Mandriva Linux Security Advisory : openssl (MDVSA-2014:203)

High Nessus Plugin ID 78665

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

Multiple vulnerabilities has been discovered and corrected in openssl :

OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications to block the ability for a MITM attacker to force a protocol downgrade. Some client applications (such as browsers) will reconnect using a downgraded protocol to work around interoperability bugs in older servers. This could be exploited by an active man-in-the-middle to downgrade connections to SSL 3.0 even if both sides of the connection support higher protocols. SSL 3.0 contains a number of weaknesses including POODLE (CVE-2014-3566).

When an OpenSSL SSL/TLS/DTLS server receives a session ticket the integrity of that ticket is first verified. In the event of a session ticket integrity check failing, OpenSSL will fail to free memory causing a memory leak. By sending a large number of invalid session tickets an attacker could exploit this issue in a Denial Of Service attack (CVE-2014-3567).

The updated packages have been upgraded to the 1.0.0o version where these security flaws has been fixed.

Solution

Update the affected packages.

See Also

https://www.openssl.org/news/secadv/20141015.txt

Plugin Details

Severity: High

ID: 78665

File Name: mandriva_MDVSA-2014-203.nasl

Version: $Revision: 1.13 $

Type: local

Published: 2014/10/24

Modified: 2016/05/24

Dependencies: 12634

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.1

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:lib64openssl-devel, p-cpe:/a:mandriva:linux:lib64openssl-engines1.0.0, p-cpe:/a:mandriva:linux:lib64openssl-static-devel, p-cpe:/a:mandriva:linux:lib64openssl1.0.0, p-cpe:/a:mandriva:linux:openssl, cpe:/o:mandriva:business_server:1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2014/10/23

Reference Information

CVE: CVE-2014-3566, CVE-2014-3567

BID: 70574, 70586

MDVSA: 2014:203