OpenSSL 1.0.0 < 1.0.0r Multiple Vulnerabilities

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote service is affected by multiple vulnerabilities.

Description :

According to its banner, the remote web server uses a version of
OpenSSL 1.0.0 prior to 1.0.0r. The OpenSSL library is, therefore,
affected by the following vulnerabilities :

- A use-after-free condition exists in the
d2i_ECPrivateKey() function due to improper processing
of malformed EC private key files during import. A
remote attacker can exploit this to dereference or free
already freed memory, resulting in a denial of service
or other unspecified impact. (CVE-2015-0209)

- An invalid read flaw exists in the ASN1_TYPE_cmp()
function due to improperly performed boolean-type
comparisons. A remote attacker can exploit this, via a
crafted X.509 certificate to an endpoint that uses the
certificate-verification feature, to cause an invalid
read operation, resulting in a denial of service.
(CVE-2015-0286)

- A flaw exists in the ASN1_item_ex_d2i() function due to
a failure to reinitialize 'CHOICE' and 'ADB' data
structures when reusing a structure in ASN.1 parsing.
This allows a remote attacker to cause an invalid write
operation and memory corruption, resulting in a denial
of service. (CVE-2015-0287)

- A NULL pointer dereference flaw exists in the
X509_to_X509_REQ() function due to improper processing
of certificate keys. This allows a remote attacker, via
a crafted X.509 certificate, to cause a denial of
service. (CVE-2015-0288)

- A NULL pointer dereference flaw exists in the PKCS#7
parsing code due to incorrect handling of missing outer
ContentInfo. This allows a remote attacker, using an
application that processes arbitrary PKCS#7 data and
providing malformed data with ASN.1 encoding, to cause
a denial of service. (CVE-2015-0289)

- A flaw exists in servers that both support SSLv2 and
enable export cipher suites due to improper
implementation of SSLv2. A remote attacker can exploit
this, via a crafted CLIENT-MASTER-KEY message, to cause
a denial of service. (CVE-2015-0293)

- A key disclosure vulnerability exists in the SSLv2
implementation in the get_client_master_key() function
due to the acceptance of a nonzero CLIENT-MASTER-KEY
CLEAR-KEY-LENGTH value for an arbitrary cipher. A
man-in-the-middle attacker can exploit this to determine
the MASTER-KEY value and decrypt TLS ciphertext data by
leveraging a Bleichenbacher RSA padding oracle.
(CVE-2016-0703)

- An information disclosure vulnerability exists in the
SSLv2 implementation in the get_client_master_key()
function due to incorrectly overwriting MASTER-KEY bytes
during use of export cipher suites. A remote attacker
can exploit this to create a Bleichenbacher oracle.
(CVE-2016-0704)

See also :

https://www.openssl.org/news/secadv/20150319.txt
https://www.openssl.org/news/secadv/20160301.txt

Solution :

Upgrade to OpenSSL 1.0.0r or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.0
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now