OpenSSL ChangeCipherSpec - Tenable Network Security

OpenSSL
ChangeCipherSpec
June 9, 2014 at 8:27am EDT
[codydumont]
SC RESEARCH
Confidential: The following report contains confidential information. Do not distribute,
email, fax, or transfer via any electronic mechanism unless it has been approved by the
recipient company's security policy. All copies and backups of this document should be
saved on protected storage at all times. Do not share any of the information contained
within this report with anyone unless they are authorized to view the information. Violating
any of the previous instructions is grounds for termination.
Table of Contents
About this Report
..................................................................................................................................................................................................
OpenSSL ChangeCipherSpec Summary
..........................................................................................................................
OpenSSL ChangeCipherSpec Vulnerabilities
OpenSSL Vulnerabilities
1
2
..........................................................................................................
4
...........................................................................................................................................................................
6
Table of Contents
OpenSSL ChangeCipherSpec
i
About this Report
As new threats emerge in networks, SecurityCenter customers are able to properly identify risk. This report
identifies systems vulnerable to the new OpenSSL ChangeCipherSpec vulnerability.
This report provides SecurityCenter customers with a good summary of the new vulnerabilities recently
discovered within OpenSSL. There are six CVEs related to this new vulnerability. They are:
CVE-2014-0224 - SSL/TLS MITM Vulnerability
CVE-2014-0221 - DTLS recursion flaw
CVE-2014-0195 - DTLS invalid fragment vulnerability
CVE-2014-0198 - SSL_MODE_RELEASE_BUFFERS NULL pointer dereference
CVE-2010-5298 - SSL_MODE_RELEASE_BUFFERS session injection
CVE-2014-3470 - Anonymous ECDH Denial of Service
This report contains three chapters which focus on the six CVEs related to the OpenSSL ChangeCipherSpec
vulnerability and OpenSSL vulnerabilities alike.
OpenSSL ChangeCipherSpec Summary: This chapter contains an executive level understanding of how
vulnerable the systems have become.
OpenSSL ChangeCipherSpec Vulnerabilities: This chapter contains a vulnerability iterator based on the six
CVEs related to OpenSSL ChangeCipherSpec vulnerabilities. For each plugin associated with the CVEs, the
vulnerability details and a list of affected systems is provided.
OpenSSL Vulnerabilities: This chapter contains a vulnerability iterator based on the six CVEs related to
OpenSSL vulnerabilities. For each plugin associated with the CVEs, the vulnerability details and a list of
affected systems is provided.
About this Report
OpenSSL ChangeCipherSpec
1
OpenSSL ChangeCipherSpec Summary
The OpenSSL ChangeCipherSpec Indicators matrix provides an overview of OpenSSL vulnerabilities and
the related ChangeCipherSpec vulnerabilities. There are three columns, one for each vulnerability type
(active, passive, event). Each column has an indicator for the six CVEs related to OpenSSL ChangeCipherSpec
vulnerability, and one indicator for all OpenSSL related vulnerabilities. The active and passive indicators will
turn red, signifying immediate action should be taken, while the event vulnerabilities are orange and signify
that administrators should investigate the true severity of the event.
OpenSSL ChangeCipherSpec Indicators
Passive Detection
Active Detection
Event Detection
ChangeCipherSpec Vulns
ChangeCipherSpec Vulns
ChangeCipherSpec Vulns
OpenSSL Vulns
OpenSSL Vulns
OpenSSL Vulns
The OpenSSL Vulnerability 7 Day Trends chart provides a 7 day trend analysis of systems with OpenSSL
vulnerabilities, with a separate trend line for each plugin type.
OpenSSL Vulnerability 7 Day Trends
OpenSSL ChangeCipherSpec Summary
OpenSSL ChangeCipherSpec
2
The OpenSSL ChangeCipherSpec Subnet Summary provides a chart showing the count per subnet of all the
systems vulnerable to the six CVEs related to OpenSSL ChangeCipherSpec.
OpenSSL ChangeCipherSpec Subnet Summary
The ChangeCipherSpec Subnet Comparative Chart provides a comparative analysis showing the percentage
of the each of the top ten vulnerable subnets. The pie chart is sorted on the total affected hosts per subnet.
ChangeCipherSpec Subnet Comparative Chart
OpenSSL ChangeCipherSpec Summary
OpenSSL ChangeCipherSpec
3
OpenSSL ChangeCipherSpec
Vulnerabilities
This chapter contains a vulnerability iterator based on the six CVEs related to OpenSSL ChangeCipherSpec
vulnerabilities. For each plugin associated with the CVEs, two tables are displayed. The first table provides all
the vulnerability details, while the second provides a list of all the affected hosts, with the following details: IP
address, MAC Address, DNS Name, and repository.
Plugin: OpenSSL 'ChangeCipherSpec' MiTM Vulnerability (74326)
Name: OpenSSL 'ChangeCipherSpec' MiTM Vulnerability
Family: Misc.
Vulnerability Details
Plugin
74326
Plugin Name
OpenSSL
'ChangeCipherSpec'
MiTM Vulnerability
Family
Misc.
Severity
Exploit?
Medium
No
Plugin Text: Synopsis: The remote host is affected by a vulnerability that could allow sensitive data to be decrypted.
Description: The OpenSSL service on the remote host is vulnerable to a man-in-the-middle (MiTM) attack, based on its response to two consecutive
'ChangeCipherSpec' messages during the incorrect phase of an SSL/TLS handshake.
This flaw could allow a MiTM attacker to decrypt or forge SSL messages by telling the service to begin encrypted communications before key material
has been exchanged, which causes predictable keys to be used to secure future traffic.
Solution: OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za. OpenSSL 1.0.0 SSL/TLS users (client and/or server) should
upgrade to 1.0.0m. OpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h.
See Also: http://www.nessus.org/u?d5709faa
https://www.imperialviolet.org/2014/06/05/earlyccs.html
https://www.openssl.org/news/secadv_20140605.txt
Risk Factor: Medium
CVSS Base Score: 5.8
CVSS Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS Temporal Score: 5.0
CVSS Temporal Vector: CVSS2#E:ND/RL:OF/RC:C
Plugin Output:
The remote service accepted an SSL ChangeCipherSpec message at an incorrect point in the handshake
leading to weak keys being used, and then attempted to decrypt an SSL record using those weak keys.
CPE: cpe:/a:openssl:openssl
OpenSSL ChangeCipherSpec Vulnerabilities
OpenSSL ChangeCipherSpec
4
CVE: CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
BID: 66363, 66801, 67193, 67898, 67899, 67900, 67901
Crossref: OSVDB #104810, OSVDB #105763, OSVDB #106531, OSVDB #107729, OSVDB #107730, OSVDB #107731, OSVDB #107732, CERT #978508
Vulnerability Publication Date: 2014/06/05
Patch Publication Date: 2014/06/05
Plugin Publication Date: 2014/06/05
Plugin Modification Date: 2014/06/06
Exploit Available: false
Exploitability Ease: No known exploits are available
Plugin Type: remote
Source File: openssl_ccs.nasl
First Discovered: Jun 6, 2014 03:26:25 EDT
Last Observed: Jun 9, 2014 06:21:18 EDT
OpenSSL ChangeCipherSpec Vulnerabilities
OpenSSL ChangeCipherSpec
5
OpenSSL Vulnerabilities
This chapter contains a vulnerability iterator based on the all OpenSSL ChangeCipherSpec vulnerabilities. For
each plugin associated with OpenSSL, two tables are displayed. The first table provides all the vulnerability
details, while the second provides a list of all the affected hosts, with the following details: IP address, MAC
Address, DNS Name, and repository.
Plugin: OpenSSL 'ChangeCipherSpec' MiTM Vulnerability (74326)
Name: OpenSSL 'ChangeCipherSpec' MiTM Vulnerability
Family: Misc.
Vulnerability Details
Plugin
74326
Plugin Name
OpenSSL
'ChangeCipherSpec'
MiTM Vulnerability
Family
Misc.
Severity
Exploit?
Medium
No
Plugin Text: Synopsis: The remote host is affected by a vulnerability that could allow sensitive data to be decrypted.
Description: The OpenSSL service on the remote host is vulnerable to a man-in-the-middle (MiTM) attack, based on its response to two consecutive
'ChangeCipherSpec' messages during the incorrect phase of an SSL/TLS handshake.
This flaw could allow a MiTM attacker to decrypt or forge SSL messages by telling the service to begin encrypted communications before key material
has been exchanged, which causes predictable keys to be used to secure future traffic.
Solution: OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za. OpenSSL 1.0.0 SSL/TLS users (client and/or server) should
upgrade to 1.0.0m. OpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h.
See Also: http://www.nessus.org/u?d5709faa
https://www.imperialviolet.org/2014/06/05/earlyccs.html
https://www.openssl.org/news/secadv_20140605.txt
Risk Factor: Medium
CVSS Base Score: 5.8
CVSS Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS Temporal Score: 5.0
CVSS Temporal Vector: CVSS2#E:ND/RL:OF/RC:C
Plugin Output:
The remote service accepted an SSL ChangeCipherSpec message at an incorrect point in the handshake
leading to weak keys being used, and then attempted to decrypt an SSL record using those weak keys.
CPE: cpe:/a:openssl:openssl
CVE: CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
BID: 66363, 66801, 67193, 67898, 67899, 67900, 67901
OpenSSL Vulnerabilities
OpenSSL ChangeCipherSpec
6
Crossref: OSVDB #104810, OSVDB #105763, OSVDB #106531, OSVDB #107729, OSVDB #107730, OSVDB #107731, OSVDB #107732, CERT #978508
Vulnerability Publication Date: 2014/06/05
Patch Publication Date: 2014/06/05
Plugin Publication Date: 2014/06/05
Plugin Modification Date: 2014/06/06
Exploit Available: false
Exploitability Ease: No known exploits are available
Plugin Type: remote
Source File: openssl_ccs.nasl
First Discovered: Jun 6, 2014 03:26:25 EDT
Last Observed: Jun 9, 2014 06:21:18 EDT
Plugin: OpenSSL Heartbeat Information Disclosure (Heartbleed) (73412)
Name: OpenSSL Heartbeat Information Disclosure (Heartbleed)
Family: Misc.
OpenSSL Vulnerabilities
OpenSSL ChangeCipherSpec
7
Vulnerability Details
Plugin
73412
Plugin Name
OpenSSL Heartbeat
Information Disclosure
(Heartbleed)
Family
Misc.
Severity
Exploit?
High
Yes
Plugin Text: Synopsis: The remote service is affected by an information disclosure vulnerability.
Description: Based on its response to a TLS request with a specially crafted heartbeat message (RFC 6520), the remote service appears to be affected
by an out-of-bounds read flaw.
This flaw could allow a remote attacker to read the contents of up to 64KB of server memory, potentially exposing passwords, private keys, and other
sensitive data.
Solution: Upgrade to OpenSSL 1.0.1g or later.
Alternatively, recompile OpenSSL with the '-DOPENSSL_NO_HEARTBEATS' flag to disable the vulnerable functionality.
See Also: http://heartbleed.com/
http://eprint.iacr.org/2014/140
http://www.openssl.org/news/vulnerabilities.html#2014-0160
Risk Factor: High
STIG Severity: I
CVSS Base Score: 9.4
CVSS Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N
CVSS Temporal Score: 8.2
CVSS Temporal Vector: CVSS2#E:ND/RL:OF/RC:C
Plugin Output: Nessus was able to read the following memory from the remote service:
0x0000: 5F 70 47 00 01 88 00 A2 00 A3 00 AA 00 AB 00 9E _pG.............
0x0010: 00 9F 00 A4 00 A5 00 A0 00 A1 00 A6 00 A7 C0 2B ...............+
0x0020: C0 2C C0 2F C0 30 C0 2D C0 2E C0 31 C0 32 00 A8 .,./.0.-...1.2..
0x0030: 00 A9 00 AC 00 AD 00 9C 00 9D 00 63 00 65 00 11 ...........c.e..
0x0040: 00 13 00 32 00 38 00 44 00 87 00 12 00 66 00 99 ...2.8.D.....f..
0x0050: 00 8F 00 90 00 91 00 8E 00 14 00 16 00 33 00 39 .............3.9
0x0060: 00 45 00 88 00 15 00 9A 00 0B 00 0D 00 30 00 36 .E...........0.6
0x0070: 00 42 00 85 00 0C 00 97 00 0E 00 10 00 31 00 37 .B...........1.7
0x0080: 00 43 00 86 00 0F 00 98 00 19 00 17 00 1B 00 34 .C.............4
0x0090: 00 3A 00 46 00 89 00 1A 00 18 00 9B C0 08 C0 09 .:.F............
0x00A0: C0 0A C0 06 C0 07 C0 12 C0 13 C0 14 C0 10 C0 11 ................
0x00B0: C0 03 C0 04 C0 05 C0 01 C0 02 C0 0D C0 0E C0 0F ................
0x00C0: C0 0B C0 0C C0 15 C0 17 C0 18 C0 19 C0 16 00 29 ...............)
0x00D0: 00 26 00 2A 00 27 00 2B 00 28 00 23 00 1F 00 22 .&.*.'.+.(.#..."
0x00E0: 00 1E 00 25 00 21 00 24 00 20 00 00 00 8B 00 8C ...%.!.$. ......
0x00F0: 00 8D 00 8A 00 62 00 61 00 60 00 64 00 08 00 06 .....b.a.`.d....
0x0100: 00 03 00 93 00 94 00 95 00 92 00 0A 00 2F 00 35 ............./.5
0x0110: 00 41 00 84 00 09 00 07 00 01 00 02 00 04 00 05 .A..............
0x0120: 00 96 00 BD 00 C3 00 B2 00 B3 00 B4 00 B5 00 BE ................
0x0130: 00 C4 00 BB 00 C1 00 BC 00 C2 00 BF 00 C5 C0 23 ...............#
0x0140: C0 24 C0 34 C0 35 C0 37 C0 36 C0 38 C0 39 C0 3A .$.4.5.7.6.8.9.:
0x0150: C0 3B C0 33 C0 27 C0 28 C0 25 C0 26 C0 29 C0 2A .;.3.'.(.%.&.).*
0x0160: 00 81 00 83 00 80 00 82 00 AE 00 AF 00 B0 00 B1 ................
0x0170: 00 B6 00 B7 00 B8 00 B9 00 BA 00 C0 C0 1C C0 1F ................
0x0180: C0 22 C0 1B C0 1E C0 21 C0 1A C0 1D C0 20 01 00 .".....!..... ..
0x0190: 00 05 00 0F 00 01 01 67 65 3A 20 65 6E 0D 0A 41 .......ge: en..A
0x01A0: 63 63 65 70 74 2D 43 68 61 72 73 65 74 3A 20 69 ccept-Charset: i
0x01B0: 73 6F 2D 38 38 35 39 2D 31 2C 2A 2C 75 74 66 2D so-8859-1,*,utf0x01C0: 38 0D 0A 0D 0A E5 A9 AD 8F 00 67 57 F4 AD 72 80 8.........gW..r.
0x01D0: 20 3A 5C D0 59 66 A0 C4 A9 03 03 03 03 41 41 41 :\.Yf.......AAA
OpenSSL Vulnerabilities
OpenSSL ChangeCipherSpec
8
0x01E0: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
*
0x0560: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0D 0A AAAAAAAAAAAAAA..
0x0570: 55 73 65 72 2D 41 67 65 6E 74 3A 20 4D 6F 7A 69 User-Agent: Mozi
0x0580: 6C 6C 61 2F 34 2E 30 20 28 63 6F 6D 70 61 74 69 lla/4.0 (compati
0x0590: 62 AA EC 16 B0 36 2D 82 04 C9 C4 50 00 47 7E 60 b....6-....P.G~`
0x05A0: 68 BB E0 36 03 07 07 07 07 07 07 07 07 00 00 00 h..6............
0x05B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
*
0x1000:
CPE: cpe:/a:openssl:openssl
CVE: CVE-2014-0160
BID: 66690
Crossref: OSVDB #105465, CERT #720951, IAVA #2014-A-0051, EDB-ID #32745, EDB-ID #32764
Vulnerability Publication Date: 2014/02/24
Patch Publication Date: 2014/04/07
Plugin Publication Date: 2014/04/08
Plugin Modification Date: 2014/05/01
Exploit Available: true
Exploitability Ease: Exploits are available
Plugin Type: remote
Source File: openssl_heartbleed.nasl
First Discovered: Apr 10, 2014 03:32:11 EDT
Last Observed: May 22, 2014 03:48:40 EDT
Plugin: PHP 5.4.x < 5.4.23 OpenSSL openssl_x509_parse() Memory Corruption
(71427)
Vulnerability Details
Plugin
71427
Plugin Name
PHP 5.4.x <
5.4.23 OpenSSL
Family
CGI abuses
Severity
Exploit?
Medium
Yes
OpenSSL Vulnerabilities
OpenSSL ChangeCipherSpec
9
openssl_x509_parse()
Memory Corruption
Plugin Text: Synopsis: The remote web server uses a version of PHP that is potentially affected by a memory corruption vulnerability.
Description: According to its banner, the version of PHP 5.4.x installed on the remote host is a version prior to 5.4.23. It is, therefore, potentially
affected by a memory corruption flaw in the way the openssl_x509_parse() function of the PHP OpenSSL extension parsed X.509 certificates. A remote
attacker could use this flaw to provide a malicious, self-signed certificate or a certificate signed by a trusted authority to a PHP application using the
aforementioned function. This could cause the application to crash or possibly allow the attacker to execute arbitrary code with the privileges of the user
running the PHP interpreter.
Note that this plugin does not attempt to exploit the vulnerability, but instead relies only on PHP's self-reported version number.
Solution: Upgrade to PHP version 5.4.23 or later.
See Also: http://www.php.net/ChangeLog-5.php#5.4.23
http://seclists.org/fulldisclosure/2013/Dec/96
https://bugzilla.redhat.com/show_bug.cgi?id=1036830
Risk Factor: Medium
CVSS Base Score: 6.8
CVSS Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS Temporal Score: 5.9
CVSS Temporal Vector: CVSS2#E:ND/RL:OF/RC:C
Plugin Output:
Version source : X-Powered-By: PHP/5.4.4-14+deb7u8
Installed version : 5.4.4-14+deb7u8
Fixed version : 5.4.23
CPE: cpe:/a:php:php
CVE: CVE-2013-6420
BID: 64225
Crossref: OSVDB #100979, EDB-ID #30395
Vulnerability Publication Date: 2013/12/02
Patch Publication Date: 2013/12/12
Plugin Publication Date: 2013/12/14
Plugin Modification Date: 2013/12/19
Exploit Available: true
Exploitability Ease: Exploits are available
Plugin Type: remote
Source File: php_5_4_23.nasl
First Discovered: Mar 28, 2014 18:18:06 EDT
Last Observed: May 19, 2014 07:07:18 EDT
OpenSSL Vulnerabilities
OpenSSL ChangeCipherSpec
10
Plugin: Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : openssl
vulnerabilities (USN-1451-1) (59289)
Name: Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : openssl vulnerabilities (USN-1451-1)
Family: Ubuntu Local Security Checks
Vulnerability Details
Plugin
59289
Plugin Name
Ubuntu 8.04 LTS /
10.04 LTS / 11.04 /
11.10 / 12.04 LTS :
openssl vulnerabilities
(USN-1451-1)
Family
Ubuntu Local Security Checks
Severity
Exploit?
Medium
No
Plugin Text: Synopsis: The remote Ubuntu host is missing one or more security-related patches.
Description: Ivan Nestlerode discovered that the Cryptographic Message Syntax (CMS) and PKCS #7 implementations in OpenSSL returned early if RSA
decryption failed. This could allow an attacker to expose sensitive information via a Million Message Attack (MMA). (CVE-2012-0884)
It was discovered that an integer underflow was possible when using TLS 1.1, TLS 1.2, or DTLS with CBC encryption. This could allow a remote attacker to
cause a denial of service. (CVE-2012-2333).
Solution: Update the affected libssl0.9.8, libssl1.0.0 and / or openssl packages.
Risk Factor: Medium
CVSS Base Score: 6.8
CVSS Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS Temporal Score: 5.9
CVSS Temporal Vector: CVSS2#E:ND/RL:OF/RC:C
Plugin Output:
- Installed package : libssl0.9.8_0.9.8o-5ubuntu1
Fixed package : libssl0.9.8_0.9.8o-5ubuntu1.7
- Installed package : openssl_0.9.8o-5ubuntu1
Fixed package : openssl_0.9.8o-5ubuntu1.7
CPE: p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8
p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0
p-cpe:/a:canonical:ubuntu_linux:openssl
cpe:/o:canonical:ubuntu_linux:10.04:-:lts
cpe:/o:canonical:ubuntu_linux:11.04
cpe:/o:canonical:ubuntu_linux:11.10
cpe:/o:canonical:ubuntu_linux:12.04:-:lts
OpenSSL Vulnerabilities
OpenSSL ChangeCipherSpec
11
cpe:/o:canonical:ubuntu_linux:8.04:-:lts
CVE: CVE-2012-0884, CVE-2012-2333
BID: 52428, 53476
Crossref: OSVDB #80039, OSVDB #81810, USN #1451-1
Patch Publication Date: 2012/05/24
Plugin Publication Date: 2012/05/29
Plugin Modification Date: 2013/09/28
Exploit Available: false
Exploitability Ease: No known exploits are available
Plugin Type: local
Source File: ubuntu_USN-1451-1.nasl
First Discovered: Jun 4, 2014 22:25:05 EDT
Last Observed: Jun 4, 2014 22:25:05 EDT
Plugin: Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 : openssl vulnerability
(USN-1428-1) (58873)
Name: Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 : openssl vulnerability (USN-1428-1)
Family: Ubuntu Local Security Checks
Vulnerability Details
Plugin
58873
Plugin Name
Family
Ubuntu 8.04 LTS /
10.04 LTS / 11.04 / 11.10 :
Ubuntu Local Security Checks
openssl vulnerability
(USN-1428-1)
Severity
Exploit?
High
Yes
Plugin Text: Synopsis: The remote Ubuntu host is missing one or more security-related patches.
Description: It was discovered that the fix for CVE-2012-2110 was incomplete for OpenSSL 0.9.8. A remote attacker could trigger this flaw in services
that used SSL to cause a denial of service or possibly execute arbitrary code with application privileges. Ubuntu 11.10 was not affected by this issue.
(CVE-2012-2131)
The original upstream fix for CVE-2012-2110 would cause BUF_MEM_grow_clean() to sometimes return the wrong error condition.
This update fixes the problem.
OpenSSL Vulnerabilities
OpenSSL ChangeCipherSpec
12
Solution: Update the affected libssl0.9.8 and / or libssl1.0.0 packages.
Risk Factor: High
CVSS Base Score: 7.5
CVSS Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Temporal Score: 5.9
CVSS Temporal Vector: CVSS2#E:POC/RL:OF/RC:C
Plugin Output:
- Installed package : libssl0.9.8_0.9.8o-5ubuntu1
Fixed package : libssl0.9.8_0.9.8o-5ubuntu1.5
CPE: p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8
p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0
cpe:/o:canonical:ubuntu_linux:10.04:-:lts
cpe:/o:canonical:ubuntu_linux:11.04
cpe:/o:canonical:ubuntu_linux:11.10
cpe:/o:canonical:ubuntu_linux:8.04:-:lts
CVE: CVE-2012-2110, CVE-2012-2131
BID: 53212
Crossref: OSVDB #81223, USN #1428-1
Patch Publication Date: 2012/04/24
Plugin Publication Date: 2012/04/25
Plugin Modification Date: 2013/05/25
Exploit Available: true
Exploitability Ease: Exploits are available
Plugin Type: local
Source File: ubuntu_USN-1428-1.nasl
First Discovered: Jun 4, 2014 22:25:05 EDT
Last Observed: Jun 4, 2014 22:25:05 EDT
Plugin: Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 : openssl vulnerabilities
(USN-1424-1) (58808)
Name: Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 : openssl vulnerabilities (USN-1424-1)
OpenSSL Vulnerabilities
OpenSSL ChangeCipherSpec
13
Family: Ubuntu Local Security Checks
Vulnerability Details
Plugin
58808
Plugin Name
Family
Ubuntu 8.04 LTS /
10.04 LTS / 11.04 / 11.10 :
Ubuntu Local Security Checks
openssl vulnerabilities
(USN-1424-1)
Severity
Exploit?
High
Yes
Plugin Text: Synopsis: The remote Ubuntu host is missing one or more security-related patches.
Description: It was discovered that OpenSSL could be made to dereference a NULL pointer when processing S/MIME messages. A remote attacker
could use this to cause a denial of service. These issues did not affect Ubuntu 8.04 LTS. (CVE-2006-7250, CVE-2012-1165)
Tavis Ormandy discovered that OpenSSL did not properly perform bounds checking when processing DER data via BIO or FILE functions. A remote
attacker could trigger this flaw in services that used SSL to cause a denial of service or possibly execute arbitrary code with application privileges.
(CVE-2012-2110).
Solution: Update the affected libssl0.9.8 and / or libssl1.0.0 packages.
Risk Factor: High
CVSS Base Score: 7.5
CVSS Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Temporal Score: 5.9
CVSS Temporal Vector: CVSS2#E:POC/RL:OF/RC:C
Plugin Output:
- Installed package : libssl0.9.8_0.9.8o-5ubuntu1
Fixed package : libssl0.9.8_0.9.8o-5ubuntu1.4
CPE: p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8
p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0
cpe:/o:canonical:ubuntu_linux:10.04:-:lts
cpe:/o:canonical:ubuntu_linux:11.04
cpe:/o:canonical:ubuntu_linux:11.10
cpe:/o:canonical:ubuntu_linux:8.04:-:lts
CVE: CVE-2006-7250, CVE-2012-1165, CVE-2012-2110
BID: 52181, 52764, 53158
Crossref: OSVDB #79650, OSVDB #80040, OSVDB #81223, USN #1424-1
Patch Publication Date: 2012/04/19
Plugin Publication Date: 2012/04/20
Plugin Modification Date: 2013/05/25
Exploit Available: true
Exploitability Ease: Exploits are available
Plugin Type: local
Source File: ubuntu_USN-1424-1.nasl
OpenSSL Vulnerabilities
OpenSSL ChangeCipherSpec
14
First Discovered: Jun 4, 2014 22:25:05 EDT
Last Observed: Jun 4, 2014 22:25:05 EDT
Plugin: Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : openssl
vulnerabilities (USN-1357-1) (57887)
Name: Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : openssl vulnerabilities (USN-1357-1)
Family: Ubuntu Local Security Checks
Vulnerability Details
Plugin
57887
Plugin Name
Ubuntu 8.04 LTS /
10.04 LTS / 10.10 /
11.04 / 11.10 : openssl
vulnerabilities
(USN-1357-1)
Family
Ubuntu Local Security Checks
Severity
Exploit?
High
No
Plugin Text: Synopsis: The remote Ubuntu host is missing one or more security-related patches.
Description: It was discovered that the elliptic curve cryptography (ECC) subsystem in OpenSSL, when using the Elliptic Curve Digital Signature
Algorithm (ECDSA) for the ECDHE_ECDSA cipher suite, did not properly implement curves over binary fields. This could allow an attacker to determine
private keys via a timing attack. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1945)
Adam Langley discovered that the ephemeral Elliptic Curve Diffie-Hellman (ECDH) functionality in OpenSSL did not ensure thread safety while
processing handshake messages from clients. This could allow a remote attacker to cause a denial of service via out-of-order messages that violate the
TLS protocol. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04.
(CVE-2011-3210)
Nadhem Alfardan and Kenny Paterson discovered that the Datagram Transport Layer Security (DTLS) implementation in OpenSSL performed a MAC
check only if certain padding is valid. This could allow a remote attacker to recover plaintext. (CVE-2011-4108)
Antonio Martin discovered that a flaw existed in the fix to address CVE-2011-4108, the DTLS MAC check failure. This could allow a remote attacker to
cause a denial of service. (CVE-2012-0050)
Ben Laurie discovered a double free vulnerability in OpenSSL that could be triggered when the X509_V_FLAG_POLICY_CHECK flag is enabled.
This could allow a remote attacker to cause a denial of service. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu
11.04. (CVE-2011-4109)
It was discovered that OpenSSL, in certain circumstances involving ECDH or ECDHE cipher suites, used an incorrect modular reduction algorithm in
its implementation of the P-256 and P-384 NIST elliptic curves. This could allow a remote attacker to obtain the private key of a TLS server via multiple
handshake attempts. This issue only affected Ubuntu 8.04 LTS. (CVE-2011-4354)
Adam Langley discovered that the SSL 3.0 implementation in OpenSSL did not properly initialize data structures for block cipher padding. This could
allow a remote attacker to obtain sensitive information.
(CVE-2011-4576)
OpenSSL Vulnerabilities
OpenSSL ChangeCipherSpec
15
Andrew Chi discovered that OpenSSL, when RFC 3779 support is enabled, could trigger an assert when handling an X.509 certificate containing
certificate-extension data associated with IP address blocks or Autonomous System (AS) identifiers. This could allow a remote attacker to cause a denial
of service. (CVE-2011-4577)
Adam Langley discovered that the Server Gated Cryptography (SGC) implementation in OpenSSL did not properly handle handshake restarts.
This could allow a remote attacker to cause a denial of service.
(CVE-2011-4619)
Andrey Kulikov discovered that the GOST block cipher engine in OpenSSL did not properly handle invalid parameters. This could allow a remote attacker
to cause a denial of service via crafted data from a TLS client. This issue only affected Ubuntu 11.10. (CVE-2012-0027).
Solution: Update the affected libssl0.9.8, libssl1.0.0 and / or openssl packages.
Risk Factor: High
CVSS Base Score: 9.3
CVSS Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Temporal Score: 6.9
CVSS Temporal Vector: CVSS2#E:U/RL:OF/RC:C
Plugin Output:
- Installed package : libssl0.9.8_0.9.8o-5ubuntu1
Fixed package : libssl0.9.8_0.9.8o-5ubuntu1.2
- Installed package : openssl_0.9.8o-5ubuntu1
Fixed package : openssl_0.9.8o-5ubuntu1.2
CPE: p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8
p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0
p-cpe:/a:canonical:ubuntu_linux:openssl
cpe:/o:canonical:ubuntu_linux:10.04:-:lts
cpe:/o:canonical:ubuntu_linux:10.10
cpe:/o:canonical:ubuntu_linux:11.04
cpe:/o:canonical:ubuntu_linux:11.10
cpe:/o:canonical:ubuntu_linux:8.04:-:lts
CVE: CVE-2011-1945, CVE-2011-3210, CVE-2011-4108, CVE-2011-4109, CVE-2011-4354, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2012-0027,
CVE-2012-0050
BID: 47888, 49471, 50882, 51281, 51563
Crossref: OSVDB #74632, OSVDB #75230, OSVDB #77650, OSVDB #78186, OSVDB #78187, OSVDB #78188, OSVDB #78189, OSVDB #78190, OSVDB
#78191, OSVDB #78320, USN #1357-1
Patch Publication Date: 2012/02/09
Plugin Publication Date: 2012/02/10
Plugin Modification Date: 2013/05/25
Exploit Available: false
Exploitability Ease: No known exploits are available
Plugin Type: local
Source File: ubuntu_USN-1357-1.nasl
First Discovered: Jun 4, 2014 22:25:05 EDT
Last Observed: Jun 4, 2014 22:25:05 EDT
OpenSSL Vulnerabilities
OpenSSL ChangeCipherSpec
16
Plugin: OpenSSL Version Detection (57323)
Name: OpenSSL Version Detection
Family: Web Servers
Vulnerability Details
Plugin
57323
Plugin Name
OpenSSL Version
Detection
Family
Web Servers
Severity
Exploit?
Info
No
Plugin Text: Synopsis: The version of OpenSSL can be identified.
Description: The version of OpenSSL could be extracted from the web server's banner. Note that in many cases, security patches are backported and
the displayed version number does not show the patch level. Using it to identify vulnerable software is likely to lead to false detections.
Solution: n/a
See Also: http://www.openssl.org/
Risk Factor: None
Plugin Output:
Source : Server: Apache/1.3.33 (Unix) mod_ssl/2.8.22 OpenSSL/0.9.6m
Version (from banner) : 0.9.6m
CPE: cpe:/a:openssl:openssl
Plugin Publication Date: 2011/12/16
Plugin Modification Date: 2011/12/16
Plugin Type: remote
Source File: openssl_version.nasl
First Discovered: Apr 9, 2014 10:41:23 EDT
Last Observed: May 24, 2014 05:33:07 EDT
OpenSSL Vulnerabilities
OpenSSL ChangeCipherSpec
17
Plugin: OpenSSL SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
Ciphersuite Disabled Cipher Issue (51893)
Name: OpenSSL SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG Ciphersuite Disabled Cipher Issue
Family: General
Vulnerability Details
Plugin
51893
Plugin Name
Family
OpenSSL
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
General
Ciphersuite Disabled
Cipher Issue
Severity
Exploit?
Medium
No
Plugin Text: Synopsis: The remote host allows the resumption of SSL sessions with a disabled cipher.
Description: The version of OpenSSL on the remote host has been shown to allow the use of disabled ciphers when resuming a session. This means that
an attacker that sees (e.g. by sniffing) the start of an SSL connection can manipulate the OpenSSL session cache to cause subsequent resumptions of
that session to use a disabled cipher chosen by the attacker.
Solution: Upgrade to OpenSSL 0.9.8j or later.
Risk Factor: Medium
CVSS Base Score: 4.3
CVSS Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS Temporal Score: 3.2
CVSS Temporal Vector: CVSS2#E:U/RL:OF/RC:C
Plugin Output:
The server allowed the following session over SSLv3 to be resumed as follows :
Session ID : 34bb781d0f58f9aef93df835442aa96893fb80bcf101794c6ac225d025d45c8e
Initial Cipher : TLS1_CK_RSA_WITH_AES_256_CBC_SHA (0x0035)
Resumed Cipher : SSL3_CK_RSA_DES_40_CBC_SHA (0x0008)
CPE: cpe:/a:openssl:openssl
CVE: CVE-2008-7270
BID: 45254
Crossref: OSVDB #69655
Vulnerability Publication Date: 2010/12/02
Patch Publication Date: 2008/09/22
Plugin Publication Date: 2011/02/07
Plugin Modification Date: 2012/04/17
Exploit Available: false
OpenSSL Vulnerabilities
OpenSSL ChangeCipherSpec
18
Exploitability Ease: No known exploits are available
Plugin Type: remote
Source File: openssl_resume_disabled_cipher.nasl
First Discovered: Apr 3, 2014 16:15:12 EDT
Last Observed: May 22, 2014 03:48:40 EDT
Plugin: OpenSSL SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
Session Resume Ciphersuite Downgrade Issue (51892)
Name: OpenSSL SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG Session Resume Ciphersuite Downgrade Issue
Family: General
Vulnerability Details
Plugin
51892
Plugin Name
Family
OpenSSL
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
Session Resume
General
Ciphersuite Downgrade
Issue
Severity
Exploit?
Medium
No
Plugin Text: Synopsis: The remote host allows resuming SSL sessions with a weaker cipher than the one originally negotiated.
Description: The version of OpenSSL on the remote host has been shown to allow resuming session with a weaker cipher than was used when the
session was initiated. This means that an attacker that sees (i.e., by sniffing) the start of an SSL connection can manipulate the OpenSSL session cache to
cause subsequent resumptions of that session to use a weaker cipher chosen by the attacker.
Note that other SSL implementations may also be affected by this vulnerability.
Solution: Upgrade to OpenSSL 0.9.8q / 1.0.0.c or later, or contact your vendor for a patch.
See Also: http://openssl.org/news/secadv_20101202.txt
Risk Factor: Medium
CVSS Base Score: 4.3
CVSS Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS Temporal Score: 3.7
CVSS Temporal Vector: CVSS2#E:ND/RL:OF/RC:C
Plugin Output:
OpenSSL Vulnerabilities
OpenSSL ChangeCipherSpec
19
The server allowed the following session over SSLv3 to be resumed as follows :
Session ID : 3b1d0489fd36812f1379e98e212931ef19c7ffd96e4333faefdbf9385aaccf01
Initial Cipher : TLS1_CK_RSA_WITH_AES_256_CBC_SHA (0x0035)
Resumed Cipher : SSL3_CK_RSA_DES_64_CBC_SHA (0x0009)
The server allowed the following session over TLSv1 to be resumed as follows :
Session ID : 409fb25d132a9573e8d4eec7ef29291540af9aaa0ede3a42b1c915f4ab82a2de
Initial Cipher : TLS1_CK_RSA_WITH_AES_256_CBC_SHA (0x0035)
Resumed Cipher : TLS1_CK_RSA_WITH_DES_CBC_SHA (0x0009)
CPE: cpe:/a:openssl:openssl
CVE: CVE-2010-4180
BID: 45164
Crossref: OSVDB #69565
Vulnerability Publication Date: 2010/12/02
Patch Publication Date: 2010/12/02
Plugin Publication Date: 2011/02/07
Plugin Modification Date: 2014/01/27
Exploit Available: false
Exploitability Ease: No known exploits are available
Plugin Type: remote
Source File: openssl_resume_different_cipher.nasl
First Discovered: Apr 3, 2014 16:15:12 EDT
Last Observed: May 22, 2014 03:48:40 EDT
Plugin: OpenSSL Detection (50845)
Name: OpenSSL Detection
Family: Service detection
OpenSSL Vulnerabilities
OpenSSL ChangeCipherSpec
20
Vulnerability Details
Plugin
50845
Plugin Name
OpenSSL Detection
Family
Service detection
Severity
Exploit?
Info
No
Plugin Text: Synopsis: The remote service appears to use OpenSSL to encrypt traffic.
Description: Based on its response to a TLS request with a specially crafted server name extension, it seems that the remote service is using the
OpenSSL library to encrypt traffic.
Note that this plugin can only detect OpenSSL implementations that have enabled support for TLS extensions (RFC 4366).
Solution: n/a
See Also: http://www.openssl.org
Risk Factor: None
CPE: cpe:/a:openssl:openssl
Plugin Publication Date: 2010/11/30
Plugin Modification Date: 2013/10/18
Plugin Type: remote
Source File: openssl_detect.nasl
First Discovered: Apr 3, 2014 16:15:12 EDT
Last Observed: May 22, 2014 03:48:40 EDT
OpenSSL Vulnerabilities
OpenSSL ChangeCipherSpec
21

Download Report