OpenSSL 1.0.0 < 1.0.0s Multiple Vulnerabilities

medium Nessus Plugin ID 84152

Language:

Synopsis

The remote service is affected by multiple vulnerabilities.

Description

According to its banner, the remote web server uses a version of OpenSSL 1.0.0 prior to 1.0.0s. The OpenSSL library is, therefore, affected by the following vulnerabilities :

 - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788)

 - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected.
 TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. (CVE-2015-1789)

 - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner 'EncryptedContent'. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790)

 - A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. (CVE-2015-1791)

 - A denial of service vulnerability exists in the CMS code due to an infinite loop that occurs when verifying a signedData message. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1792)

Solution

Upgrade to OpenSSL 1.0.0s or later.

See Also

https://www.openssl.org/news/secadv/20150611.txt

Plugin Details

Severity: Medium

ID: 84152

File Name: openssl_1_0_0s.nasl

Version: 1.7

Type: remote

Family: Web Servers

Published: 6/12/2015

Updated: 1/2/2019

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:openssl:openssl

Required KB Items: openssl/port

Exploit Ease: No known exploits are available

Patch Publication Date: 6/11/2015

Vulnerability Publication Date: 6/11/2015

Reference Information

CVE: CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792

BID: 75154, 75156, 75157, 75158, 75161