According to the versions of the openssl098e package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - It was discovered that OpenSSL would accept ephemeral     RSA keys when using non-export RSA cipher suites. A     malicious server could make a TLS/SSL client using     OpenSSL use a weaker key exchange     method.(CVE-2015-0204)

  - A NULL pointer dereference flaw was found in OpenSSL's     X.509 certificate handling implementation. A specially     crafted X.509 certificate could cause an application     using OpenSSL to crash if the application attempted to     convert the certificate to a certificate     request.(CVE-2015-0288)

  - A NULL pointer dereference was found in the way OpenSSL     handled certain PKCS#7 inputs. An attacker able to make     an application using OpenSSL verify, decrypt, or parse     a specially crafted PKCS#7 input could cause that     application to crash. TLS/SSL clients and servers using     OpenSSL were not affected by this flaw.(CVE-2015-0289)

  - An integer underflow flaw, leading to a buffer     overflow, was found in the way OpenSSL decoded     malformed Base64-encoded inputs. An attacker able to     make an application using OpenSSL decode a specially     crafted Base64-encoded input (such as a PEM file) could     use this flaw to cause the application to crash. Note:
    this flaw is not exploitable via the TLS/SSL protocol     because the data being transferred is not     Base64-encoded.(CVE-2015-0292)

  - An out-of-bounds read flaw was found in the     X509_cmp_time() function of OpenSSL, which is used to     test the expiry dates of SSL/TLS certificates. An     attacker could possibly use a specially crafted SSL/TLS     certificate or CRL (Certificate Revocation List), which     when parsed by an application would cause that     application to crash.(CVE-2015-1789)

  - A NULL pointer dereference was found in the way OpenSSL     handled certain PKCS#7 inputs. An attacker able to make     an application using OpenSSL verify, decrypt, or parse     a specially crafted PKCS#7 input could cause that     application to crash. TLS/SSL clients and servers using     OpenSSL were not affected by this flaw.(CVE-2015-1790)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to its self-reported version number, the remote pfSense install is prior to 2.2.3. It is, therefore, affected by multiple vulnerabilities as stated in the referenced vendor advisories.

According to the versions of the openssl098e package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - An integer underflow flaw, leading to a buffer     overflow, was found in the way OpenSSL decoded     malformed Base64-encoded inputs. An attacker able to     make an application using OpenSSL decode a specially     crafted Base64-encoded input (such as a PEM file) could     use this flaw to cause the application to crash. Note:
    this flaw is not exploitable via the TLS/SSL protocol     because the data being transferred is not     Base64-encoded.(CVE-2015-0292)

  - An out-of-bounds read flaw was found in the     X509_cmp_time() function of OpenSSL, which is used to     test the expiry dates of SSL/TLS certificates. An     attacker could possibly use a specially crafted SSL/TLS     certificate or CRL (Certificate Revocation List), which     when parsed by an application would cause that     application to crash.(CVE-2015-1789)

  - A memory leak vulnerability was found in the way     OpenSSL parsed PKCS#7 and CMS data. A remote attacker     could use this flaw to cause an application that parses     PKCS#7 or CMS data from untrusted sources to use an     excessive amount of memory and possibly     crash.(CVE-2015-3195)

  - OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1     before 1.0.1k allows remote attackers to cause a denial     of service (NULL pointer dereference and application     crash) via a crafted DTLS message that is processed     with a different read operation for the handshake     header than for the handshake body, related to the     dtls1_get_record function in d1_pkt.c and the     ssl3_read_n function in s3_pkt.c.(CVE-2014-3571)

  - OpenSSL through 1.0.2h incorrectly uses pointer     arithmetic for heap-buffer boundary checks, which might     allow remote attackers to cause a denial of service     (integer overflow and application crash) or possibly     have unspecified other impact by leveraging unexpected     malloc behavior, related to s3_srvr.c, ssl_sess.c, and     t1_lib.c.(CVE-2016-2177)

  - An integer overflow flaw, leading to a buffer overflow,     was found in the way the EVP_EncodeUpdate() function of     OpenSSL parsed very large amounts of input data. A     remote attacker could use this flaw to crash an     application using OpenSSL or, possibly, execute     arbitrary code with the permissions of the user running     that application.(CVE-2016-2105)

  - An integer overflow flaw, leading to a buffer overflow,     was found in the way the EVP_EncryptUpdate() function     of OpenSSL parsed very large amounts of input data. A     remote attacker could use this flaw to crash an     application using OpenSSL or, possibly, execute     arbitrary code with the permissions of the user running     that application.(CVE-2016-2106)

  - A flaw was found in the way OpenSSL encoded certain     ASN.1 data structures. An attacker could use this flaw     to create a specially crafted certificate which, when     verified or re-encoded by OpenSSL, could cause it to     crash, or execute arbitrary code using the permissions     of the user running an application compiled against the     OpenSSL library.(CVE-2016-2108)

  - A denial of service flaw was found in the way OpenSSL     parsed certain ASN.1-encoded data from BIO (OpenSSL's     I/O abstraction) inputs. An application using OpenSSL     that accepts untrusted ASN.1 BIO input could be forced     to allocate an excessive amount of data.(CVE-2016-2109)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Versions of OpenSSL prior to 1.0.1n, or 1.0.2b are unpatched for the following vulnerabilities :

  - A man-in-the-middle vulnerability, known as Logjam, exists due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000)

  - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788)

  - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. (CVE-2015-1789)

  - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner 'EncryptedContent'. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790)

  - A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. (CVE-2015-1791)

  - A denial of service vulnerability exists in the CMS code due to an infinite loop that occurs when verifying a signedData message. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1792)

  - An off-by-one overflow condition affects the BN_rand() function in 'crypto/bn/random.c'. The issue is triggered as user-supplied input is not properly validated. This may allow an attacker to cause a buffer overflow, resulting in a denial of service.

  - An off-by-one overflow condition affects the BN_bn2hex() function in 'crypto/bn/bn_print.c'. The issue is triggered as user-supplied input is not properly validated. This may allow an attacker to cause a buffer overflow, potentially resulting in a denial of service or another, more severe impact.

Versions of OpenSSL prior to 0.9.8zg, or 1.0.0 prior to 1.0.0s are unpatched for the following vulnerabilities :

  - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788)

  - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. (CVE-2015-1789)

  - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner 'EncryptedContent'. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790)

  - A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. (CVE-2015-1791)

  - A denial of service vulnerability exists in the CMS code due to an infinite loop that occurs when verifying a signedData message. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1792)

  - An off-by-one overflow condition affects the BN_rand() function in 'crypto/bn/random.c'. The issue is triggered as user-supplied input is not properly validated. This may allow an attacker to cause a buffer overflow, resulting in a denial of service.

  - An off-by-one overflow condition affects the BN_bn2hex() function in 'crypto/bn/bn_print.c'. The issue is triggered as user-supplied input is not properly validated. This may allow an attacker to cause a buffer overflow, potentially resulting in a denial of service or another, more severe impact.

The remote host is running a version of Mac OS X 10.10.x that is prior to version 10.10.5. The installed version is affected by multiple vulnerabilities in the following components :

 - apache (CVE-2014-3581, CVE-2014-3583, CVE-2014-8109, CVE-2015-0228, CVE-2015-0253, CVE-2015-3183, CVE-2015-3185)
 - apache_mod_php (CVE-2015-2783, CVE-2015-2787, CVE-2015-3307, CVE-2015-3329, CVE-2015-3330, CVE-2015-4021, CVE-2015-4022, CVE-2015-4024, CVE-2015-4025, CVE-2015-4026, CVE-2015-4147, CVE-2015-4148)
 - Apple ID OD Plug-in (CVE-2015-3799)
 - AppleGraphicsControl (CVE-2015-5768)
 - Bluetooth (CVE-2015-3777, CVE-2015-3779, CVE-2015-3780, CVE-2015-3786, CVE-2015-3787)
 - bootp (CVE-2015-3778)
 - CloudKit (CVE-2015-3782)
 - CoreMedia Playback (CVE-2015-5777, CVE-2015-5778)
 - CoreText (CVE-2015-5761, CVE-2015-5755)
 - curl (CVE-2014-3613, CVE-2014-3620, CVE-2014-3707, CVE-2014-8150, CVE-2014-8151, CVE-2015-3143, CVE-2015-3144, CVE-2015-3145, CVE-2015-3148, CVE-2015-3153)
 - Data Detectors Engine (CVE-2015-5750)
 - Date & Time pref pane (CVE-2015-3757)
 - Dictionary Application (CVE-2015-3774)
 - DiskImages (CVE-2015-3800)
 - dyld (CVE-2015-3760)
 - FontParser (CVE-2015-3804, CVE-2015-5775, CVE-2015-5756)
 - groff (CVE-2009-5044, CVE-2009-5078)
 - ImageIO (CVE-2015-5758, CVE-2015-5781, CVE-2015-5782)
 - Install Framework Legacy (CVE-2015-5784, CVE-2015-5754)
 - IOFireWireFamily (CVE-2015-3769, CVE-2015-3771, CVE-2015-3772)
 - IOGraphics (CVE-2015-3770, CVE-2015-5783)
 - IOHIDFamily (CVE-2015-5774)
 - Kernel (CVE-2015-3766, CVE-2015-3768, CVE-2015-5747, CVE-2015-5748, CVE-2015-3806, CVE-2015-3803, CVE-2015-3802, CVE-2015-3805, CVE-2015-3776, CVE-2015-3761)
 - Libc (CVE-2015-3796, CVE-2015-3797, CVE-2015-3798)
 - Libinfo (CVE-2015-5776)
 - libpthread (CVE-2015-5757)
 - libxml2 (CVE-2014-0191, CVE-2014-3660, CVE-2015-3807)
 - libxpc (CVE-2015-3795)
 - mail_cmds (CVE-2014-7844)
 - Notification Center OSX (CVE-2015-3764)
 - ntfs (CVE-2015-5763)
 - OpenSSH (CVE-2015-5600)
 - OpenSSL (CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792)
 - perl (CVE-2013-7422)
 - PostgreSQL (CVE-2014-0067, CVE-2014-8161, CVE-2015-0241, CVE-2015-0242, CVE-2015-0243, CVE-2015-0244)
 - python (CVE-2013-7040, CVE-2013-7338, CVE-2014-1912, CVE-2014-7185, CVE-2014-9365)
 - QL Office (CVE-2015-5773, CVE-2015-3784)
 - Quartz Composer Framework (CVE-2015-5771)
 - Quick Look (CVE-2015-3781)
 - QuickTime 7 (CVE-2015-3779, CVE-2015-5753, CVE-2015-5779, CVE-2015-3765, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751)
 - SceneKit (CVE-2015-5772, CVE-2015-3783)
 - Security (CVE-2015-3775)
 - SMBClient (CVE-2015-3773)
 - Speech UI (CVE-2015-3794)
 - sudo (CVE-2013-1775, CVE-2013-1776, CVE-2013-2776, CVE-2013-2777, CVE-2014-0106, CVE-2014-9680)
 - tcpdump (CVE-2014-8767, CVE-2014-8769, CVE-2014-9140)
 - Text Formats (CVE-2015-3762)
 - udf (CVE-2015-3767)

 Note that successful exploitation of the most serious issues can result in arbitrary code execution.

The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of- bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

ID	Name	Product	Family	Published	Updated	Severity
129174	EulerOS 2.0 SP5 : openssl098e (EulerOS-SA-2019-1980)	Nessus	Huawei Local Security Checks	9/24/2019	4/24/2024	high
106495	pfSense < 2.2.3 Multiple Vulnerabilities (SA-15_07) (Logjam)	Nessus	Firewalls	1/31/2018	10/30/2025	critical
128913	EulerOS 2.0 SP2 : openssl098e (EulerOS-SA-2019-1861)	Nessus	Huawei Local Security Checks	9/17/2019	4/25/2024	critical
8790	OpenSSL 1.0.1 < 1.0.1n / 1.0.2 < 1.0.2b Multiple Vulnerabilities (Logjam)	Nessus Network Monitor	Web Servers	6/22/2015	3/6/2019	medium
8791	OpenSSL 0.9.8 < 0.9.8zg / 1.0.0 < 1.0.0s Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	6/22/2015	3/6/2019	medium
8981	Mac OS X < 10.10.5 Multiple Vulnerabilities	Nessus Network Monitor	Operating System Detection	10/16/2015	3/6/2019	high
503053	Siemens SCALANCE X-200RNA Switch Devices Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2015-1789)	Tenable OT Security	Tenable.ot	3/13/2025	3/13/2025	high

Detections

Analytics

Plugins Search

high

critical

critical

medium

medium

high

high