FreeBSD : OpenSSL -- multiple vulnerabilities (78cc8a46-3e56-11e1-89b4-001ec9578670)

High Nessus Plugin ID 57551

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

The OpenSSL Team reports :

6 security flaws have been fixed in OpenSSL 1.0.0f :

If X509_V_FLAG_POLICY_CHECK is set in OpenSSL 0.9.8, then a policy check failure can lead to a double-free.

OpenSSL prior to 1.0.0f and 0.9.8s failed to clear the bytes used as block cipher padding in SSL 3.0 records. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could include sensitive contents of previously freed memory.

RFC 3779 data can be included in certificates, and if it is malformed, may trigger an assertion failure. This could be used in a denial-of-service attack.

Support for handshake restarts for server gated cryptograpy (SGC) can be used in a denial-of-service attack.

A malicious TLS client can send an invalid set of GOST parameters which will cause the server to crash due to lack of error checking.
This could be used in a denial-of-service attack.

Solution

Update the affected package.

See Also

https://www.openssl.org/news/secadv/20120104.txt

http://www.nessus.org/u?726bda3b

Plugin Details

Severity: High

ID: 57551

File Name: freebsd_pkg_78cc8a463e5611e189b4001ec9578670.nasl

Version: 1.12

Type: local

Published: 2012/01/16

Updated: 2018/12/19

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:openssl, cpe:/o:freebsd:freebsd

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2012/01/14

Vulnerability Publication Date: 2012/01/04

Reference Information

CVE: CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2012-0027

BID: 51281