The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2308-1 advisory.

    Adam Langley and Wan-Teh Chang discovered that OpenSSL incorrectly handled certain DTLS packets. A remote     attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2014-3505)

    Adam Langley discovered that OpenSSL incorrectly handled memory when processing DTLS handshake messages. A     remote attacker could use this issue to cause OpenSSL to consume memory, resulting in a denial of service.
    (CVE-2014-3506)

    Adam Langley discovered that OpenSSL incorrectly handled memory when processing DTLS fragments. A remote     attacker could use this issue to cause OpenSSL to leak memory, resulting in a denial of service. This     issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3507)

    Ivan Fratric discovered that OpenSSL incorrectly leaked information in the pretty printing functions. When     OpenSSL is used with certain applications, an attacker may use this issue to possibly gain access to     sensitive information. (CVE-2014-3508)

    Gabor Tyukasz discovered that OpenSSL contained a race condition when processing serverhello messages. A     malicious server could use this issue to cause clients to crash, resulting in a denial of service. This     issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3509)

    Felix Grbert discovered that OpenSSL incorrectly handled certain DTLS handshake messages. A malicious     server could use this issue to cause clients to crash, resulting in a denial of service. (CVE-2014-3510)

    David Benjamin and Adam Langley discovered that OpenSSL incorrectly handled fragmented ClientHello     messages. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be     used to force a protocol downgrade to TLS 1.0. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04     LTS. (CVE-2014-3511)

    Sean Devlin and Watson Ladd discovered that OpenSSL incorrectly handled certain SRP parameters. A remote     attacker could use this with applications that use SRP to cause a denial of service, or possibly execute     arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3512)

    Joonas Kuorilehto and Riku Hietamki discovered that OpenSSL incorrectly handled certain Server Hello     messages that specify an SRP ciphersuite. A malicious server could use this issue to cause clients to     crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.
    (CVE-2014-5139)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Ubuntu 14.04 LTS : OpenSSL vulnerabilities (USN-2308-1)

high Nessus Plugin ID 77085

Version 1.21

Version 1.19

Version 1.21 Sep 4, 2025, 5:30 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin Feed: 202509041730
Version 1.19 Oct 21, 2023, 5:06 AM CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:U/RL:O/RC:C") CVSSv2 score source (set to "CVE-2014-3512") CVSSv3 score source (set to "CVE-2014-3507") Detection Exploit attributes ("Exploit available" set to "False") Plugin metadata Plugin Feed: 202310210506