OpenSSL 0.9.8 < 0.9.8zb Multiple Vulnerabilities

High Nessus Plugin ID 77086


The remote service is affected by multiple vulnerabilities.


According to its banner, the remote web server uses a version of OpenSSL 0.9.8 prior to 0.9.8zb. The OpenSSL library is, therefore, affected by the following vulnerabilities :

- A memory double-free error exists related to handling DTLS packets that allows denial of service attacks.

- An unspecified error exists related to handling DTLS handshake messages that allows denial of service attacks due to large amounts of memory being consumed.

- A memory leak error exists related to handling specially crafted DTLS packets that allows denial of service attacks. (CVE-2014-3507)

- An error exists related to 'OBJ_obj2txt' and the pretty printing 'X509_name_*' functions which leak stack data, resulting in an information disclosure. (CVE-2014-3508)

- A NULL pointer dereference error exists related to handling anonymous ECDH cipher suites and crafted handshake messages that allow denial of service attacks against clients. (CVE-2014-3510)


Upgrade to OpenSSL 0.9.8zb or later.

See Also

Plugin Details

Severity: High

ID: 77086

File Name: openssl_0_9_8zb.nasl

Version: $Revision: 1.9 $

Type: remote

Family: Web Servers

Published: 2014/08/08

Modified: 2016/05/12

Dependencies: 57323

Risk Information

Risk Factor: High


Base Score: 7.1

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

Vulnerability Information

CPE: cpe:/a:openssl:openssl

Required KB Items: openssl/port

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2014/08/06

Vulnerability Publication Date: 2014/08/06

Reference Information

CVE: CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3510

BID: 69075, 69076, 69078, 69081, 69082

OSVDB: 109891, 109892, 109893, 109894, 109895