OpenSSL 1.1.0 < 1.1.0d Multiple Vulnerabilities

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

A service running on the remote host is affected by multiple
vulnerabilities.

Description :

According to its banner, the version of OpenSSL running on the remote
host is 1.1.0 prior to 1.1.0d. It is, therefore, affected by multiple
vulnerabilities :

- A NULL pointer dereference flaw exists within file
ssl/statem/statem_clnt.c when handling parameters for
the DHE or ECDHE key exchanges. An unauthenticated,
remote attacker can exploit this, via specially crafted
parameters, to cause a denial of service condition.
(CVE-2017-3730)

- An out-of-bounds read error exists when handling packets
using the CHACHA20/POLY1305 or RC4-MD5 ciphers. An
unauthenticated, remote attacker can exploit this, via
specially crafted truncated packets, to cause a denial
of service condition. (CVE-2017-3731)

- A carry propagating error exists in the x86_64
Montgomery squaring implementation that may cause the
BN_mod_exp() function to produce incorrect results. An
unauthenticated, remote attacker with sufficient
resources can exploit this to obtain sensitive
information regarding private keys. Note that this issue
is very similar to CVE-2015-3193. Moreover, the attacker
would additionally need online access to an unpatched
system using the target private key in a scenario with
persistent DH parameters and a private key that is
shared between multiple clients. For example, this can
occur by default in OpenSSL DHE based SSL/TLS cipher
suites. (CVE-2017-3732)

See also :

https://www.openssl.org/news/secadv/20170126.txt

Solution :

Upgrade to OpenSSL version 1.1.0d or later.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.4
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 96874 ()

Bugtraq ID: 95812
95813
95814

CVE ID: CVE-2017-3730
CVE-2017-3731
CVE-2017-3732

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now