OpenSSL < 1.0.2a Multiple Vulnerabilities

Medium Log Correlation Engine Plugin ID 801935


The remote web server is affected by multiple vulnerabilities.


Versions of OpenSSL 1.0.2 are potentially affected by the following vulnerabilities :

- A flaw exists in the DTLSv1_listen() function due to due to state being preserved in the SSL object from one invocation to the next. A remote attacker can exploit this, via crafted DTLS traffic, to cause a segmentation fault, resulting in a denial of service. (CVE-2015-0207)

- TA flaw exists in the rsa_item_verify() function due to improper implementation of ASN.1 signature verification. A remote attacker can exploit this, via an ASN.1 signature using the RSA PSS algorithm and invalid parameters, to cause a NULL pointer dereference, resulting in a denial of service. (CVE-2015-0208)

- A flaw exists in the ssl3_client_hello() function due to improper validation of a PRNG seed before proceeding with a handshake, resulting in insufficient entropy and predictable output. This allows a man-in-the-middle attacker to defeat cryptographic protection mechanisms via a brute-force attack, resulting in the disclosure of sensitive information. (CVE-2015-0285)

- A flaw exists with the 'multiblock' feature in the ssl3_write_bytes() function due to improper handling of certain non-blocking I/O cases. This allows a remote attacker to cause failed connections or a segmentation fault, resulting in a denial of service. (CVE-2015-0290)

- A NULL pointer dereference flaw exists when handling clients attempting to renegotiate using an invalid signature algorithm extension. A remote attacker can exploit this to cause a denial of service. (CVE-2015-0291)

- A flaw exists in the ssl3_get_client_key_exchange() function when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled. This allows a remote attacker, via a ClientKeyExchange message with a length of zero, to cause a denial of service. (CVE-2015-1787)


Upgrade to OpenSSL 1.0.2a or later.

See Also

Plugin Details

Severity: Medium

ID: 801935

File Name: 801935.prm

Family: Web Servers

Published: 2015/03/19

Nessus ID: 82033

Risk Information

Risk Factor: Medium


Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

Patch Publication Date: 2015/03/19

Vulnerability Publication Date: 2015/03/19

Reference Information

CVE: CVE-2015-0207, CVE-2015-0208, CVE-2015-0285, CVE-2015-0291, CVE-2015-0290, CVE-2015-1787

BID: 73229, 73230, 73234, 73226, 73235, 73238