OpenSSL 1.1.0 < 1.1.0c Multiple Vulnerabilities

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

A service running on the remote host is affected by multiple
vulnerabilities.

Description :

According to its banner, the version of OpenSSL running on the remote
host is 1.1.0 prior to 1.1.0c. It is, therefore, affected by multiple
vulnerabilities :

- A NULL pointer deference flaw exists, specifically in
the asn1_item_embed_d2i() function within file
crypto/asn1/tasn_dec.c, when handling the ASN.1 CHOICE
type, which results in a NULL value being passed to the
structure callback if an attempt is made to free certain
invalid encodings. An unauthenticated, remote attacker
can exploit this to cause a denial of service condition.
(CVE-2016-7053)

- A heap overflow condition exists in the
chacha20_poly1305_cipher() function within file
crypto/evp/e_chacha20_poly1305.c when handling TLS
connections using *-CHACHA20-POLY1305 cipher suites. An
unauthenticated, remote attacker can exploit this to
cause a denial of service condition. (CVE-2016-7054)

- A carry propagation error exists in the
Broadwell-specific Montgomery multiplication procedure
when handling input lengths divisible by but longer than
256 bits. This can result in transient authentication
and key negotiation failures or reproducible erroneous
outcomes of public-key operations with specially crafted
input. An unauthenticated, remote attacker can possibly
exploit this issue to compromise ECDH key negotiations
that utilize Brainpool P-512 curves. (CVE-2016-7055)

See also :

https://www.openssl.org/news/secadv/20161110.txt

Solution :

Upgrade to OpenSSL version 1.1.0c or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.9
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 94963 ()

Bugtraq ID: 94238
94242
94244

CVE ID: CVE-2016-7053
CVE-2016-7054
CVE-2016-7055

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now