OpenSSL 1.0.0 < 1.0.0f Multiple Vulnerabilities

high Nessus Plugin ID 57460

Synopsis

The remote service is affected by multiple vulnerabilities.

Description

The version of OpenSSL installed on the remote host is prior to 1.0.0f. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.0f advisory.

- The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client. (CVE-2012-0027)

- The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. (CVE-2011-4619)

- OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers. (CVE-2011-4577)

- The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer. (CVE-2011-4576)

- The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. (CVE-2011-4108)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to OpenSSL version 1.0.0f or later.

See Also

https://www.openssl.org/news/secadv/20120104.txt

https://www.cve.org/CVERecord?id=CVE-2011-4108

https://www.cve.org/CVERecord?id=CVE-2011-4576

https://www.cve.org/CVERecord?id=CVE-2011-4577

https://www.cve.org/CVERecord?id=CVE-2011-4619

https://www.cve.org/CVERecord?id=CVE-2012-0027

Plugin Details

Severity: High

ID: 57460

File Name: openssl_1_0_0f.nasl

Version: 1.16

Type: combined

Agent: windows, macosx, unix

Family: Web Servers

Published: 1/9/2012

Updated: 10/7/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2011-4576

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2012-0027

Vulnerability Information

CPE: cpe:/a:openssl:openssl

Required KB Items: installed_sw/OpenSSL

Exploit Ease: No known exploits are available

Patch Publication Date: 1/4/2012

Vulnerability Publication Date: 1/4/2012

Reference Information

CVE: CVE-2011-4108, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2012-0027

BID: 51281