OpenSSL 1.0.0 < 1.0.0s Multiple Vulnerabilities

Medium Nessus Plugin ID 84152


The remote service is affected by multiple vulnerabilities.


According to its banner, the remote web server uses a version of OpenSSL 1.0.0 prior to 1.0.0s. The OpenSSL library is, therefore, affected by the following vulnerabilities :

- A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788)

- A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected.
TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. (CVE-2015-1789)

- A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner 'EncryptedContent'. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790)

- A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. (CVE-2015-1791)

- A denial of service vulnerability exists in the CMS code due to an infinite loop that occurs when verifying a signedData message. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1792)


Upgrade to OpenSSL 1.0.0s or later.

See Also

Plugin Details

Severity: Medium

ID: 84152

File Name: openssl_1_0_0s.nasl

Version: $Revision: 1.6 $

Type: remote

Family: Web Servers

Published: 2015/06/12

Modified: 2015/09/01

Dependencies: 57323

Risk Information

Risk Factor: Medium


Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:openssl:openssl

Required KB Items: openssl/port

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2015/06/11

Vulnerability Publication Date: 2015/06/11

Reference Information

CVE: CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792

BID: 75154, 75156, 75157, 75158, 75161