Detections
Analytics

OpenSSL 1.1.0 < 1.1.0a Multiple Vulnerabilities

high Nessus Plugin ID 93816

Language:

Synopsis

The remote service is affected by multiple vulnerabilities.

Description

According to its banner, the remote host is running a version of OpenSSL 1.1.0 prior to 1.1.0a. It is, therefore, affected by the following vulnerabilities :

 - A flaw exists in the ssl_parse_clienthello_tlsext() function in t1_lib.c due to improper handling of overly large OCSP Status Request extensions from clients. An unauthenticated, remote attacker can exploit this, via large OCSP Status Request extensions, to exhaust memory resources, resulting in a denial of service condition.
 (CVE-2016-6304)

 - A flaw exists in the SSL_peek() function in rec_layer_s3.c due to improper handling of empty records. An unauthenticated, remote attacker can exploit this, by triggering a zero-length record in an SSL_peek call, to cause an infinite loop, resulting in a denial of service condition. (CVE-2016-6305)

 - A denial of service vulnerability exists in the state-machine implementation due to a failure to check for an excessive length before allocating memory. An unauthenticated, remote attacker can exploit this, via a crafted TLS message, to exhaust memory resources.
 (CVE-2016-6307)

 - A denial of service vulnerability exists in the DTLS implementation due to improper handling of excessively long DTLS messages. An unauthenticated, remote attacker can exploit this, via a crafted DTLS message, to exhaust available memory resources. (CVE-2016-6308)

 - A flaw exists in the GOST ciphersuites due to the use of long-term keys to establish an encrypted connection. A man-in-the-middle attacker can exploit this, via a Key Compromise Impersonation (KCI) attack, to impersonate the server.

Solution

Upgrade to OpenSSL version 1.1.0a or later.

Note that the GOST ciphersuites vulnerability is not yet fixed by the vendor in an official release; however, a patch for the issue has been committed to the OpenSSL github repository.

See Also

https://www.openssl.org/news/secadv/20160922.txt

http://www.nessus.org/u?09b29b30

Plugin Details

Severity: High

ID: 93816

File Name: openssl_1_1_0a.nasl

Version: 1.9

Type: combined

Agent: windows, macosx, unix

Family: Web Servers

Published: 9/30/2016

Updated: 8/8/2023

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2016-6304

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:openssl:openssl

Required KB Items: installed_sw/OpenSSL

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/22/2016

Vulnerability Publication Date: 8/10/2015

Reference Information

CVE: CVE-2016-6304, CVE-2016-6305, CVE-2016-6307, CVE-2016-6308

BID: 93149, 93150, 93151, 93152