Oracle Solaris Third-Party Patch Update : openssl (cve_2014_3505_denial_of)

High Nessus Plugin ID 80722

Synopsis

The remote Solaris system is missing a security patch for third-party software.

Description

The remote Solaris system is missing necessary patches to address security updates :

- Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition. (CVE-2014-3505)

- d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values. (CVE-2014-3506)

- Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of the return value of a certain insert function.
(CVE-2014-3507)

- Race condition in the ssl_parse_serverhello_tlsext function in t1_lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL servers to cause a denial of service (memory overwrite and client application crash) or possibly have unspecified other impact by sending Elliptic Curve (EC) Supported Point Formats Extension data. (CVE-2014-3509)

- The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake message in conjunction with a (1) anonymous DH or (2) anonymous ECDH ciphersuite. (CVE-2014-3510)

- Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid SRP (1) g, (2) A, or (3) B parameter. (CVE-2014-3512)

- The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client.
(CVE-2014-5139)

Solution

Upgrade to Solaris 11.2.2.5.0.

See Also

http://www.nessus.org/u?4a913f44

https://blogs.oracle.com/sunsecurity/cve-2014-3505-denial-of-servicedos-vulnerability-in-openssl

http://www.nessus.org/u?3fb2b110

http://www.nessus.org/u?3b74fa96

http://www.nessus.org/u?c6978582

https://blogs.oracle.com/sunsecurity/cve-2014-3510-denial-of-servicedos-vulnerability-in-openssl

https://blogs.oracle.com/sunsecurity/cve-2014-3512-buffer-errors-vulnerability-in-openssl

https://blogs.oracle.com/sunsecurity/cve-2014-5139-denial-of-servicedos-vulnerability-in-openssl

Plugin Details

Severity: High

ID: 80722

File Name: solaris11_openssl_20140915.nasl

Version: 1.2

Type: local

Published: 2015/01/19

Updated: 2018/11/15

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/o:oracle:solaris:11.2, p-cpe:/a:oracle:solaris:openssl

Required KB Items: Host/local_checks_enabled, Host/Solaris11/release, Host/Solaris11/pkg-list

Patch Publication Date: 2014/09/15

Reference Information

CVE: CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3509, CVE-2014-3510, CVE-2014-3512, CVE-2014-5139