Oracle Solaris Third-Party Patch Update : openssl (multiple_vulnerabilities_in_openssl6) (POODLE)

medium Nessus Plugin ID 80725

Synopsis

The remote Solaris system is missing a security patch for third-party software.

Description

The remote Solaris system is missing necessary patches to address security updates :

- Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message. (CVE-2014-3513)

- The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the 'POODLE' issue. (CVE-2014-3566)

- Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure.
(CVE-2014-3567)

- OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c. (CVE-2014-3568)

Solution

Upgrade to Solaris 11.2.3.5.0.

See Also

http://www.nessus.org/u?4a913f44

http://www.nessus.org/u?5ecff53d

Plugin Details

Severity: Medium

ID: 80725

File Name: solaris11_openssl_20141104.nasl

Version: 1.12

Type: local

Published: 1/19/2015

Updated: 6/28/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.1

CVSS v2

Risk Factor: High

Base Score: 7.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS v3

Risk Factor: Medium

Base Score: 6.8

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

Vulnerability Information

CPE: cpe:/o:oracle:solaris:11.2, p-cpe:/a:oracle:solaris:openssl

Required KB Items: Host/local_checks_enabled, Host/Solaris11/release, Host/Solaris11/pkg-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/4/2014

Reference Information

CVE: CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568