The version of MySQL running on the remote host is 5.7.x prior to 5.7.12. It is, therefore, affected by multiple vulnerabilities :

  - A cipher algorithm downgrade vulnerability exists in the     bundled version of OpenSSL due to a flaw that is     triggered when handling cipher negotiation. A remote     attacker can exploit this to negotiate SSLv2 ciphers and     complete SSLv2 handshakes even if all SSLv2 ciphers have     been disabled on the server. Note that this     vulnerability only exists if the SSL_OP_NO_SSLv2 option     has not been disabled. (CVE-2015-3197)

  - An unspecified flaw exists in the Pluggable     Authentication subcomponent that allows an     unauthenticated, remote attacker to execute arbitrary     code. (CVE-2016-0639)

  - An unspecified flaw exists in the Federated subcomponent     that allows an authenticated, remote attacker to impact     integrity and availability. (CVE-2016-0642)

  - An unspecified flaw exists in the DML subcomponent that     allows an authenticated, remote attacker to disclose     sensitive information. (CVE-2016-0643)

  - An unspecified flaw exists in the FTS subcomponent that     allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-0647)

  - An unspecified flaw exists in the PS subcomponent that     allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-0647)

  - An unspecified flaw exists in the InnoDB subcomponent     that allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-0655)

  - An unspecified flaw exists in the JSON subcomponent that     allows an authenticated, remote attacker to disclose     sensitive information. (CVE-2016-0657)

  - An unspecified flaw exists in the Optimizer subcomponent     that allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-0659)

  - An unspecified flaw exists in the Partition subcomponent     that allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-0662)

  - An unspecified flaw exists in the Security: Privileges     subcomponent that allows an authenticated, remote     attacker to cause a denial of service condition.
    (CVE-2016-0666)

  - An unspecified flaw exists in the Locking subcomponent     that allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-0667)

  - A key disclosure vulnerability exists in the bundled     version of OpenSSL due to improper handling of     cache-bank conflicts on the Intel Sandy-bridge     microarchitecture. An attacker can exploit this to gain     access to RSA key information. (CVE-2016-0702)

  - A double-free error exists in the bundled version of     OpenSSL due to improper validation of user-supplied     input when parsing malformed DSA private keys. A remote     attacker can exploit this to corrupt memory, resulting     in a denial of service condition or the execution of     arbitrary code. (CVE-2016-0705)

  - A NULL pointer dereference flaw exists in the bundled     version of OpenSSL in the BN_hex2bn() and BN_dec2bn()     functions. A remote attacker can exploit this to trigger     a heap corruption, resulting in the execution of     arbitrary code. (CVE-2016-0797)

  - A denial of service vulnerability exists in the bundled     version of OpenSSL due to improper handling of invalid     usernames. A remote attacker can exploit this, via a     specially crafted username, to leak 300 bytes of memory     per connection, exhausting available memory resources.
    (CVE-2016-0798)

  - Multiple memory corruption issues exist in the bundled     version of OpenSSL that allow a remote attacker to cause     a denial of service condition or the execution of     arbitrary code. (CVE-2016-0799)

  - A flaw exists in the bundled version of OpenSSL that     allows a cross-protocol Bleichenbacher padding oracle     attack known as DROWN (Decrypting RSA with Obsolete and     Weakened eNcryption). This vulnerability exists due to a     flaw in the Secure Sockets Layer Version 2 (SSLv2)     implementation, and it allows captured TLS traffic to be     decrypted. A man-in-the-middle attacker can exploit this     to decrypt the TLS connection by utilizing previously     captured traffic and weak cryptography along with a     series of specially crafted connections to an SSLv2     server that uses the same private key. (CVE-2016-0800)

  - A man-in-the-middle spoofing vulnerability exists due to     the server hostname not being verified to match a domain     name in the Subject's Common Name (CN) or SubjectAltName     field of the X.509 certificate. A man-in-the-middle     attacker can exploit this, by spoofing the TLS/SSL     server via a certificate that appears valid, to disclose     sensitive information or manipulate transmitted data.
    (CVE-2016-2047)

  - An unspecified flaw exists in the Optimizer subcomponent     that allow an authenticated, remote attacker to cause a     denial of service condition. (CVE-2017-10378)

  - A flaw exists related to certificate validation due to     the server hostname not being verified to match a domain     name in the X.509 certificate. A man-in-the-middle     attacker can exploit this, by spoofing the TLS/SSL     server via a certificate that appears valid, to disclose     sensitive information or manipulate data.

  - An integer overflow condition exists that is triggered     due to improper validation of user-supplied input when     processing client handshakes. An authenticated, remote     attacker can exploit this to cause the server to exit,     resulting in a denial of service condition.

  - An information disclosure vulnerability exists due to     overly verbose error messages returning part of the SQL     statement that produced them. An authenticated, remote     attacker can exploit this to disclose sensitive     information.

  - A flaw exists in InnoDB that is triggered during the     handling of an ALTER TABLE or ADD COLUMN operation on a     table with virtual columns. An authenticated, remote     attacker can exploit this to crash the server, resulting     in a denial of service condition.

This update for libopenssl0_9_8 fixes the following issues :

  - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)

  - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)

  - CVE-2016-2108: Memory corruption in the ASN.1 encoder     (bsc#977617)

  - CVE-2016-2109: ASN.1 BIO excessive memory allocation     (bsc#976942)

  - CVE-2016-0702: Side channel attack on modular     exponentiation 'CacheBleed' (bsc#968050)

  - bsc#976943: Buffer overrun in ASN1_parse

and updates the package to version 0.9.8zh which collects many other fixes, including security ones.

Update to latest openssl which fixes various CVE's

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to its self-reported version number, the remote Juniper Junos device is affected by the following vulnerabilities related to OpenSSL :

  - A flaw exists in the ssl3_get_key_exchange() function     in file s3_clnt.c when handling a ServerKeyExchange     message for an anonymous DH ciphersuite with the value     of 'p' set to 0. A attacker can exploit this, by causing     a segmentation fault, to crash an application linked     against the library, resulting in a denial of service.
    (CVE-2015-1794)

  - A carry propagating flaw exists in the x86_64 Montgomery     squaring implementation that may cause the BN_mod_exp()     function to produce incorrect results. An attacker can     exploit this to obtain sensitive information regarding     private keys. (CVE-2015-3193)

  - A NULL pointer dereference flaw exists in file     rsa_ameth.c due to improper handling of ASN.1 signatures     that are missing the PSS parameter. A remote attacker     can exploit this to cause the signature verification     routine to crash, resulting in a denial of service     condition. (CVE-2015-3194)

  - A flaw exists in the ASN1_TFLG_COMBINE implementation in     file tasn_dec.c related to handling malformed     X509_ATTRIBUTE structures. A remote attacker can exploit     this to cause a memory leak by triggering a decoding     failure in a PKCS#7 or CMS application, resulting in a     denial of service. (CVE-2015-3195)

  - A race condition exists in s3_clnt.c that is triggered     when PSK identity hints are incorrectly updated in the     parent SSL_CTX structure when they are received by a     multi-threaded client. A remote attacker can exploit     this, via a crafted ServerKeyExchange message, to cause     a double-free memory error, resulting in a denial of     service. (CVE-2015-3196)

  - A cipher algorithm downgrade vulnerability exists due to     a flaw that is triggered when handling cipher     negotiation. A remote attacker can exploit this to     negotiate SSLv2 ciphers and complete SSLv2 handshakes     even if all SSLv2 ciphers have been disabled on the     server. Note that this vulnerability only exists if the     SSL_OP_NO_SSLv2 option has not been disabled.
    (CVE-2015-3197)

  - A key disclosure vulnerability exists due to improper     handling of cache-bank conflicts on the Intel     Sandy-bridge microarchitecture. An attacker can exploit     this to gain access to RSA key information.
    (CVE-2016-0702)

  - A flaw exists in the SSLv2 implementation,     specifically in the get_client_master_key() function     within file s2_srvr.c, due to accepting a nonzero     CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an     arbitrary cipher. A man-in-the-middle attacker can     exploit this to determine the MASTER-KEY value and     decrypt TLS ciphertext by leveraging a Bleichenbacher     RSA padding oracle. (CVE-2016-0703)

  - A flaw exists in the SSLv2 oracle protection mechanism,     specifically in the get_client_master_key() function     within file s2_srvr.c, due to incorrectly overwriting     MASTER-KEY bytes during use of export cipher suites.
    A remote attackers can exploit this to more easily     decrypt TLS ciphertext by leveraging a Bleichenbacher     RSA padding oracle. (CVE-2016-0704)

  - A double-free error exists due to improper validation of     user-supplied input when parsing malformed DSA private     keys. A remote attacker can exploit this to corrupt     memory, resulting in a denial of service condition or     the execution of arbitrary code. (CVE-2016-0705)

  - A NULL pointer dereference flaw exists in the     BN_hex2bn() and BN_dec2bn() functions. A remote attacker     can exploit this to trigger a heap corruption, resulting     in the execution of arbitrary code. (CVE-2016-0797)

  - A denial of service vulnerability exists due to improper     handling of invalid usernames. A remote attacker can     exploit this, via a specially crafted username, to leak     300 bytes of memory per connection, exhausting available     memory resources. (CVE-2016-0798)

  - Multiple memory corruption issues exist that allow a     remote attacker to cause a denial of service condition     or the execution of arbitrary code. (CVE-2016-0799)

  - A heap buffer overflow condition exists in the     EVP_EncodeUpdate() function within file     crypto/evp/encode.c that is triggered when handling     a large amount of input data. An unauthenticated, remote     attacker can exploit this to cause a denial of service     condition. (CVE-2016-2105)

  - A heap buffer overflow condition exists in the     EVP_EncryptUpdate() function within file     crypto/evp/evp_enc.c that is triggered when handling a     large amount of input data after a previous call occurs     to the same function with a partial block. An     unauthenticated, remote attacker can exploit this to     cause a denial of service condition. (CVE-2016-2106)

  - A remote code execution vulnerability exists in the     ASN.1 encoder due to an underflow condition that occurs     when attempting to encode the value zero represented as     a negative integer. An unauthenticated, remote attacker     can exploit this to corrupt memory, resulting in the     execution of arbitrary code. (CVE-2016-2108)

  - Multiple unspecified flaws exist in the d2i BIO     functions when reading ASN.1 data from a BIO due to     invalid encoding causing a large allocation of memory.
    An unauthenticated, remote attacker can exploit these to     cause a denial of service condition through resource     exhaustion. (CVE-2016-2109)

  - Multiple integer overflow conditions exist in s3_srvr.c,     ssl_sess.c, and t1_lib.c due to improper use of pointer     arithmetic for heap-buffer boundary checks. An     unauthenticated, remote attacker can exploit this to     cause a denial of service. (CVE-2016-2177)

  - An information disclosure vulnerability exists in the     dsa_sign_setup() function in dsa_ossl.c due to a failure     to properly ensure the use of constant-time operations.
    An unauthenticated, remote attacker can exploit this,     via a timing side-channel attack, to disclose DSA key     information. (CVE-2016-2178)

  - An out-of-bounds read error exists in the X.509 Public     Key Infrastructure Time-Stamp Protocol (TSP)     implementation. An unauthenticated, remote attacker can     exploit this, via a crafted time-stamp file that is     mishandled by the 'openssl ts' command, to cause     denial of service or to disclose sensitive information.
    (CVE-2016-2180)

  - An overflow condition exists in the BN_bn2dec() function     in bn_print.c due to improper validation of     user-supplied input when handling BIGNUM values. An     unauthenticated, remote attacker can exploit this to     crash the process. (CVE-2016-2182)

  - A vulnerability exists, known as SWEET32, in the 3DES     and Blowfish algorithms due to the use of weak 64-bit     block ciphers by default. A man-in-the-middle attacker     who has sufficient resources can exploit this     vulnerability, via a 'birthday' attack, to detect a     collision that leaks the XOR between the fixed secret     and a known plaintext, allowing the disclosure of the     secret text, such as secure HTTPS cookies, and possibly     resulting in the hijacking of an authenticated session.
    (CVE-2016-2183)

  - A flaw exists in the tls_decrypt_ticket() function in     t1_lib.c due to improper handling of ticket HMAC     digests. An unauthenticated, remote attacker can exploit     this, via a ticket that is too short, to crash the     process, resulting in a denial of service.
    (CVE-2016-6302)

  - An integer overflow condition exists in the     MDC2_Update() function in mdc2dgst.c due to improper     validation of user-supplied input. An unauthenticated,     remote attacker can exploit this to cause a heap-based     buffer overflow, resulting in a denial of service     condition or possibly the execution of arbitrary code.
    (CVE-2016-6303)

  - A flaw exists in the ssl_parse_clienthello_tlsext()     function in t1_lib.c due to improper handling of overly     large OCSP Status Request extensions from clients. An     unauthenticated, remote attacker can exploit this, via     large OCSP Status Request extensions, to exhaust memory     resources, resulting in a denial of service condition.
    (CVE-2016-6304)

  - A flaw exists in the SSL_peek() function in     rec_layer_s3.c due to improper handling of empty     records. An unauthenticated, remote attacker can exploit     this, by triggering a zero-length record in an SSL_peek     call, to cause an infinite loop, resulting in a denial     of service condition. (CVE-2016-6305)

  - An out-of-bounds read error exists in the certificate     parser that allows an unauthenticated, remote attacker     to cause a denial of service via crafted certificate     operations. (CVE-2016-6306)

  - A denial of service vulnerability exists in the     state-machine implementation due to a failure to check     for an excessive length before allocating memory. An     unauthenticated, remote attacker can exploit this, via a     crafted TLS message, to exhaust memory resources.
    (CVE-2016-6307)

Note that these issues only affects devices with J-Web or the SSL service for JUNOScript enabled.

According to the versions of the openssl098e package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - The BN_bn2dec function in crypto/bn/bn_print.c in     OpenSSL before 1.1.0 does not properly validate     division results, which allows remote attackers to     cause a denial of service (out-of-bounds write and     application crash) or possibly have unspecified other     impact via unknown vectors.(CVE-2016-2182)

  - A denial of service flaw was found in the way the     TLS/SSL protocol defined processing of ALERT packets     during a connection handshake. A remote attacker could     use this flaw to make a TLS/SSL server consume an     excessive amount of CPU and fail to accept connections     form other clients.(CVE-2016-8610)

  - A flaw was found in the way malicious SSLv2 clients     could negotiate SSLv2 ciphers that were disabled on the     server. This could result in weak SSLv2 ciphers being     used for SSLv2 connections, making them vulnerable to     man-in-the-middle attacks.(CVE-2015-3197)

  - A padding oracle flaw was found in the Secure Sockets     Layer version 2.0 (SSLv2) protocol. An attacker could     potentially use this flaw to decrypt RSA-encrypted     cipher text from a connection using a newer SSL/TLS     protocol version, allowing them to decrypt such     connections. This cross-protocol attack is publicly     referred to as DROWN.(CVE-2016-0800)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to its banner, the version of OpenSSL on the remote host is 1.0.2 prior to 1.0.2f or 1.0.1 prior to 1.0.1r and is affected by a flaw that is triggered when handling cipher negotiation. This may allow a remote attacker to negotiate SSLv2 ciphers that are disabled on the server.

ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

ID	Name	Product	Family	Published	Updated	Severity
90684	MySQL 5.7.x < 5.7.12 Multiple Vulnerabilities (DROWN)	Nessus	Databases	4/22/2016	11/19/2019	critical
91068	openSUSE Security Update : libopenssl0_9_8 (openSUSE-2016-563) (DROWN)	Nessus	SuSE Local Security Checks	5/12/2016	1/19/2021	critical
92185	Fedora 23 : mingw-openssl (2016-e1234b65a2)	Nessus	Fedora Local Security Checks	7/14/2016	1/11/2021	critical
96316	Juniper Junos Multiple OpenSSL Vulnerabilities (JSA10759) (SWEET32)	Nessus	Junos Local Security Checks	1/5/2017	8/10/2018	critical
99885	EulerOS 2.0 SP1 : openssl098e (EulerOS-SA-2017-1040)	Nessus	Huawei Local Security Checks	5/1/2017	1/6/2021	critical
9464	OpenSSL 1.0.1 < 1.0.1r / 1.0.2 < 1.0.2f Information Disclosure	Nessus Network Monitor	Web Servers	8/5/2016	3/6/2019	low
503083	Siemens SCALANCE X-200RNA Switch Devices Exposure of Sensitive Information to an Unauthorized Actor (CVE-2015-3197)	Tenable OT Security	Tenable.ot	3/13/2025	3/13/2025	medium

Detections

Analytics

Plugins Search

critical

critical

critical

critical

critical

low

medium