This update for libopenssl0_9_8 fixes the following issues :

  - CVE-2016-0800 aka the 'DROWN' attack (bsc#968046):
    OpenSSL was vulnerable to a cross-protocol attack that     could lead to decryption of TLS sessions by using a     server supporting SSLv2 and EXPORT cipher suites as a     Bleichenbacher RSA padding oracle.

    This update changes the openssl library to :

  - Disable SSLv2 protocol support by default.

    This can be overridden by setting the environment     variable 'OPENSSL_ALLOW_SSL2' or by using     SSL_CTX_clear_options using the SSL_OP_NO_SSLv2 flag.

    Note that various services and clients had already     disabled SSL protocol 2 by default previously.

  - Disable all weak EXPORT ciphers by default. These can be     reenabled if required by old legacy software using the     environment variable 'OPENSSL_ALLOW_EXPORT'.

  - CVE-2016-0797 (bnc#968048): The BN_hex2bn() and     BN_dec2bn() functions had a bug that could result in an     attempt to de-reference a NULL pointer leading to     crashes. This could have security consequences if these     functions were ever called by user applications with     large untrusted hex/decimal data. Also, internal usage     of these functions in OpenSSL uses data from config     files or application command line arguments. If user     developed applications generated config file data based     on untrusted data, then this could have had security     consequences as well.

  - CVE-2016-0799 (bnc#968374) On many 64 bit systems, the     internal fmtstr() and doapr_outch() functions could     miscalculate the length of a string and attempt to     access out-of-bounds memory locations. These problems     could have enabled attacks where large amounts of     untrusted data is passed to the BIO_*printf functions.
    If applications use these functions in this way then     they could have been vulnerable. OpenSSL itself uses     these functions when printing out human-readable dumps     of ASN.1 data. Therefore applications that print this     data could have been vulnerable if the data is from     untrusted sources. OpenSSL command line applications     could also have been vulnerable when they print out     ASN.1 data, or if untrusted data is passed as command     line arguments. Libssl is not considered directly     vulnerable.

  - The package was updated to 0.9.8zh :

  - fixes many security vulnerabilities (not separately     listed): CVE-2015-3195, CVE-2015-1788, CVE-2015-1789,     CVE-2015-1790, CVE-2015-1792, CVE-2015-1791,     CVE-2015-0286, CVE-2015-0287, CVE-2015-0289,     CVE-2015-0293, CVE-2015-0209, CVE-2015-0288,     CVE-2014-3571, CVE-2014-3569, CVE-2014-3572,     CVE-2015-0204, CVE-2014-8275, CVE-2014-3570,     CVE-2014-3567, CVE-2014-3568, CVE-2014-3566,     CVE-2014-3510, CVE-2014-3507, CVE-2014-3506,     CVE-2014-3505, CVE-2014-3508, CVE-2014-0224,     CVE-2014-0221, CVE-2014-0195, CVE-2014-3470,     CVE-2014-0076, CVE-2013-0169, CVE-2013-0166

  - avoid running OPENSSL_config twice. This avoids breaking     engine loading. (boo#952871, boo#967787)

  - fix CVE-2015-3197 (boo#963415)

  - SSLv2 doesn't block disabled ciphers

According to the versions of the openssl098e package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - The OpenSSL toolkit provides support for secure     communications between machines. OpenSSL includes a     certificate management tool and shared libraries which     provide various cryptographic algorithms and     protocols.Security Fix(es):The TLS protocol 1.2 and     earlier, when a DHE_EXPORT ciphersuite is enabled on a     server but not on a client, does not properly convey a     DHE_EXPORT choice, which allows man-in-the-middle     attackers to conduct cipher-downgrade attacks by     rewriting a ClientHello with DHE replaced by DHE_EXPORT     and then rewriting a ServerHello with DHE_EXPORT     replaced by DHE, aka the 'Logjam'     issue.(CVE-2015-4000)The dsa_sign_setup function in     crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does     not properly ensure the use of constant-time     operations, which makes it easier for local users to     discover a DSA private key via a timing side-channel     attack.(CVE-2016-2178)While parsing an IPAddressFamily     extension in an X.509 certificate, it is possible to do     a one-byte overread. This would result in an incorrect     text display of the certificate. This bug has been     present since 2006 and is present in all versions of     OpenSSL before 1.0.2m and 1.1.0g.(CVE-2017-3735)The     Anti-Replay feature in the DTLS implementation in     OpenSSL before 1.1.0 mishandles early use of a new     epoch number in conjunction with a large sequence     number, which allows remote attackers to cause a denial     of service (false-positive packet drops) via spoofed     DTLS records, related to rec_layer_d1.c and     ssl3_record.c.(CVE-2016-2181)The SSL protocol 3.0, as     used in OpenSSL through 1.0.1i and other products, uses     nondeterministic CBC padding, which makes it easier for     man-in-the-middle attackers to obtain cleartext data     via a padding-oracle attack, aka the 'POODLE'     issue.(CVE-2014-3566)OpenStack Identity (Keystone)     before 2014.1.1 does not properly handle when a role is     assigned to a group that has the same ID as a user,     which allows remote authenticated users to gain     privileges that are assigned to a group with the same     ID.(CVE-2014-0204)Double free vulnerability in     d1_both.c in the DTLS implementation in OpenSSL 0.9.8     before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before     1.0.1i allows remote attackers to cause a denial of     service (application crash) via crafted DTLS packets     that trigger an error     condition.(CVE-2014-3505)d1_both.c in the DTLS     implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0     before 1.0.0n, and 1.0.1 before 1.0.1i allows remote     attackers to cause a denial of service (memory     consumption) via crafted DTLS handshake messages that     trigger memory allocations corresponding to large     length values.(CVE-2014-3506)The BN_sqr implementation     in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and     1.0.1 before 1.0.1k does not properly calculate the     square of a BIGNUM value, which might make it easier     for remote attackers to defeat cryptographic protection     mechanisms via unspecified vectors, related to     crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and     crypto/bn/bn_asm.c.(CVE-2014-3570)The OBJ_obj2txt     function in crypto/objects/obj_dat.c in OpenSSL 0.9.8     before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before     1.0.1i, when pretty printing is used, does not ensure     the presence of '\0' characters, which allows     context-dependent attackers to obtain sensitive     information from process stack memory by reading output     from X509_name_oneline, X509_name_print_ex, and     unspecified other functions.(CVE-2014-3508)The     dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL     before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before     1.0.1h frees data structures without considering that     application data can arrive between a ChangeCipherSpec     message and a Finished message, which allows remote     DTLS peers to cause a denial of service (memory     corruption and application crash) or possibly have     unspecified other impact via unexpected application     data.(CVE-2014-8176)The DES and Triple DES ciphers, as     used in the TLS, SSH, and IPSec protocols and other     protocols and products, have a birthday bound of     approximately four billion blocks, which makes it     easier for remote attackers to obtain cleartext data     via a birthday attack against a long-duration encrypted     session, as demonstrated by an HTTPS session using     Triple DES in CBC mode, aka a 'Sweet32'     attack.(CVE-2016-2183)The ASN1_item_ex_d2i function in     crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0     before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before     1.0.2a does not reinitialize CHOICE and ADB data     structures, which might allow attackers to cause a     denial of service (invalid write operation and memory     corruption) by leveraging an application that relies on     ASN.1 structure reuse.(CVE-2015-0287)The     dtls1_get_message_fragment function in d1_both.c in     OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1     before 1.0.1h allows remote attackers to cause a denial     of service (recursion and client crash) via a DTLS     hello message in an invalid DTLS     handshake.(CVE-2014-0221)The     ssl3_send_client_key_exchange function in s3_clnt.c in     OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and     1.0.1 before 1.0.1i allows remote DTLS servers to cause     a denial of service (NULL pointer dereference and     client application crash) via a crafted handshake     message in conjunction with a (1) anonymous DH or (2)     anonymous ECDH ciphersuite.(CVE-2014-3510)The     X509_to_X509_REQ function in crypto/x509/x509_req.c in     OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1     before 1.0.1m, and 1.0.2 before 1.0.2a might allow     attackers to cause a denial of service (NULL pointer     dereference and application crash) via an invalid     certificate key.(CVE-2015-0288)The PKCS#7     implementation in OpenSSL before 0.9.8zf, 1.0.0 before     1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a     does not properly handle a lack of outer ContentInfo,     which allows attackers to cause a denial of service     (NULL pointer dereference and application crash) by     leveraging an application that processes arbitrary     PKCS#7 data and providing malformed data with ASN.1     encoding, related to crypto/pkcs7/pk7_doit.c and     crypto/pkcs7/pk7_lib.c.(CVE-2015-0289)The     PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in     OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1     before 1.0.1n, and 1.0.2 before 1.0.2b allows remote     attackers to cause a denial of service (NULL pointer     dereference and application crash) via a PKCS#7 blob     that uses ASN.1 encoding and lacks inner     EncryptedContent data.(CVE-2015-1790)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Apache Traffic Server versions 5.x prior to 5.1.2 are affected by the following vulnerabilities :

 - A man-in-the-middle (MitM) information disclosure vulnerability exists which is known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. MitM attackers can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566)
 - A flaw exists that is triggered when using CONNECT to apply remaps. This may allow an attacker to enable the product to function as an open relay. (CVE-2014-3624)

A vulnerability was publicly announced in the SSLv3 protocol when using a block cipher in CBC mode. The vulnerability exists because the block cipher padding is not covered by the message authentication code and exposes users to a potential man-in-the-middle attack that relies on padding oracles. Because weaknesses have previously been discovered in stream ciphers such as RC4 in the SSLv3 protocol, the whole protocol should now be considered deprecated. This vulnerability is related to the protocol itself and is not specific to a particular SSLv3 implementation. 

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

ID	Name	Product	Family	Published	Updated	Severity
89651	openSUSE Security Update : libopenssl0_9_8 (openSUSE-2016-294) (DROWN) (FREAK) (POODLE)	Nessus	SuSE Local Security Checks	3/4/2016	12/5/2022	critical
131662	EulerOS 2.0 SP2 : openssl098e (EulerOS-SA-2019-2509)	Nessus	Huawei Local Security Checks	12/4/2019	12/5/2022	high
9081	Apache Traffic Server 5.1.x < 5.1.1 Multiple Vulnerabilities (POODLE)	Nessus Network Monitor	Web Servers	2/19/2016	3/6/2019	low
501806	Rockwell Automation Stratix SSL Padding Oracle On Downgraded Legacy Encryption (CVE-2014-3566)	Tenable OT Security	Tenable.ot	11/15/2023	4/22/2024	low

Detections

Analytics

Plugins Search

critical

high

low

low