Oracle Solaris Third-Party Patch Update : openssl (cve_2012_0050_denial_of)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote Solaris system is missing a security patch for third-party
software.

Description :

The remote Solaris system is missing necessary patches to address
security updates :

- The DTLS implementation in OpenSSL before 0.9.8s and 1.x
before 1.0.0f performs a MAC check only if certain
padding is valid, which makes it easier for remote
attackers to recover plaintext via a padding oracle
attack. (CVE-2011-4108)

- Double free vulnerability in OpenSSL 0.9.8 before
0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows
remote attackers to have an unspecified impact by
triggering failure of a policy check. (CVE-2011-4109)

- The SSL 3.0 implementation in OpenSSL before 0.9.8s and
1.x before 1.0.0f does not properly initialize data
structures for block cipher padding, which might allow
remote attackers to obtain sensitive information by
decrypting the padding data sent by an SSL peer.
(CVE-2011-4576)

- OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC
3779 support is enabled, allows remote attackers to
cause a denial of service (assertion failure) via an
X.509 certificate containing certificate-extension data
associated with (1) IP address blocks or (2) Autonomous
System (AS) identifiers. (CVE-2011-4577)

- The Server Gated Cryptography (SGC) implementation in
OpenSSL before 0.9.8s and 1.x before 1.0.0f does not
properly handle handshake restarts, which allows remote
attackers to cause a denial of service (CPU consumption)
via unspecified vectors. (CVE-2011-4619)

- The GOST ENGINE in OpenSSL before 1.0.0f does not
properly handle invalid parameters for the GOST block
cipher, which allows remote attackers to cause a denial
of service (daemon crash) via crafted data from a TLS
client. (CVE-2012-0027)

- OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS
applications, which allows remote attackers to cause a
denial of service (crash) via unspecified vectors
related to an out-of-bounds read. NOTE: this
vulnerability exists because of an incorrect fix for
CVE-2011-4108. (CVE-2012-0050)

See also :

http://www.nessus.org/u?b5f8def1
https://blogs.oracle.com/sunsecurity/entry/cve_2012_0050_denial_of
http://www.nessus.org/u?2ecae356

Solution :

Upgrade to Solaris 11/11 SRU 4a.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Family: Solaris Local Security Checks

Nessus Plugin ID: 80715 ()

Bugtraq ID:

CVE ID: CVE-2011-4108
CVE-2011-4109
CVE-2011-4576
CVE-2011-4577
CVE-2011-4619
CVE-2012-0027
CVE-2012-0050

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now