FreeBSD : FreeBSD -- OpenSSL multiple vulnerabilities (2ae114de-c064-11e1-b5e0-000c299b62e1)

High Nessus Plugin ID 59747


The remote FreeBSD host is missing one or more security-related updates.


Problem description :

OpenSSL fails to clear the bytes used as block cipher padding in SSL 3.0 records when operating as a client or a server that accept SSL 3.0 handshakes. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could include sensitive contents of previously freed memory.

OpenSSL support for handshake restarts for server gated cryptography (SGC) can be used in a denial-of-service attack. [CVE-2011-4619]

If an application uses OpenSSL's certificate policy checking when verifying X509 certificates, by enabling the X509_V_FLAG_POLICY_CHECK flag, a policy check failure can lead to a double-free.

A weakness in the OpenSSL PKCS #7 code can be exploited using Bleichenbacher's attack on PKCS #1 v1.5 RSA padding also known as the million message attack (MMA). [CVE-2012-0884]

The asn1_d2i_read_bio() function, used by the d2i_*_bio and d2i_*_fp functions, in OpenSSL contains multiple integer errors that can cause memory corruption when parsing encoded ASN.1 data. This error can occur on systems that parse untrusted ASN.1 data, such as X.509 certificates or RSA public keys. [CVE-2012-2110]


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 59747

File Name: freebsd_pkg_2ae114dec06411e1b5e0000c299b62e1.nasl

Version: $Revision: 1.12 $

Type: local

Published: 2012/06/28

Modified: 2016/05/09

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:FreeBSD, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info, Settings/ParanoidReport

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2012/06/27

Vulnerability Publication Date: 2012/05/03

Reference Information

CVE: CVE-2011-4109, CVE-2011-4576, CVE-2011-4619, CVE-2012-0884, CVE-2012-2110

BID: 51281, 52428, 53158

OSVDB: 78187, 78188, 78190, 80039, 81223

FreeBSD: SA-12:01.openssl