OpenSSL 1.0.2 < 1.0.2a Multiple Vulnerabilities

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote service is affected by multiple vulnerabilities.

Description :

According to its banner, the remote web server uses a version of
OpenSSL 1.0.2 prior to 1.0.2a. The OpenSSL library is, therefore,
affected by the following vulnerabilities :

- A flaw exists in the DTLSv1_listen() function due to
state being preserved in the SSL object from one
invocation to the next. A remote attacker can exploit
this, via crafted DTLS traffic, to cause a segmentation
fault, resulting in a denial of service.
(CVE-2015-0207)

- A flaw exists in the rsa_item_verify() function due to
improper implementation of ASN.1 signature verification.
A remote attacker can exploit this, via an ASN.1
signature using the RSA PSS algorithm and invalid
parameters, to cause a NULL pointer dereference,
resulting in a denial of service. (CVE-2015-0208)

- A use-after-free condition exists in the
d2i_ECPrivateKey() function due to improper processing
of malformed EC private key files during import. A
remote attacker can exploit this to dereference or free
already freed memory, resulting in a denial of service
or other unspecified impact. (CVE-2015-0209)

- A flaw exists in the ssl3_client_hello() function due to
improper validation of a PRNG seed before proceeding
with a handshake, resulting in insufficient entropy and
predictable output. This allows a man-in-the-middle
attacker to defeat cryptographic protection mechanisms
via a brute-force attack, resulting in the disclosure of
sensitive information. (CVE-2015-0285)

- An invalid read flaw exists in the ASN1_TYPE_cmp()
function due to improperly performed boolean-type
comparisons. A remote attacker can exploit this, via a
crafted X.509 certificate to an endpoint that uses the
certificate-verification feature, to cause an invalid
read operation, resulting in a denial of service.
(CVE-2015-0286)

- A flaw exists in the ASN1_item_ex_d2i() function due to
a failure to reinitialize 'CHOICE' and 'ADB' data
structures when reusing a structure in ASN.1 parsing.
This allows a remote attacker to cause an invalid write
operation and memory corruption, resulting in a denial
of service. (CVE-2015-0287)

- A NULL pointer dereference flaw exists in the
X509_to_X509_REQ() function due to improper processing
of certificate keys. This allows a remote attacker, via
a crafted X.509 certificate, to cause a denial of
service. (CVE-2015-0288)

- A NULL pointer dereference flaw exists in the PKCS#7
parsing code due to incorrect handling of missing outer
ContentInfo. This allows a remote attacker, using an
application that processes arbitrary PKCS#7 data and
providing malformed data with ASN.1 encoding, to cause
a denial of service. (CVE-2015-0289)

- A flaw exists with the 'multiblock' feature in the
ssl3_write_bytes() function due to improper handling of
certain non-blocking I/O cases. This allows a remote
attacker to cause failed connections or a segmentation
fault, resulting in a denial of service. (CVE-2015-0290)

- A NULL pointer dereference flaw exists when handling
clients attempting to renegotiate using an invalid
signature algorithm extension. A remote attacker can
exploit this to cause a denial of service.
(CVE-2015-0291)

- A flaw exists in servers that both support SSLv2 and
enable export cipher suites due to improper
implementation of SSLv2. A remote attacker can exploit
this, via a crafted CLIENT-MASTER-KEY message, to cause
a denial of service. (CVE-2015-0293)

- A flaw exists in the ssl3_get_client_key_exchange()
function when client authentication and an ephemeral
Diffie-Hellman ciphersuite are enabled. This allows a
remote attacker, via a ClientKeyExchange message with a
length of zero, to cause a denial of service.
(CVE-2015-1787)

- A key disclosure vulnerability exists in the SSLv2
implementation in the get_client_master_key() function
due to the acceptance of a nonzero CLIENT-MASTER-KEY
CLEAR-KEY-LENGTH value for an arbitrary cipher. A
man-in-the-middle attacker can exploit this to determine
the MASTER-KEY value and decrypt TLS ciphertext data by
leveraging a Bleichenbacher RSA padding oracle.
(CVE-2016-0703)

- An information disclosure vulnerability exists in the
SSLv2 implementation in the get_client_master_key()
function due to incorrectly overwriting MASTER-KEY bytes
during use of export cipher suites. A remote attacker
can exploit this to create a Bleichenbacher oracle.
(CVE-2016-0704)

See also :

https://www.openssl.org/news/secadv/20150319.txt
https://www.openssl.org/news/secadv/20160301.txt

Solution :

Upgrade to OpenSSL 1.0.2a or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.0
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now