SuSE 11.3 Security Update : compat-openssl097g (SAT Patch Number 10033)

Medium Nessus Plugin ID 79738

Synopsis

The remote SuSE 11 host is missing one or more security updates.

Description

The SLES 9 compatibility package compat-openssl097g received a roll up update fixing various security issues :

- Build option no-ssl3 is incomplete. (CVE-2014-3568)

- Add support for TLS_FALLBACK_SCSV. (CVE-2014-3566)

- Information leak in pretty printing functions.
(CVE-2014-3508)

- OCSP bad key DoS attack. (CVE-2013-0166)

- SSL/TLS CBC plaintext recovery attack. (CVE-2013-0169)

- Anonymous ECDH denial of service. (CVE-2014-3470)

- SSL/TLS MITM vulnerability (CVE-2014-0224)

Solution

Apply SAT patch number 10033.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=802184

https://bugzilla.novell.com/show_bug.cgi?id=880891

https://bugzilla.novell.com/show_bug.cgi?id=890764

https://bugzilla.novell.com/show_bug.cgi?id=901223

https://bugzilla.novell.com/show_bug.cgi?id=901277

https://bugzilla.novell.com/show_bug.cgi?id=905106

http://support.novell.com/security/cve/CVE-2013-0166.html

http://support.novell.com/security/cve/CVE-2013-0169.html

http://support.novell.com/security/cve/CVE-2014-0224.html

http://support.novell.com/security/cve/CVE-2014-3470.html

http://support.novell.com/security/cve/CVE-2014-3508.html

http://support.novell.com/security/cve/CVE-2014-3566.html

http://support.novell.com/security/cve/CVE-2014-3568.html

Plugin Details

Severity: Medium

ID: 79738

File Name: suse_11_compat-openssl097g-141202.nasl

Version: Revision: 1.4

Type: local

Agent: unix

Published: 2014/12/05

Updated: 2015/01/28

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:compat-openssl097g, p-cpe:/a:novell:suse_linux:11:compat-openssl097g-32bit, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2014/12/02

Exploitable With

Core Impact

Reference Information

CVE: CVE-2013-0166, CVE-2013-0169, CVE-2014-0224, CVE-2014-3470, CVE-2014-3508, CVE-2014-3566, CVE-2014-3568