90364Amazon Linux AMI : openssl098e (ALAS-2016-682) (DROWN)NessusAmazon Linux Local Security Checks
medium
90251HP System Management Homepage < 7.2.6 Multiple Vulnerabilities (FREAK)NessusWeb Servers
high
89910openSUSE Security Update : openssl (openSUSE-2016-327) (DROWN)NessusSuSE Local Security Checks
critical
89825Scientific Linux Security Update : openssl098e on SL6.x, SL7.x i386/x86_64 (20160309) (DROWN)NessusScientific Linux Local Security Checks
medium
89773RHEL 6 / 7 : openssl098e (RHSA-2016:0372) (DROWN)NessusRed Hat Local Security Checks
medium
89770Oracle Linux 6 / 7 : openssl098e (ELSA-2016-0372) (DROWN)NessusOracle Linux Local Security Checks
medium
89762CentOS 6 / 7 : openssl098e (CESA-2016:0372) (DROWN)NessusCentOS Local Security Checks
medium
89731SUSE SLES10 Security Update : OpenSSL (SUSE-SU-2016:0678-1) (DROWN)NessusSuSE Local Security Checks
critical
89722SUSE SLED11 Security Update : compat-openssl097g (SUSE-SU-2016:0631-1) (DROWN)NessusSuSE Local Security Checks
critical
89658SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2016:0641-1) (DROWN)NessusSuSE Local Security Checks
critical
89655SUSE SLED11 / SLES11 Security Update : openssl (SUSE-SU-2016:0624-1) (DROWN)NessusSuSE Local Security Checks
critical
89651openSUSE Security Update : libopenssl0_9_8 (openSUSE-2016-294) (DROWN) (FREAK) (POODLE)NessusSuSE Local Security Checks
critical
89092openSUSE Security Update : openssl (openSUSE-2016-292) (DROWN)NessusSuSE Local Security Checks
critical
89091openSUSE Security Update : openssl (openSUSE-2016-289) (DROWN)NessusSuSE Local Security Checks
critical
89077SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2016:0620-1) (DROWN)NessusSuSE Local Security Checks
critical
89076SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2016:0617-1) (DROWN)NessusSuSE Local Security Checks
critical
89070RHEL 5 : openssl (RHSA-2016:0304) (DROWN)NessusRed Hat Local Security Checks
medium
89069RHEL 6 : openssl (RHSA-2016:0303) (DROWN)NessusRed Hat Local Security Checks
medium
87672Puppet Enterprise Multiple OpenSSL Vulnerabilities (FREAK)NessusCGI abuses
high
8801Mac OS X < 10.10.4 Multiple VulnerabilitiesNessus Network MonitorOperating System Detection
high
86271F5 Networks BIG-IP : OpenSSL vulnerability (K16321)NessusF5 Networks Local Security Checks
medium
84923HP System Management Homepage 7.3.x / 7.4.x < 7.5.0 Multiple Vulnerabilities (FREAK)NessusWeb Servers
high
84489Mac OS X Multiple Vulnerabilities (Security Update 2015-005) (GHOST) (Logjam)NessusMacOS X Local Security Checks
critical
84488Mac OS X 10.10.x < 10.10.4 Multiple Vulnerabilities (GHOST) (Logjam)NessusMacOS X Local Security Checks
critical
84400Blue Coat ProxySG 6.2.x < 6.2.16.4 / 6.5.x < 6.5.7.5 / 6.6.x < 6.6.2.1 Multiple OpenSSL VulnerabilitiesNessusFirewalls
high
83992Splunk Enterprise 5.0.x < 5.0.13 / 6.0.x < 6.0.9 / 6.1.x < 6.1.8 OpenSSL Vulnerabilities (FREAK)NessusCGI abuses
high
83703SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2015:0541-1)NessusSuSE Local Security Checks
medium
83527Apache Tomcat 8.0.x < 8.0.21 Multiple Vulnerabilities (FREAK)NessusWeb Servers
medium
83526Apache Tomcat 7.0.x < 7.0.60 Multiple Vulnerabilities (FREAK)NessusWeb Servers
medium
83490Apache Tomcat 6.0.x < 6.0.44 Multiple Vulnerabilities (FREAK)NessusWeb Servers
high
83238Fedora 21 : mingw-openssl-1.0.2a-1.fc21 (2015-6855)NessusFedora Local Security Checks
medium
83216Fedora 22 : mingw-openssl-1.0.2a-1.fc22 (2015-6951)NessusFedora Local Security Checks
medium
82922Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : openssl (SSA:2015-111-09)NessusSlackware Local Security Checks
medium
82900AIX OpenSSL Advisory : openssl_advisory13.ascNessusAIX Local Security Checks
high
82783CentOS 5 : openssl (CESA-2015:0800) (FREAK)NessusCentOS Local Security Checks
high
82760Scientific Linux Security Update : openssl on SL5.x i386/x86_64 (20150413) (FREAK)NessusScientific Linux Local Security Checks
high
82758RHEL 5 : openssl (RHSA-2015:0800) (FREAK)NessusRed Hat Local Security Checks
high
82757Oracle Linux 5 : openssl (ELSA-2015-0800) (FREAK)NessusOracle Linux Local Security Checks
high
82494RHEL 6 : Storage Server (RHSA-2015:0752)NessusRed Hat Local Security Checks
high
82316Mandriva Linux Security Advisory : openssl (MDVSA-2015:063)NessusMandriva Local Security Checks
medium
82315Mandriva Linux Security Advisory : openssl (MDVSA-2015:062)NessusMandriva Local Security Checks
high
8662OpenSSL 0.9.8 < 0.9.8zf / 1.0.0 < 1.0.0r / 1.0.1 < 1.0.1m Multiple VulnerabilitiesNessus Network MonitorWeb Servers
medium
8661OpenSSL 1.0.2 < 1.0.2a Multiple VulnerabilitiesNessus Network MonitorWeb Servers
medium
82266Scientific Linux Security Update : openssl on SL7.x x86_64 (20150324)NessusScientific Linux Local Security Checks
high
82265Scientific Linux Security Update : openssl on SL6.x i386/x86_64 (20150324)NessusScientific Linux Local Security Checks
high
82162Debian DLA-177-1 : openssl security updateNessusDebian Local Security Checks
high
82077stunnel < 5.12 OpenSSL Multiple VulnerabilitiesNessusWindows
medium
82066OracleVM 3.3 : openssl (OVMSA-2015-0039)NessusOracleVM Local Security Checks
high
82060Fedora 22 : openssl-1.0.1k-6.fc22 (2015-4320)NessusFedora Local Security Checks
high
82059Fedora 21 : openssl-1.0.1k-6.fc21 (2015-4303)NessusFedora Local Security Checks
high
82058Fedora 20 : openssl-1.0.1e-42.fc20 (2015-4300)NessusFedora Local Security Checks
high
82047Amazon Linux AMI : openssl (ALAS-2015-498)NessusAmazon Linux Local Security Checks
medium
82033OpenSSL 1.0.2 < 1.0.2a Multiple VulnerabilitiesNessusWeb Servers
medium
82032OpenSSL 1.0.1 < 1.0.1m Multiple VulnerabilitiesNessusWeb Servers
medium
82031OpenSSL 1.0.0 < 1.0.0r Multiple VulnerabilitiesNessusWeb Servers
medium
82030OpenSSL 0.9.8 < 0.9.8zf Multiple VulnerabilitiesNessusWeb Servers
medium
82018RHEL 7 : openssl (RHSA-2015:0716)NessusRed Hat Local Security Checks
high
82017RHEL 6 : openssl (RHSA-2015:0715)NessusRed Hat Local Security Checks
high
82016Oracle Linux 7 : openssl (ELSA-2015-0716)NessusOracle Linux Local Security Checks
high
82015Oracle Linux 6 : openssl (ELSA-2015-0715)NessusOracle Linux Local Security Checks
high
82010GLSA-201503-11 : OpenSSL: Multiple vulnerabilities (FREAK)NessusGentoo Local Security Checks
high
81998CentOS 7 : openssl (CESA-2015:0716)NessusCentOS Local Security Checks
high
81997CentOS 6 : openssl (CESA-2015:0715)NessusCentOS Local Security Checks
high
81996SuSE 11.3 Security Update : OpenSSL (SAT Patch Number 10481)NessusSuSE Local Security Checks
high
81995openSUSE Security Update : openssl (openSUSE-2015-247)NessusSuSE Local Security Checks
medium
81971Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : openssl vulnerabilities (USN-2537-1)NessusUbuntu Local Security Checks
high
81970SuSE 11.3 Security Update : OpenSSL (SAT Patch Number 10470)NessusSuSE Local Security Checks
high
81962FreeBSD : OpenSSL -- multiple vulnerabilities (9d15355b-ce7c-11e4-9db0-d050992ecde8) (FREAK)NessusFreeBSD Local Security Checks
high
801937OpenSSL < 0.9.8zf / 1.0.0r / 1.0.1m / 1.0.2a Multiple VulnerabilitiesLog Correlation EngineWeb Servers
medium