EulerOS 2.0 SP1 : openssl (EulerOS-SA-2016-1047)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote EulerOS host is missing multiple security updates.

Description :

According to the versions of the openssl packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :

- OpenSSL through 1.0.2h incorrectly uses pointer
arithmetic for heap-buffer boundary checks, which might
allow remote attackers to cause a denial of service
(integer overflow and application crash) or possibly
have unspecified other impact by leveraging unexpected
malloc behavior, related to s3_srvr.c, ssl_sess.c, and
t1_lib.c.(CVE-2016-2177)

- The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in
OpenSSL through 1.0.2h does not properly ensure the use
of constant-time operations, which makes it easier for
local users to discover a DSA private key via a timing
side-channel attack.(CVE-2016-2178)

- The DTLS implementation in OpenSSL before 1.1.0 does
not properly restrict the lifetime of queue entries
associated with unused out-of-order messages, which
allows remote attackers to cause a denial of service
(memory consumption) by maintaining many crafted DTLS
sessions simultaneously, related to d1_lib.c,
statem_dtls.c, statem_lib.c, and
statem_srvr.c.(CVE-2016-2179)

- The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in
the X.509 Public Key Infrastructure Time-Stamp Protocol
(TSP) implementation in OpenSSL through 1.0.2h allows
remote attackers to cause a denial of service
(out-of-bounds read and application crash) via a
crafted time-stamp file that is mishandled by the
'openssl ts' command.(CVE-2016-2180)

- The Anti-Replay feature in the DTLS implementation in
OpenSSL before 1.1.0 mishandles early use of a new
epoch number in conjunction with a large sequence
number, which allows remote attackers to cause a denial
of service (false-positive packet drops) via spoofed
DTLS records, related to rec_layer_d1.c and
ssl3_record.c.(CVE-2016-2181)

- The BN_bn2dec function in crypto/bn/bn_print.c in
OpenSSL before 1.1.0 does not properly validate
division results, which allows remote attackers to
cause a denial of service (out-of-bounds write and
application crash) or possibly have unspecified other
impact via unknown vectors.(CVE-2016-2182)

- The tls_decrypt_ticket function in ssl/t1_lib.c in
OpenSSL before 1.1.0 does not consider the HMAC size
during validation of the ticket length, which allows
remote attackers to cause a denial of service via a
ticket that is too short.(CVE-2016-6302)

- Multiple memory leaks in t1_lib.c in OpenSSL before
1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a
allow remote attackers to cause a denial of service
(memory consumption) via large OCSP Status Request
extensions.(CVE-2016-6304)

- The certificate parser in OpenSSL before 1.0.1u and
1.0.2 before 1.0.2i might allow remote attackers to
cause a denial of service (out-of-bounds read) via
crafted certificate operations, related to s3_clnt.c
and s3_srvr.c.(CVE-2016-6306)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.nessus.org/u?0cfeab5a

Solution :

Update the affected openssl packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.4
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Huawei Local Security Checks

Nessus Plugin ID: 99810 ()

Bugtraq ID:

CVE ID: CVE-2016-2177
CVE-2016-2178
CVE-2016-2179
CVE-2016-2180
CVE-2016-2181
CVE-2016-2182
CVE-2016-6302
CVE-2016-6304
CVE-2016-6306

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now