OpenSSL < 1.0.2a Multiple Vulnerabilities

Medium Log Correlation Engine Plugin ID 801935

Synopsis

The remote web server is affected by multiple vulnerabilities.

Description

Versions of OpenSSL 1.0.2 are potentially affected by the following vulnerabilities :

- A flaw exists in the DTLSv1_listen() function due to due to state being preserved in the SSL object from one invocation to the next. A remote attacker can exploit this, via crafted DTLS traffic, to cause a segmentation fault, resulting in a denial of service. (CVE-2015-0207)

- TA flaw exists in the rsa_item_verify() function due to improper implementation of ASN.1 signature verification. A remote attacker can exploit this, via an ASN.1 signature using the RSA PSS algorithm and invalid parameters, to cause a NULL pointer dereference, resulting in a denial of service. (CVE-2015-0208)

- A flaw exists in the ssl3_client_hello() function due to improper validation of a PRNG seed before proceeding with a handshake, resulting in insufficient entropy and predictable output. This allows a man-in-the-middle attacker to defeat cryptographic protection mechanisms via a brute-force attack, resulting in the disclosure of sensitive information. (CVE-2015-0285)

- A flaw exists with the 'multiblock' feature in the ssl3_write_bytes() function due to improper handling of certain non-blocking I/O cases. This allows a remote attacker to cause failed connections or a segmentation fault, resulting in a denial of service. (CVE-2015-0290)

- A NULL pointer dereference flaw exists when handling clients attempting to renegotiate using an invalid signature algorithm extension. A remote attacker can exploit this to cause a denial of service. (CVE-2015-0291)

- A flaw exists in the ssl3_get_client_key_exchange() function when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled. This allows a remote attacker, via a ClientKeyExchange message with a length of zero, to cause a denial of service. (CVE-2015-1787)

Solution

Upgrade to OpenSSL 1.0.2a or later.

See Also

http://openssl.org/news/secadv_20150319.txt

Plugin Details

Severity: Medium

ID: 801935

File Name: 801935.prm

Family: Web Servers

Published: 2015/03/19

Nessus ID: 82033

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

Patch Publication Date: 2015/03/19

Vulnerability Publication Date: 2015/03/19

Reference Information

CVE: CVE-2015-0207, CVE-2015-0208, CVE-2015-0285, CVE-2015-0291, CVE-2015-0290, CVE-2015-1787

BID: 73229, 73230, 73234, 73226, 73235, 73238