According to the versions of the openssl098e package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - It was discovered that OpenSSL would accept ephemeral     RSA keys when using non-export RSA cipher suites. A     malicious server could make a TLS/SSL client using     OpenSSL use a weaker key exchange     method.(CVE-2015-0204)

  - A NULL pointer dereference flaw was found in OpenSSL's     X.509 certificate handling implementation. A specially     crafted X.509 certificate could cause an application     using OpenSSL to crash if the application attempted to     convert the certificate to a certificate     request.(CVE-2015-0288)

  - A NULL pointer dereference was found in the way OpenSSL     handled certain PKCS#7 inputs. An attacker able to make     an application using OpenSSL verify, decrypt, or parse     a specially crafted PKCS#7 input could cause that     application to crash. TLS/SSL clients and servers using     OpenSSL were not affected by this flaw.(CVE-2015-0289)

  - An integer underflow flaw, leading to a buffer     overflow, was found in the way OpenSSL decoded     malformed Base64-encoded inputs. An attacker able to     make an application using OpenSSL decode a specially     crafted Base64-encoded input (such as a PEM file) could     use this flaw to cause the application to crash. Note:
    this flaw is not exploitable via the TLS/SSL protocol     because the data being transferred is not     Base64-encoded.(CVE-2015-0292)

  - An out-of-bounds read flaw was found in the     X509_cmp_time() function of OpenSSL, which is used to     test the expiry dates of SSL/TLS certificates. An     attacker could possibly use a specially crafted SSL/TLS     certificate or CRL (Certificate Revocation List), which     when parsed by an application would cause that     application to crash.(CVE-2015-1789)

  - A NULL pointer dereference was found in the way OpenSSL     handled certain PKCS#7 inputs. An attacker able to make     an application using OpenSSL verify, decrypt, or parse     a specially crafted PKCS#7 input could cause that     application to crash. TLS/SSL clients and servers using     OpenSSL were not affected by this flaw.(CVE-2015-1790)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is running a version of Gaia OS which is affected by multiple vulnerabilities:

  - An out of bounds read denial of service vulnerability     in OpenSSL (CVE-2015-1789)

  - An information disclosure weakness in the RC4     algorithm as used in SSL/TLS (CVE-2015-2808)

The remote host is running a version of Mac OS X 10.10.x that is prior to 10.10.5. It is, therefore, affected by multiple vulnerabilities in the following components :

  - apache
  - apache_mod_php
  - Apple ID OD Plug-in
  - AppleGraphicsControl
  - Bluetooth
  - bootp
  - CloudKit
  - CoreMedia Playback
  - CoreText
  - curl
  - Data Detectors Engine
  - Date & Time pref pane
  - Dictionary Application
  - DiskImages
  - dyld
  - FontParser
  - groff
  - ImageIO
  - Install Framework Legacy
  - IOFireWireFamily
  - IOGraphics
  - IOHIDFamily
  - Kernel
  - Libc
  - Libinfo
  - libpthread
  - libxml2
  - libxpc
  - mail_cmds
  - Notification Center OSX
  - ntfs
  - OpenSSH
  - OpenSSL
  - perl
  - PostgreSQL
  - python
  - QL Office
  - Quartz Composer Framework
  - Quick Look
  - QuickTime 7
  - SceneKit
  - Security
  - SMBClient
  - Speech UI
  - sudo
  - tcpdump
  - Text Formats
  - udf 

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

Versions of OpenSSL prior to 1.0.1n, or 1.0.2b are unpatched for the following vulnerabilities :

  - A man-in-the-middle vulnerability, known as Logjam, exists due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000)

  - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788)

  - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. (CVE-2015-1789)

  - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner 'EncryptedContent'. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790)

  - A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. (CVE-2015-1791)

  - A denial of service vulnerability exists in the CMS code due to an infinite loop that occurs when verifying a signedData message. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1792)

  - An off-by-one overflow condition affects the BN_rand() function in 'crypto/bn/random.c'. The issue is triggered as user-supplied input is not properly validated. This may allow an attacker to cause a buffer overflow, resulting in a denial of service.

  - An off-by-one overflow condition affects the BN_bn2hex() function in 'crypto/bn/bn_print.c'. The issue is triggered as user-supplied input is not properly validated. This may allow an attacker to cause a buffer overflow, potentially resulting in a denial of service or another, more severe impact.

The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of- bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Versions of OpenSSL prior to 0.9.8zg, or 1.0.0 prior to 1.0.0s are unpatched for the following vulnerabilities :

  - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788)

  - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. (CVE-2015-1789)

  - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner 'EncryptedContent'. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790)

  - A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. (CVE-2015-1791)

  - A denial of service vulnerability exists in the CMS code due to an infinite loop that occurs when verifying a signedData message. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1792)

  - An off-by-one overflow condition affects the BN_rand() function in 'crypto/bn/random.c'. The issue is triggered as user-supplied input is not properly validated. This may allow an attacker to cause a buffer overflow, resulting in a denial of service.

  - An off-by-one overflow condition affects the BN_bn2hex() function in 'crypto/bn/bn_print.c'. The issue is triggered as user-supplied input is not properly validated. This may allow an attacker to cause a buffer overflow, potentially resulting in a denial of service or another, more severe impact.

The remote host is running a version of Mac OS X 10.10.x that is prior to version 10.10.5. The installed version is affected by multiple vulnerabilities in the following components :

 - apache (CVE-2014-3581, CVE-2014-3583, CVE-2014-8109, CVE-2015-0228, CVE-2015-0253, CVE-2015-3183, CVE-2015-3185)
 - apache_mod_php (CVE-2015-2783, CVE-2015-2787, CVE-2015-3307, CVE-2015-3329, CVE-2015-3330, CVE-2015-4021, CVE-2015-4022, CVE-2015-4024, CVE-2015-4025, CVE-2015-4026, CVE-2015-4147, CVE-2015-4148)
 - Apple ID OD Plug-in (CVE-2015-3799)
 - AppleGraphicsControl (CVE-2015-5768)
 - Bluetooth (CVE-2015-3777, CVE-2015-3779, CVE-2015-3780, CVE-2015-3786, CVE-2015-3787)
 - bootp (CVE-2015-3778)
 - CloudKit (CVE-2015-3782)
 - CoreMedia Playback (CVE-2015-5777, CVE-2015-5778)
 - CoreText (CVE-2015-5761, CVE-2015-5755)
 - curl (CVE-2014-3613, CVE-2014-3620, CVE-2014-3707, CVE-2014-8150, CVE-2014-8151, CVE-2015-3143, CVE-2015-3144, CVE-2015-3145, CVE-2015-3148, CVE-2015-3153)
 - Data Detectors Engine (CVE-2015-5750)
 - Date & Time pref pane (CVE-2015-3757)
 - Dictionary Application (CVE-2015-3774)
 - DiskImages (CVE-2015-3800)
 - dyld (CVE-2015-3760)
 - FontParser (CVE-2015-3804, CVE-2015-5775, CVE-2015-5756)
 - groff (CVE-2009-5044, CVE-2009-5078)
 - ImageIO (CVE-2015-5758, CVE-2015-5781, CVE-2015-5782)
 - Install Framework Legacy (CVE-2015-5784, CVE-2015-5754)
 - IOFireWireFamily (CVE-2015-3769, CVE-2015-3771, CVE-2015-3772)
 - IOGraphics (CVE-2015-3770, CVE-2015-5783)
 - IOHIDFamily (CVE-2015-5774)
 - Kernel (CVE-2015-3766, CVE-2015-3768, CVE-2015-5747, CVE-2015-5748, CVE-2015-3806, CVE-2015-3803, CVE-2015-3802, CVE-2015-3805, CVE-2015-3776, CVE-2015-3761)
 - Libc (CVE-2015-3796, CVE-2015-3797, CVE-2015-3798)
 - Libinfo (CVE-2015-5776)
 - libpthread (CVE-2015-5757)
 - libxml2 (CVE-2014-0191, CVE-2014-3660, CVE-2015-3807)
 - libxpc (CVE-2015-3795)
 - mail_cmds (CVE-2014-7844)
 - Notification Center OSX (CVE-2015-3764)
 - ntfs (CVE-2015-5763)
 - OpenSSH (CVE-2015-5600)
 - OpenSSL (CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792)
 - perl (CVE-2013-7422)
 - PostgreSQL (CVE-2014-0067, CVE-2014-8161, CVE-2015-0241, CVE-2015-0242, CVE-2015-0243, CVE-2015-0244)
 - python (CVE-2013-7040, CVE-2013-7338, CVE-2014-1912, CVE-2014-7185, CVE-2014-9365)
 - QL Office (CVE-2015-5773, CVE-2015-3784)
 - Quartz Composer Framework (CVE-2015-5771)
 - Quick Look (CVE-2015-3781)
 - QuickTime 7 (CVE-2015-3779, CVE-2015-5753, CVE-2015-5779, CVE-2015-3765, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751)
 - SceneKit (CVE-2015-5772, CVE-2015-3783)
 - Security (CVE-2015-3775)
 - SMBClient (CVE-2015-3773)
 - Speech UI (CVE-2015-3794)
 - sudo (CVE-2013-1775, CVE-2013-1776, CVE-2013-2776, CVE-2013-2777, CVE-2014-0106, CVE-2014-9680)
 - tcpdump (CVE-2014-8767, CVE-2014-8769, CVE-2014-9140)
 - Text Formats (CVE-2015-3762)
 - udf (CVE-2015-3767)

 Note that successful exploitation of the most serious issues can result in arbitrary code execution.

ID	Name	Product	Family	Published	Updated	Severity
129174	EulerOS 2.0 SP5 : openssl098e (EulerOS-SA-2019-1980)	Nessus	Huawei Local Security Checks	9/24/2019	4/24/2024	high
105000	Check Point Gaia Operating System Multiple Vulnerabilities (sk106499)	Nessus	Firewalls	12/4/2017	11/12/2019	medium
85408	Mac OS X 10.10.x < 10.10.5 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	8/17/2015	5/28/2024	high
8790	OpenSSL 1.0.1 < 1.0.1n / 1.0.2 < 1.0.2b Multiple Vulnerabilities (Logjam)	Nessus Network Monitor	Web Servers	6/22/2015	3/6/2019	medium
503053	Siemens SCALANCE X-200RNA Switch Devices Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2015-1789)	Tenable OT Security	Tenable.ot	3/13/2025	3/13/2025	high
8791	OpenSSL 0.9.8 < 0.9.8zg / 1.0.0 < 1.0.0s Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	6/22/2015	3/6/2019	medium
8981	Mac OS X < 10.10.5 Multiple Vulnerabilities	Nessus Network Monitor	Operating System Detection	10/16/2015	3/6/2019	high

Detections

Analytics

Plugins Search

high

medium

high

medium

high

medium

high