Executive Summary

Summary
Title openssl regression update
Informations
Name DSA-3197 First vendor Publication 2015-03-19
Vendor Debian Last vendor Modification 2015-03-24
Severity (Vendor) N/A Revision 2

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The openssl update issued as DSA 3197-1 caused regressions. This update reverts the defective patch applied in that update causing these problems. Additionally a follow-up fix for CVE-2015-0209 is applied. For reference the original advisory text follows.

Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues:

CVE-2015-0286

Stephen Henson discovered that the ASN1_TYPE_cmp() function can be crashed, resulting in denial of service.

CVE-2015-0287

Emilia Kaesper discovered a memory corruption in ASN.1 parsing.

CVE-2015-0289

Michal Zalewski discovered a NULL pointer dereference in the PKCS#7 parsing code, resulting in denial of service.

CVE-2015-0292

It was discovered that missing input sanitising in base64 decoding might result in memory corruption.

CVE-2015-0209

It was discovered that a malformed EC private key might result in memory corruption.

CVE-2015-0288

It was discovered that missing input sanitising in the X509_to_X509_REQ() function might result in denial of service.

For the stable distribution (wheezy), these problems have been fixed in version 1.0.1e-2+deb7u16.

We recommend that you upgrade your openssl packages.

Original Source

Url : http://www.debian.org/security/2015/dsa-3197

CWE : Common Weakness Enumeration

% Id Name
67 % CWE-17 Code
33 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:28275
 
Oval ID: oval:org.mitre.oval:def:28275
Title: Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a remote Denial of Service (DoS) and other vulnerabilites.
Description: Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted base64 data that triggers a buffer overflow.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0292
 Version: 3
Platform(s): HP-UX 11
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28477
 
Oval ID: oval:org.mitre.oval:def:28477
Title: Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a remote Denial of Service (DoS) and other vulnerabilites.
Description: The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0289
 Version: 3
Platform(s): HP-UX 11
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28541
 
Oval ID: oval:org.mitre.oval:def:28541
Title: AIX OpenSSL Denial of Service (invalid write operation and memory corruption)
Description: The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0287
 Version: 4
Platform(s): IBM AIX 6.1
IBM AIX 7.1
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28557
 
Oval ID: oval:org.mitre.oval:def:28557
Title: Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a remote Denial of Service (DoS) and other vulnerabilites.
Description: Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0209
 Version: 3
Platform(s): HP-UX 11
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28671
 
Oval ID: oval:org.mitre.oval:def:28671
Title: AIX OpenSSL Denial of Service (NULL pointer dereference and application crash)
Description: The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0289
 Version: 4
Platform(s): IBM AIX 6.1
IBM AIX 7.1
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28785
 
Oval ID: oval:org.mitre.oval:def:28785
Title: AIX OpenSSL Denial of Service (NULL pointer dereference and application crash)
Description: The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0288
 Version: 4
Platform(s): IBM AIX 6.1
IBM AIX 7.1
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28791
 
Oval ID: oval:org.mitre.oval:def:28791
Title: Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a remote Denial of Service (DoS) and other vulnerabilites.
Description: The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0287
 Version: 3
Platform(s): HP-UX 11
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28795
 
Oval ID: oval:org.mitre.oval:def:28795
Title: AIX OpenSSL Denial of Service (memory corruption and application crash)
Description: Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0209
 Version: 4
Platform(s): IBM AIX 6.1
IBM AIX 7.1
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28799
 
Oval ID: oval:org.mitre.oval:def:28799
Title: Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a remote Denial of Service (DoS) and other vulnerabilites.
Description: The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0288
 Version: 3
Platform(s): HP-UX 11
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28833
 
Oval ID: oval:org.mitre.oval:def:28833
Title: AIX OpenSSL Denial of Service (invalid read operation and application crash)
Description: The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0286
 Version: 4
Platform(s): IBM AIX 6.1
IBM AIX 7.1
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28905
 
Oval ID: oval:org.mitre.oval:def:28905
Title: AIX OpenSSL Denial of Service (memory corruption)
Description: Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted base64 data that triggers a buffer overflow.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0292
 Version: 4
Platform(s): IBM AIX 6.1
IBM AIX 7.1
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28933
 
Oval ID: oval:org.mitre.oval:def:28933
Title: Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a remote Denial of Service (DoS) and other vulnerabilites.
Description: The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0286
 Version: 3
Platform(s): HP-UX 11
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 286

Information Assurance Vulnerability Management (IAVM)

Date Description
2015-09-24 IAVM : 2015-A-0222 - Multiple Security Vulnerabilities in Apple iOS
Severity : Category I - VMSKEY : V0061471
2015-07-16 IAVM : 2015-A-0154 - Multiple Vulnerabilities in Oracle Fusion Middleware
Severity : Category I - VMSKEY : V0061081
2015-07-16 IAVM : 2015-A-0160 - Multiple Vulnerabilities in Oracle Linux and Virtualization
Severity : Category I - VMSKEY : V0061123
2015-06-25 IAVM : 2015-A-0135 - Multiple Vulnerabilities in Blue Coat ProxySG
Severity : Category I - VMSKEY : V0060997

Snort® IPS/IDS

Date Description
2015-07-19 OpenSSL denial-of-service via crafted x.509 certificate attempt
RuleID : 34889 - Revision : 3 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

Date Description
2016-04-14 Name : The remote device is missing a vendor-supplied security patch.
File : cisco-sa-20150320-openssl-iosxe.nasl - Type : ACT_GATHER_INFO
2016-04-14 Name : The remote device is missing a vendor-supplied security patch.
File : cisco-sa-20150320-openssl-ios.nasl - Type : ACT_GATHER_INFO
2016-03-29 Name : The remote web server is affected by multiple vulnerabilities.
File : hpsmh_7_2_6.nasl - Type : ACT_GATHER_INFO
2016-03-08 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-0678-1.nasl - Type : ACT_GATHER_INFO
2016-03-04 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-294.nasl - Type : ACT_GATHER_INFO
2016-02-26 Name : The remote device is missing a vendor-supplied security patch.
File : cisco-sa-20140605-openssl-nxos.nasl - Type : ACT_GATHER_INFO
2016-01-28 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL16302.nasl - Type : ACT_GATHER_INFO
2015-12-30 Name : A web application on the remote host is affected by multiple vulnerabilities.
File : puppet_enterprise_380.nasl - Type : ACT_GATHER_INFO
2015-12-21 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-2303-1.nasl - Type : ACT_GATHER_INFO
2015-12-17 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2015-889.nasl - Type : ACT_GATHER_INFO
2015-10-22 Name : A web application running on the remote host is affected by multiple vulnerab...
File : mysql_enterprise_monitor_3_0_23.nasl - Type : ACT_GATHER_INFO
2015-10-06 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL16323.nasl - Type : ACT_GATHER_INFO
2015-10-05 Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_10_11.nasl - Type : ACT_GATHER_INFO
2015-08-21 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-1410-1.nasl - Type : ACT_GATHER_INFO
2015-07-27 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2015-507.nasl - Type : ACT_GATHER_INFO
2015-07-22 Name : The remote web server is affected by multiple vulnerabilities.
File : hpsmh_7_5.nasl - Type : ACT_GATHER_INFO
2015-07-16 Name : The application installed on the remote host is affected by multiple vulnerab...
File : oracle_secure_global_desktop_jul_2015_cpu.nasl - Type : ACT_GATHER_INFO
2015-07-01 Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_SecUpd2015-005.nasl - Type : ACT_GATHER_INFO
2015-07-01 Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_10_10_4.nasl - Type : ACT_GATHER_INFO
2015-06-25 Name : The remote device is affected by multiple vulnerabilities.
File : bluecoat_proxy_sg_6_5_7_5.nasl - Type : ACT_GATHER_INFO
2015-06-16 Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2015-0070.nasl - Type : ACT_GATHER_INFO
2015-06-04 Name : The remote web server is running an application that is affected by multiple ...
File : splunk_618.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-0541-1.nasl - Type : ACT_GATHER_INFO
2015-05-19 Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_7_0_60.nasl - Type : ACT_GATHER_INFO
2015-05-19 Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_8_0_21.nasl - Type : ACT_GATHER_INFO
2015-05-15 Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_6_0_44.nasl - Type : ACT_GATHER_INFO
2015-05-05 Name : The remote Fedora host is missing a security update.
File : fedora_2015-6855.nasl - Type : ACT_GATHER_INFO
2015-05-04 Name : The remote Fedora host is missing a security update.
File : fedora_2015-6951.nasl - Type : ACT_GATHER_INFO
2015-04-22 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2015-111-09.nasl - Type : ACT_GATHER_INFO
2015-04-20 Name : The remote AIX host has a version of OpenSSL installed that is affected by mu...
File : aix_openssl_advisory13.nasl - Type : ACT_GATHER_INFO
2015-04-15 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2015-0800.nasl - Type : ACT_GATHER_INFO
2015-04-14 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-0800.nasl - Type : ACT_GATHER_INFO
2015-04-14 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20150413_openssl_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2015-04-14 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0800.nasl - Type : ACT_GATHER_INFO
2015-04-06 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL16317.nasl - Type : ACT_GATHER_INFO
2015-04-01 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0752.nasl - Type : ACT_GATHER_INFO
2015-03-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-063.nasl - Type : ACT_GATHER_INFO
2015-03-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-062.nasl - Type : ACT_GATHER_INFO
2015-03-26 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20150324_openssl_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2015-03-26 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20150324_openssl_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2015-03-26 Name : The remote Debian host is missing a security update.
File : debian_DLA-177.nasl - Type : ACT_GATHER_INFO
2015-03-25 Name : The remote Fedora host is missing a security update.
File : fedora_2015-4320.nasl - Type : ACT_GATHER_INFO
2015-03-25 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-498.nasl - Type : ACT_GATHER_INFO
2015-03-25 Name : The remote Fedora host is missing a security update.
File : fedora_2015-4300.nasl - Type : ACT_GATHER_INFO
2015-03-25 Name : The remote Fedora host is missing a security update.
File : fedora_2015-4303.nasl - Type : ACT_GATHER_INFO
2015-03-25 Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2015-0039.nasl - Type : ACT_GATHER_INFO
2015-03-25 Name : The remote Windows host contains a program that is affected by multiple vulne...
File : stunnel_5_12.nasl - Type : ACT_GATHER_INFO
2015-03-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0715.nasl - Type : ACT_GATHER_INFO
2015-03-24 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2015-0715.nasl - Type : ACT_GATHER_INFO
2015-03-24 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2015-0716.nasl - Type : ACT_GATHER_INFO
2015-03-24 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201503-11.nasl - Type : ACT_GATHER_INFO
2015-03-24 Name : The remote service is affected by multiple vulnerabilities.
File : openssl_0_9_8zf.nasl - Type : ACT_GATHER_INFO
2015-03-24 Name : The remote service is affected by multiple vulnerabilities.
File : openssl_1_0_0r.nasl - Type : ACT_GATHER_INFO
2015-03-24 Name : The remote service is affected by multiple vulnerabilities.
File : openssl_1_0_1m.nasl - Type : ACT_GATHER_INFO
2015-03-24 Name : The remote service is affected by multiple vulnerabilities.
File : openssl_1_0_2a.nasl - Type : ACT_GATHER_INFO
2015-03-24 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-0715.nasl - Type : ACT_GATHER_INFO
2015-03-24 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-0716.nasl - Type : ACT_GATHER_INFO
2015-03-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0716.nasl - Type : ACT_GATHER_INFO
2015-03-23 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2015-247.nasl - Type : ACT_GATHER_INFO
2015-03-23 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libopenssl-devel-150317.nasl - Type : ACT_GATHER_INFO
2015-03-20 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2537-1.nasl - Type : ACT_GATHER_INFO
2015-03-20 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_compat-openssl097g-150317.nasl - Type : ACT_GATHER_INFO
2015-03-20 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_9d15355bce7c11e49db0d050992ecde8.nasl - Type : ACT_GATHER_INFO
2015-03-20 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3197.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-349.nasl - Type : ACT_GATHER_INFO
2014-06-06 Name : The remote service is affected by multiple vulnerabilities.
File : openssl_1_0_1h.nasl - Type : ACT_GATHER_INFO
2014-04-08 Name : The remote service is affected by multiple vulnerabilities.
File : openssl_1_0_0m.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
Date Informations
2016-01-22 09:26:10
  • Multiple Updates
2015-03-25 00:24:43
  • Multiple Updates
2015-03-21 13:27:45
  • Multiple Updates
2015-03-20 21:31:31
  • Multiple Updates
2015-03-20 17:29:11
  • Multiple Updates
2015-03-20 05:29:41
  • Multiple Updates
2015-03-19 17:24:27
  • First insertion