OpenSSL

ChangeCipherSpec
June 9, 2014 at 8:27am EDT

[codydumont]
SC RESEARCH
Confidential: The following report contains confidential information. Do not distribute,
email, fax, or transfer via any electronic mechanism unless it has been approved by the
recipient company's security policy. All copies and backups of this document should be
saved on protected storage at all times. Do not share any of the information contained
within this report with anyone unless they are authorized to view the information. Violating
any of the previous instructions is grounds for termination.
Table of Contents
About this Report .................................................................................................................................................................................................. 1

OpenSSL ChangeCipherSpec Summary .......................................................................................................................... 2

OpenSSL ChangeCipherSpec Vulnerabilities .......................................................................................................... 4

OpenSSL Vulnerabilities ........................................................................................................................................................................... 6

Table of Contents

OpenSSL ChangeCipherSpec i
About this Report
As new threats emerge in networks, SecurityCenter customers are able to properly identify risk. This report
identifies systems vulnerable to the new OpenSSL ChangeCipherSpec vulnerability.
This report provides SecurityCenter customers with a good summary of the new vulnerabilities recently
discovered within OpenSSL. There are six CVEs related to this new vulnerability. They are:
CVE-2014-0224 - SSL/TLS MITM Vulnerability
CVE-2014-0221 - DTLS recursion flaw
CVE-2014-0195 - DTLS invalid fragment vulnerability
CVE-2014-0198 - SSL_MODE_RELEASE_BUFFERS NULL pointer dereference
CVE-2010-5298 - SSL_MODE_RELEASE_BUFFERS session injection
CVE-2014-3470 - Anonymous ECDH Denial of Service
This report contains three chapters which focus on the six CVEs related to the OpenSSL ChangeCipherSpec
vulnerability and OpenSSL vulnerabilities alike.
OpenSSL ChangeCipherSpec Summary: This chapter contains an executive level understanding of how
vulnerable the systems have become.
OpenSSL ChangeCipherSpec Vulnerabilities: This chapter contains a vulnerability iterator based on the six
CVEs related to OpenSSL ChangeCipherSpec vulnerabilities. For each plugin associated with the CVEs, the
vulnerability details and a list of affected systems is provided.
OpenSSL Vulnerabilities: This chapter contains a vulnerability iterator based on the six CVEs related to
OpenSSL vulnerabilities. For each plugin associated with the CVEs, the vulnerability details and a list of
affected systems is provided.

About this Report

OpenSSL ChangeCipherSpec 1
OpenSSL ChangeCipherSpec Summary
The OpenSSL ChangeCipherSpec Indicators matrix provides an overview of OpenSSL vulnerabilities and
the related ChangeCipherSpec vulnerabilities. There are three columns, one for each vulnerability type
(active, passive, event). Each column has an indicator for the six CVEs related to OpenSSL ChangeCipherSpec
vulnerability, and one indicator for all OpenSSL related vulnerabilities. The active and passive indicators will
turn red, signifying immediate action should be taken, while the event vulnerabilities are orange and signify
that administrators should investigate the true severity of the event.

OpenSSL ChangeCipherSpec Indicators

Passive Detection Active Detection Event Detection

ChangeCipherSpec Vulns ChangeCipherSpec Vulns ChangeCipherSpec Vulns
OpenSSL Vulns OpenSSL Vulns OpenSSL Vulns

The OpenSSL Vulnerability 7 Day Trends chart provides a 7 day trend analysis of systems with OpenSSL
vulnerabilities, with a separate trend line for each plugin type.

OpenSSL Vulnerability 7 Day Trends

OpenSSL ChangeCipherSpec Summary

OpenSSL ChangeCipherSpec 2
The OpenSSL ChangeCipherSpec Subnet Summary provides a chart showing the count per subnet of all the
systems vulnerable to the six CVEs related to OpenSSL ChangeCipherSpec.

OpenSSL ChangeCipherSpec Subnet Summary

The ChangeCipherSpec Subnet Comparative Chart provides a comparative analysis showing the percentage
of the each of the top ten vulnerable subnets. The pie chart is sorted on the total affected hosts per subnet.

ChangeCipherSpec Subnet Comparative Chart

OpenSSL ChangeCipherSpec Summary

OpenSSL ChangeCipherSpec 3
OpenSSL ChangeCipherSpec
Vulnerabilities
This chapter contains a vulnerability iterator based on the six CVEs related to OpenSSL ChangeCipherSpec
vulnerabilities. For each plugin associated with the CVEs, two tables are displayed. The first table provides all
the vulnerability details, while the second provides a list of all the affected hosts, with the following details: IP
address, MAC Address, DNS Name, and repository.

Plugin: OpenSSL 'ChangeCipherSpec' MiTM Vulnerability (74326)

Name: OpenSSL 'ChangeCipherSpec' MiTM Vulnerability

Family: Misc.

Vulnerability Details

Plugin Plugin Name Family Severity Exploit?

OpenSSL
74326 'ChangeCipherSpec' Misc. Medium No
MiTM Vulnerability
Plugin Text: Synopsis: The remote host is affected by a vulnerability that could allow sensitive data to be decrypted.

Description: The OpenSSL service on the remote host is vulnerable to a man-in-the-middle (MiTM) attack, based on its response to two consecutive
'ChangeCipherSpec' messages during the incorrect phase of an SSL/TLS handshake.

This flaw could allow a MiTM attacker to decrypt or forge SSL messages by telling the service to begin encrypted communications before key material
has been exchanged, which causes predictable keys to be used to secure future traffic.

Solution: OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za. OpenSSL 1.0.0 SSL/TLS users (client and/or server) should
upgrade to 1.0.0m. OpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h.

See Also: http://www.nessus.org/u?d5709faa

https://www.imperialviolet.org/2014/06/05/earlyccs.html
https://www.openssl.org/news/secadv_20140605.txt

Risk Factor: Medium

CVSS Base Score: 5.8

CVSS Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS Temporal Score: 5.0

CVSS Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Plugin Output:
The remote service accepted an SSL ChangeCipherSpec message at an incorrect point in the handshake
leading to weak keys being used, and then attempted to decrypt an SSL record using those weak keys.

CPE: cpe:/a:openssl:openssl

OpenSSL ChangeCipherSpec Vulnerabilities

OpenSSL ChangeCipherSpec 4
CVE: CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470

BID: 66363, 66801, 67193, 67898, 67899, 67900, 67901

Crossref: OSVDB #104810, OSVDB #105763, OSVDB #106531, OSVDB #107729, OSVDB #107730, OSVDB #107731, OSVDB #107732, CERT #978508

Vulnerability Publication Date: 2014/06/05

Patch Publication Date: 2014/06/05

Plugin Publication Date: 2014/06/05

Plugin Modification Date: 2014/06/06

Exploit Available: false

Exploitability Ease: No known exploits are available

Plugin Type: remote

Source File: openssl_ccs.nasl

First Discovered: Jun 6, 2014 03:26:25 EDT
Last Observed: Jun 9, 2014 06:21:18 EDT

OpenSSL ChangeCipherSpec Vulnerabilities

OpenSSL ChangeCipherSpec 5
OpenSSL Vulnerabilities
This chapter contains a vulnerability iterator based on the all OpenSSL ChangeCipherSpec vulnerabilities. For
each plugin associated with OpenSSL, two tables are displayed. The first table provides all the vulnerability
details, while the second provides a list of all the affected hosts, with the following details: IP address, MAC
Address, DNS Name, and repository.

Plugin: OpenSSL 'ChangeCipherSpec' MiTM Vulnerability (74326)

Name: OpenSSL 'ChangeCipherSpec' MiTM Vulnerability

Family: Misc.

Vulnerability Details

Plugin Plugin Name Family Severity Exploit?

OpenSSL
74326 'ChangeCipherSpec' Misc. Medium No
MiTM Vulnerability
Plugin Text: Synopsis: The remote host is affected by a vulnerability that could allow sensitive data to be decrypted.

Description: The OpenSSL service on the remote host is vulnerable to a man-in-the-middle (MiTM) attack, based on its response to two consecutive
'ChangeCipherSpec' messages during the incorrect phase of an SSL/TLS handshake.

This flaw could allow a MiTM attacker to decrypt or forge SSL messages by telling the service to begin encrypted communications before key material
has been exchanged, which causes predictable keys to be used to secure future traffic.

Solution: OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za. OpenSSL 1.0.0 SSL/TLS users (client and/or server) should
upgrade to 1.0.0m. OpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h.

See Also: http://www.nessus.org/u?d5709faa

https://www.imperialviolet.org/2014/06/05/earlyccs.html
https://www.openssl.org/news/secadv_20140605.txt

Risk Factor: Medium

CVSS Base Score: 5.8

CVSS Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS Temporal Score: 5.0

CVSS Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Plugin Output:
The remote service accepted an SSL ChangeCipherSpec message at an incorrect point in the handshake
leading to weak keys being used, and then attempted to decrypt an SSL record using those weak keys.

CPE: cpe:/a:openssl:openssl

CVE: CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470

BID: 66363, 66801, 67193, 67898, 67899, 67900, 67901

OpenSSL Vulnerabilities

OpenSSL ChangeCipherSpec 6
Crossref: OSVDB #104810, OSVDB #105763, OSVDB #106531, OSVDB #107729, OSVDB #107730, OSVDB #107731, OSVDB #107732, CERT #978508

Vulnerability Publication Date: 2014/06/05

Patch Publication Date: 2014/06/05

Plugin Publication Date: 2014/06/05

Plugin Modification Date: 2014/06/06

Exploit Available: false

Exploitability Ease: No known exploits are available

Plugin Type: remote

Source File: openssl_ccs.nasl

First Discovered: Jun 6, 2014 03:26:25 EDT
Last Observed: Jun 9, 2014 06:21:18 EDT

Plugin: OpenSSL Heartbeat Information Disclosure (Heartbleed) (73412)

Name: OpenSSL Heartbeat Information Disclosure (Heartbleed)

Family: Misc.

OpenSSL Vulnerabilities

OpenSSL ChangeCipherSpec 7
Vulnerability Details

Plugin Plugin Name Family Severity Exploit?

OpenSSL Heartbeat
73412 Information Disclosure Misc. High Yes
(Heartbleed)
Plugin Text: Synopsis: The remote service is affected by an information disclosure vulnerability.

Description: Based on its response to a TLS request with a specially crafted heartbeat message (RFC 6520), the remote service appears to be affected
by an out-of-bounds read flaw.

This flaw could allow a remote attacker to read the contents of up to 64KB of server memory, potentially exposing passwords, private keys, and other
sensitive data.

Solution: Upgrade to OpenSSL 1.0.1g or later.

Alternatively, recompile OpenSSL with the '-DOPENSSL_NO_HEARTBEATS' flag to disable the vulnerable functionality.

See Also: http://heartbleed.com/

http://eprint.iacr.org/2014/140
http://www.openssl.org/news/vulnerabilities.html#2014-0160

Risk Factor: High

STIG Severity: I

CVSS Base Score: 9.4

CVSS Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N

CVSS Temporal Score: 8.2

CVSS Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Plugin Output: Nessus was able to read the following memory from the remote service:

0x0000: 5F 70 47 00 01 88 00 A2 00 A3 00 AA 00 AB 00 9E _pG.............
0x0010: 00 9F 00 A4 00 A5 00 A0 00 A1 00 A6 00 A7 C0 2B ...............+
0x0020: C0 2C C0 2F C0 30 C0 2D C0 2E C0 31 C0 32 00 A8 .,./.0.-...1.2..
0x0030: 00 A9 00 AC 00 AD 00 9C 00 9D 00 63 00 65 00 11 ...........c.e..
0x0040: 00 13 00 32 00 38 00 44 00 87 00 12 00 66 00 99 ...2.8.D.....f..
0x0050: 00 8F 00 90 00 91 00 8E 00 14 00 16 00 33 00 39 .............3.9
0x0060: 00 45 00 88 00 15 00 9A 00 0B 00 0D 00 30 00 36 .E...........0.6
0x0070: 00 42 00 85 00 0C 00 97 00 0E 00 10 00 31 00 37 .B...........1.7
0x0080: 00 43 00 86 00 0F 00 98 00 19 00 17 00 1B 00 34 .C.............4
0x0090: 00 3A 00 46 00 89 00 1A 00 18 00 9B C0 08 C0 09 .:.F............
0x00A0: C0 0A C0 06 C0 07 C0 12 C0 13 C0 14 C0 10 C0 11 ................
0x00B0: C0 03 C0 04 C0 05 C0 01 C0 02 C0 0D C0 0E C0 0F ................
0x00C0: C0 0B C0 0C C0 15 C0 17 C0 18 C0 19 C0 16 00 29 ...............)
0x00D0: 00 26 00 2A 00 27 00 2B 00 28 00 23 00 1F 00 22 .&.*.'.+.(.#..."
0x00E0: 00 1E 00 25 00 21 00 24 00 20 00 00 00 8B 00 8C ...%.!.$. ......
0x00F0: 00 8D 00 8A 00 62 00 61 00 60 00 64 00 08 00 06 .....b.a.`.d....
0x0100: 00 03 00 93 00 94 00 95 00 92 00 0A 00 2F 00 35 ............./.5
0x0110: 00 41 00 84 00 09 00 07 00 01 00 02 00 04 00 05 .A..............
0x0120: 00 96 00 BD 00 C3 00 B2 00 B3 00 B4 00 B5 00 BE ................
0x0130: 00 C4 00 BB 00 C1 00 BC 00 C2 00 BF 00 C5 C0 23 ...............#
0x0140: C0 24 C0 34 C0 35 C0 37 C0 36 C0 38 C0 39 C0 3A .$.4.5.7.6.8.9.:
0x0150: C0 3B C0 33 C0 27 C0 28 C0 25 C0 26 C0 29 C0 2A .;.3.'.(.%.&.).*
0x0160: 00 81 00 83 00 80 00 82 00 AE 00 AF 00 B0 00 B1 ................
0x0170: 00 B6 00 B7 00 B8 00 B9 00 BA 00 C0 C0 1C C0 1F ................
0x0180: C0 22 C0 1B C0 1E C0 21 C0 1A C0 1D C0 20 01 00 .".....!..... ..
0x0190: 00 05 00 0F 00 01 01 67 65 3A 20 65 6E 0D 0A 41 .......ge: en..A
0x01A0: 63 63 65 70 74 2D 43 68 61 72 73 65 74 3A 20 69 ccept-Charset: i
0x01B0: 73 6F 2D 38 38 35 39 2D 31 2C 2A 2C 75 74 66 2D so-8859-1,*,utf-
0x01C0: 38 0D 0A 0D 0A E5 A9 AD 8F 00 67 57 F4 AD 72 80 8.........gW..r.
0x01D0: 20 3A 5C D0 59 66 A0 C4 A9 03 03 03 03 41 41 41 :\.Yf.......AAA

OpenSSL Vulnerabilities

OpenSSL ChangeCipherSpec 8
0x01E0: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
*
0x0560: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0D 0A AAAAAAAAAAAAAA..
0x0570: 55 73 65 72 2D 41 67 65 6E 74 3A 20 4D 6F 7A 69 User-Agent: Mozi
0x0580: 6C 6C 61 2F 34 2E 30 20 28 63 6F 6D 70 61 74 69 lla/4.0 (compati
0x0590: 62 AA EC 16 B0 36 2D 82 04 C9 C4 50 00 47 7E 60 b....6-....P.G~`
0x05A0: 68 BB E0 36 03 07 07 07 07 07 07 07 07 00 00 00 h..6............
0x05B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
*
0x1000:

CPE: cpe:/a:openssl:openssl

CVE: CVE-2014-0160

BID: 66690

Crossref: OSVDB #105465, CERT #720951, IAVA #2014-A-0051, EDB-ID #32745, EDB-ID #32764

Vulnerability Publication Date: 2014/02/24

Patch Publication Date: 2014/04/07

Plugin Publication Date: 2014/04/08

Plugin Modification Date: 2014/05/01

Exploit Available: true

Exploitability Ease: Exploits are available

Plugin Type: remote

Source File: openssl_heartbleed.nasl

First Discovered: Apr 10, 2014 03:32:11 EDT
Last Observed: May 22, 2014 03:48:40 EDT

Plugin: PHP 5.4.x < 5.4.23 OpenSSL openssl_x509_parse() Memory Corruption

(71427)

Vulnerability Details

Plugin Plugin Name Family Severity Exploit?

PHP 5.4.x <
71427 CGI abuses Medium Yes
5.4.23 OpenSSL

OpenSSL Vulnerabilities

OpenSSL ChangeCipherSpec 9
 openssl_x509_parse()
Memory Corruption
Plugin Text: Synopsis: The remote web server uses a version of PHP that is potentially affected by a memory corruption vulnerability.

Description: According to its banner, the version of PHP 5.4.x installed on the remote host is a version prior to 5.4.23. It is, therefore, potentially
affected by a memory corruption flaw in the way the openssl_x509_parse() function of the PHP OpenSSL extension parsed X.509 certificates. A remote
attacker could use this flaw to provide a malicious, self-signed certificate or a certificate signed by a trusted authority to a PHP application using the
aforementioned function. This could cause the application to crash or possibly allow the attacker to execute arbitrary code with the privileges of the user
running the PHP interpreter.

Note that this plugin does not attempt to exploit the vulnerability, but instead relies only on PHP's self-reported version number.

Solution: Upgrade to PHP version 5.4.23 or later.

See Also: http://www.php.net/ChangeLog-5.php#5.4.23

http://seclists.org/fulldisclosure/2013/Dec/96
https://bugzilla.redhat.com/show_bug.cgi?id=1036830

Risk Factor: Medium

CVSS Base Score: 6.8

CVSS Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Temporal Score: 5.9

CVSS Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Plugin Output:
Version source : X-Powered-By: PHP/5.4.4-14+deb7u8
Installed version : 5.4.4-14+deb7u8
Fixed version : 5.4.23

CPE: cpe:/a:php:php

CVE: CVE-2013-6420

BID: 64225

Crossref: OSVDB #100979, EDB-ID #30395

Vulnerability Publication Date: 2013/12/02

Patch Publication Date: 2013/12/12

Plugin Publication Date: 2013/12/14

Plugin Modification Date: 2013/12/19

Exploit Available: true

Exploitability Ease: Exploits are available

Plugin Type: remote

Source File: php_5_4_23.nasl

First Discovered: Mar 28, 2014 18:18:06 EDT
Last Observed: May 19, 2014 07:07:18 EDT

OpenSSL Vulnerabilities

OpenSSL ChangeCipherSpec 10
Plugin: Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : openssl
vulnerabilities (USN-1451-1) (59289)

Name: Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : openssl vulnerabilities (USN-1451-1)
Family: Ubuntu Local Security Checks

Vulnerability Details

Plugin Plugin Name Family Severity Exploit?

Ubuntu 8.04 LTS /
10.04 LTS / 11.04 /
59289 11.10 / 12.04 LTS : Ubuntu Local Security Checks Medium No
openssl vulnerabilities
(USN-1451-1)
Plugin Text: Synopsis: The remote Ubuntu host is missing one or more security-related patches.

Description: Ivan Nestlerode discovered that the Cryptographic Message Syntax (CMS) and PKCS #7 implementations in OpenSSL returned early if RSA
decryption failed. This could allow an attacker to expose sensitive information via a Million Message Attack (MMA). (CVE-2012-0884)

It was discovered that an integer underflow was possible when using TLS 1.1, TLS 1.2, or DTLS with CBC encryption. This could allow a remote attacker to
cause a denial of service. (CVE-2012-2333).

Solution: Update the affected libssl0.9.8, libssl1.0.0 and / or openssl packages.

Risk Factor: Medium

CVSS Base Score: 6.8

CVSS Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Temporal Score: 5.9

CVSS Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Plugin Output:
- Installed package : libssl0.9.8_0.9.8o-5ubuntu1
Fixed package : libssl0.9.8_0.9.8o-5ubuntu1.7

- Installed package : openssl_0.9.8o-5ubuntu1

Fixed package : openssl_0.9.8o-5ubuntu1.7

CPE: p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8
p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0
p-cpe:/a:canonical:ubuntu_linux:openssl
cpe:/o:canonical:ubuntu_linux:10.04:-:lts
cpe:/o:canonical:ubuntu_linux:11.04
cpe:/o:canonical:ubuntu_linux:11.10
cpe:/o:canonical:ubuntu_linux:12.04:-:lts

OpenSSL Vulnerabilities

OpenSSL ChangeCipherSpec 11
cpe:/o:canonical:ubuntu_linux:8.04:-:lts

CVE: CVE-2012-0884, CVE-2012-2333

BID: 52428, 53476

Crossref: OSVDB #80039, OSVDB #81810, USN #1451-1

Patch Publication Date: 2012/05/24

Plugin Publication Date: 2012/05/29

Plugin Modification Date: 2013/09/28

Exploit Available: false

Exploitability Ease: No known exploits are available

Plugin Type: local

Source File: ubuntu_USN-1451-1.nasl

First Discovered: Jun 4, 2014 22:25:05 EDT
Last Observed: Jun 4, 2014 22:25:05 EDT

Plugin: Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 : openssl vulnerability
(USN-1428-1) (58873)

Name: Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 : openssl vulnerability (USN-1428-1)
Family: Ubuntu Local Security Checks

Vulnerability Details

Plugin Plugin Name Family Severity Exploit?

Ubuntu 8.04 LTS /
10.04 LTS / 11.04 / 11.10 :
58873 Ubuntu Local Security Checks High Yes
openssl vulnerability
(USN-1428-1)
Plugin Text: Synopsis: The remote Ubuntu host is missing one or more security-related patches.

Description: It was discovered that the fix for CVE-2012-2110 was incomplete for OpenSSL 0.9.8. A remote attacker could trigger this flaw in services
that used SSL to cause a denial of service or possibly execute arbitrary code with application privileges. Ubuntu 11.10 was not affected by this issue.
(CVE-2012-2131)

The original upstream fix for CVE-2012-2110 would cause BUF_MEM_grow_clean() to sometimes return the wrong error condition.
This update fixes the problem.

OpenSSL Vulnerabilities

OpenSSL ChangeCipherSpec 12
Solution: Update the affected libssl0.9.8 and / or libssl1.0.0 packages.

Risk Factor: High

CVSS Base Score: 7.5

CVSS Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Temporal Score: 5.9

CVSS Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Plugin Output:
- Installed package : libssl0.9.8_0.9.8o-5ubuntu1
Fixed package : libssl0.9.8_0.9.8o-5ubuntu1.5

CPE: p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8
p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0
cpe:/o:canonical:ubuntu_linux:10.04:-:lts
cpe:/o:canonical:ubuntu_linux:11.04
cpe:/o:canonical:ubuntu_linux:11.10
cpe:/o:canonical:ubuntu_linux:8.04:-:lts

CVE: CVE-2012-2110, CVE-2012-2131

BID: 53212

Crossref: OSVDB #81223, USN #1428-1

Patch Publication Date: 2012/04/24

Plugin Publication Date: 2012/04/25

Plugin Modification Date: 2013/05/25

Exploit Available: true

Exploitability Ease: Exploits are available

Plugin Type: local

Source File: ubuntu_USN-1428-1.nasl

First Discovered: Jun 4, 2014 22:25:05 EDT
Last Observed: Jun 4, 2014 22:25:05 EDT

Plugin: Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 : openssl vulnerabilities
(USN-1424-1) (58808)

Name: Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 : openssl vulnerabilities (USN-1424-1)

OpenSSL Vulnerabilities

OpenSSL ChangeCipherSpec 13
Family: Ubuntu Local Security Checks

Vulnerability Details

Plugin Plugin Name Family Severity Exploit?

Ubuntu 8.04 LTS /
10.04 LTS / 11.04 / 11.10 :
58808 Ubuntu Local Security Checks High Yes
openssl vulnerabilities
(USN-1424-1)
Plugin Text: Synopsis: The remote Ubuntu host is missing one or more security-related patches.

Description: It was discovered that OpenSSL could be made to dereference a NULL pointer when processing S/MIME messages. A remote attacker
could use this to cause a denial of service. These issues did not affect Ubuntu 8.04 LTS. (CVE-2006-7250, CVE-2012-1165)

Tavis Ormandy discovered that OpenSSL did not properly perform bounds checking when processing DER data via BIO or FILE functions. A remote
attacker could trigger this flaw in services that used SSL to cause a denial of service or possibly execute arbitrary code with application privileges.
(CVE-2012-2110).

Solution: Update the affected libssl0.9.8 and / or libssl1.0.0 packages.

Risk Factor: High

CVSS Base Score: 7.5

CVSS Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Temporal Score: 5.9

CVSS Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Plugin Output:
- Installed package : libssl0.9.8_0.9.8o-5ubuntu1
Fixed package : libssl0.9.8_0.9.8o-5ubuntu1.4

CPE: p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8
p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0
cpe:/o:canonical:ubuntu_linux:10.04:-:lts
cpe:/o:canonical:ubuntu_linux:11.04
cpe:/o:canonical:ubuntu_linux:11.10
cpe:/o:canonical:ubuntu_linux:8.04:-:lts

CVE: CVE-2006-7250, CVE-2012-1165, CVE-2012-2110

BID: 52181, 52764, 53158

Crossref: OSVDB #79650, OSVDB #80040, OSVDB #81223, USN #1424-1

Patch Publication Date: 2012/04/19

Plugin Publication Date: 2012/04/20

Plugin Modification Date: 2013/05/25

Exploit Available: true

Exploitability Ease: Exploits are available

Plugin Type: local

Source File: ubuntu_USN-1424-1.nasl

OpenSSL Vulnerabilities

OpenSSL ChangeCipherSpec 14
First Discovered: Jun 4, 2014 22:25:05 EDT
Last Observed: Jun 4, 2014 22:25:05 EDT

Plugin: Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : openssl
vulnerabilities (USN-1357-1) (57887)

Name: Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : openssl vulnerabilities (USN-1357-1)
Family: Ubuntu Local Security Checks

Vulnerability Details

Plugin Plugin Name Family Severity Exploit?

Ubuntu 8.04 LTS /
10.04 LTS / 10.10 /
57887 11.04 / 11.10 : openssl Ubuntu Local Security Checks High No
vulnerabilities
(USN-1357-1)
Plugin Text: Synopsis: The remote Ubuntu host is missing one or more security-related patches.

Description: It was discovered that the elliptic curve cryptography (ECC) subsystem in OpenSSL, when using the Elliptic Curve Digital Signature
Algorithm (ECDSA) for the ECDHE_ECDSA cipher suite, did not properly implement curves over binary fields. This could allow an attacker to determine
private keys via a timing attack. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1945)

Adam Langley discovered that the ephemeral Elliptic Curve Diffie-Hellman (ECDH) functionality in OpenSSL did not ensure thread safety while
processing handshake messages from clients. This could allow a remote attacker to cause a denial of service via out-of-order messages that violate the
TLS protocol. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04.
(CVE-2011-3210)

Nadhem Alfardan and Kenny Paterson discovered that the Datagram Transport Layer Security (DTLS) implementation in OpenSSL performed a MAC
check only if certain padding is valid. This could allow a remote attacker to recover plaintext. (CVE-2011-4108)

Antonio Martin discovered that a flaw existed in the fix to address CVE-2011-4108, the DTLS MAC check failure. This could allow a remote attacker to
cause a denial of service. (CVE-2012-0050)

Ben Laurie discovered a double free vulnerability in OpenSSL that could be triggered when the X509_V_FLAG_POLICY_CHECK flag is enabled.
This could allow a remote attacker to cause a denial of service. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu
11.04. (CVE-2011-4109)

It was discovered that OpenSSL, in certain circumstances involving ECDH or ECDHE cipher suites, used an incorrect modular reduction algorithm in
its implementation of the P-256 and P-384 NIST elliptic curves. This could allow a remote attacker to obtain the private key of a TLS server via multiple
handshake attempts. This issue only affected Ubuntu 8.04 LTS. (CVE-2011-4354)

Adam Langley discovered that the SSL 3.0 implementation in OpenSSL did not properly initialize data structures for block cipher padding. This could
allow a remote attacker to obtain sensitive information.
(CVE-2011-4576)

OpenSSL Vulnerabilities

OpenSSL ChangeCipherSpec 15
Andrew Chi discovered that OpenSSL, when RFC 3779 support is enabled, could trigger an assert when handling an X.509 certificate containing
certificate-extension data associated with IP address blocks or Autonomous System (AS) identifiers. This could allow a remote attacker to cause a denial
of service. (CVE-2011-4577)

Adam Langley discovered that the Server Gated Cryptography (SGC) implementation in OpenSSL did not properly handle handshake restarts.
This could allow a remote attacker to cause a denial of service.
(CVE-2011-4619)

Andrey Kulikov discovered that the GOST block cipher engine in OpenSSL did not properly handle invalid parameters. This could allow a remote attacker
to cause a denial of service via crafted data from a TLS client. This issue only affected Ubuntu 11.10. (CVE-2012-0027).

Solution: Update the affected libssl0.9.8, libssl1.0.0 and / or openssl packages.

Risk Factor: High

CVSS Base Score: 9.3

CVSS Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Temporal Score: 6.9

CVSS Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Plugin Output:
- Installed package : libssl0.9.8_0.9.8o-5ubuntu1
Fixed package : libssl0.9.8_0.9.8o-5ubuntu1.2

- Installed package : openssl_0.9.8o-5ubuntu1

Fixed package : openssl_0.9.8o-5ubuntu1.2

CPE: p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8
p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0
p-cpe:/a:canonical:ubuntu_linux:openssl
cpe:/o:canonical:ubuntu_linux:10.04:-:lts
cpe:/o:canonical:ubuntu_linux:10.10
cpe:/o:canonical:ubuntu_linux:11.04
cpe:/o:canonical:ubuntu_linux:11.10
cpe:/o:canonical:ubuntu_linux:8.04:-:lts

CVE: CVE-2011-1945, CVE-2011-3210, CVE-2011-4108, CVE-2011-4109, CVE-2011-4354, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2012-0027,
CVE-2012-0050

BID: 47888, 49471, 50882, 51281, 51563

Crossref: OSVDB #74632, OSVDB #75230, OSVDB #77650, OSVDB #78186, OSVDB #78187, OSVDB #78188, OSVDB #78189, OSVDB #78190, OSVDB
#78191, OSVDB #78320, USN #1357-1

Patch Publication Date: 2012/02/09

Plugin Publication Date: 2012/02/10

Plugin Modification Date: 2013/05/25

Exploit Available: false

Exploitability Ease: No known exploits are available

Plugin Type: local

Source File: ubuntu_USN-1357-1.nasl

First Discovered: Jun 4, 2014 22:25:05 EDT
Last Observed: Jun 4, 2014 22:25:05 EDT

OpenSSL Vulnerabilities

OpenSSL ChangeCipherSpec 16
Plugin: OpenSSL Version Detection (57323)

Name: OpenSSL Version Detection

Family: Web Servers

Vulnerability Details

Plugin Plugin Name Family Severity Exploit?

OpenSSL Version
57323 Web Servers Info No
Detection
Plugin Text: Synopsis: The version of OpenSSL can be identified.

Description: The version of OpenSSL could be extracted from the web server's banner. Note that in many cases, security patches are backported and
the displayed version number does not show the patch level. Using it to identify vulnerable software is likely to lead to false detections.

Solution: n/a

See Also: http://www.openssl.org/

Risk Factor: None

Plugin Output:
Source : Server: Apache/1.3.33 (Unix) mod_ssl/2.8.22 OpenSSL/0.9.6m
Version (from banner) : 0.9.6m

CPE: cpe:/a:openssl:openssl

Plugin Publication Date: 2011/12/16

Plugin Modification Date: 2011/12/16

Plugin Type: remote

Source File: openssl_version.nasl

First Discovered: Apr 9, 2014 10:41:23 EDT
Last Observed: May 24, 2014 05:33:07 EDT

OpenSSL Vulnerabilities

OpenSSL ChangeCipherSpec 17
Plugin: OpenSSL SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
Ciphersuite Disabled Cipher Issue (51893)

Name: OpenSSL SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG Ciphersuite Disabled Cipher Issue

Family: General

Vulnerability Details

Plugin Plugin Name Family Severity Exploit?

OpenSSL
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
51893 General Medium No
Ciphersuite Disabled
Cipher Issue
Plugin Text: Synopsis: The remote host allows the resumption of SSL sessions with a disabled cipher.

Description: The version of OpenSSL on the remote host has been shown to allow the use of disabled ciphers when resuming a session. This means that
an attacker that sees (e.g. by sniffing) the start of an SSL connection can manipulate the OpenSSL session cache to cause subsequent resumptions of
that session to use a disabled cipher chosen by the attacker.

Solution: Upgrade to OpenSSL 0.9.8j or later.

Risk Factor: Medium

CVSS Base Score: 4.3

CVSS Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS Temporal Score: 3.2

CVSS Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Plugin Output:
The server allowed the following session over SSLv3 to be resumed as follows :

Session ID : 34bb781d0f58f9aef93df835442aa96893fb80bcf101794c6ac225d025d45c8e
Initial Cipher : TLS1_CK_RSA_WITH_AES_256_CBC_SHA (0x0035)
Resumed Cipher : SSL3_CK_RSA_DES_40_CBC_SHA (0x0008)

CPE: cpe:/a:openssl:openssl

CVE: CVE-2008-7270

BID: 45254

Crossref: OSVDB #69655

Vulnerability Publication Date: 2010/12/02

Patch Publication Date: 2008/09/22

Plugin Publication Date: 2011/02/07

Plugin Modification Date: 2012/04/17

Exploit Available: false

OpenSSL Vulnerabilities

OpenSSL ChangeCipherSpec 18
Exploitability Ease: No known exploits are available

Plugin Type: remote

Source File: openssl_resume_disabled_cipher.nasl

First Discovered: Apr 3, 2014 16:15:12 EDT
Last Observed: May 22, 2014 03:48:40 EDT

Plugin: OpenSSL SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG

Session Resume Ciphersuite Downgrade Issue (51892)

Name: OpenSSL SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG Session Resume Ciphersuite Downgrade Issue

Family: General

Vulnerability Details

Plugin Plugin Name Family Severity Exploit?

OpenSSL
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
51892 Session Resume General Medium No
Ciphersuite Downgrade
Issue
Plugin Text: Synopsis: The remote host allows resuming SSL sessions with a weaker cipher than the one originally negotiated.

Description: The version of OpenSSL on the remote host has been shown to allow resuming session with a weaker cipher than was used when the
session was initiated. This means that an attacker that sees (i.e., by sniffing) the start of an SSL connection can manipulate the OpenSSL session cache to
cause subsequent resumptions of that session to use a weaker cipher chosen by the attacker.

Note that other SSL implementations may also be affected by this vulnerability.

Solution: Upgrade to OpenSSL 0.9.8q / 1.0.0.c or later, or contact your vendor for a patch.

See Also: http://openssl.org/news/secadv_20101202.txt

Risk Factor: Medium

CVSS Base Score: 4.3

CVSS Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS Temporal Score: 3.7

CVSS Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Plugin Output:

OpenSSL Vulnerabilities

OpenSSL ChangeCipherSpec 19
The server allowed the following session over SSLv3 to be resumed as follows :

Session ID : 3b1d0489fd36812f1379e98e212931ef19c7ffd96e4333faefdbf9385aaccf01
Initial Cipher : TLS1_CK_RSA_WITH_AES_256_CBC_SHA (0x0035)
Resumed Cipher : SSL3_CK_RSA_DES_64_CBC_SHA (0x0009)

The server allowed the following session over TLSv1 to be resumed as follows :

Session ID : 409fb25d132a9573e8d4eec7ef29291540af9aaa0ede3a42b1c915f4ab82a2de
Initial Cipher : TLS1_CK_RSA_WITH_AES_256_CBC_SHA (0x0035)
Resumed Cipher : TLS1_CK_RSA_WITH_DES_CBC_SHA (0x0009)

CPE: cpe:/a:openssl:openssl

CVE: CVE-2010-4180

BID: 45164

Crossref: OSVDB #69565

Vulnerability Publication Date: 2010/12/02

Patch Publication Date: 2010/12/02

Plugin Publication Date: 2011/02/07

Plugin Modification Date: 2014/01/27

Exploit Available: false

Exploitability Ease: No known exploits are available

Plugin Type: remote

Source File: openssl_resume_different_cipher.nasl

First Discovered: Apr 3, 2014 16:15:12 EDT
Last Observed: May 22, 2014 03:48:40 EDT

Plugin: OpenSSL Detection (50845)

Name: OpenSSL Detection

Family: Service detection

OpenSSL Vulnerabilities

OpenSSL ChangeCipherSpec 20
Vulnerability Details

Plugin Plugin Name Family Severity Exploit?

50845 OpenSSL Detection Service detection Info No
Plugin Text: Synopsis: The remote service appears to use OpenSSL to encrypt traffic.

Description: Based on its response to a TLS request with a specially crafted server name extension, it seems that the remote service is using the
OpenSSL library to encrypt traffic.

Note that this plugin can only detect OpenSSL implementations that have enabled support for TLS extensions (RFC 4366).

Solution: n/a

See Also: http://www.openssl.org

Risk Factor: None

CPE: cpe:/a:openssl:openssl

Plugin Publication Date: 2010/11/30

Plugin Modification Date: 2013/10/18

Plugin Type: remote

Source File: openssl_detect.nasl

First Discovered: Apr 3, 2014 16:15:12 EDT
Last Observed: May 22, 2014 03:48:40 EDT

OpenSSL Vulnerabilities

OpenSSL ChangeCipherSpec 21