OracleVM 3.3 : openssl (OVMSA-2015-0070)

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

The remote OracleVM host is missing a security update.

Description :

The remote OracleVM system is missing necessary patches to address
critical security updates :

- improved fix for (CVE-2015-1791)

- add missing parts of CVE-2015-0209 fix for corectness
although unexploitable

- fix CVE-2014-8176 - invalid free in DTLS buffering code

- fix CVE-2015-1789 - out-of-bounds read in X509_cmp_time

- fix CVE-2015-1790 - PKCS7 crash with missing
EncryptedContent

- fix CVE-2015-1791 - race condition handling
NewSessionTicket

- fix CVE-2015-1792 - CMS verify infinite loop with
unknown hash function

- fix CVE-2015-3216 - regression in RAND locking that can
cause segfaults on read in multithreaded applications

See also :

https://oss.oracle.com/pipermail/oraclevm-errata/2015-June/000318.html

Solution :

Update the affected openssl package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: OracleVM Local Security Checks

Nessus Plugin ID: 84203 ()

Bugtraq ID: 73196
73239
75154
75156
75157
75159
75161
75219

CVE ID: CVE-2014-8176
CVE-2015-0209
CVE-2015-1789
CVE-2015-1790
CVE-2015-1791
CVE-2015-1792
CVE-2015-3216

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now