Executive Summary

Summary
TitleOpenSSL: Denial of Service
Informations
NameGLSA-201811-03First vendor Publication2018-11-09
VendorGentooLast vendor Modification2018-11-09
Severity (Vendor) N/ARevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score5Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

A vulnerability in OpenSSL might allow remote attackers to cause a Denial of Service condition.

Background

OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer
(SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library.

Description

It was discovered that OpenSSL allow malicious servers to send very large primes to a client during DH(E) based TLS handshakes.

Impact

A remote attacker, by sending large prime to client during DH(E) TLS handshake, could possibly cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2o-r6"

References

[ 1 ] CVE-2018-0732 : https://nvd.nist.gov/vuln/detail/CVE-2018-0732

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201811-03

Original Source

Url : http://security.gentoo.org/glsa/glsa-201811-03.xml

CWE : Common Weakness Enumeration

%idName
100 %CWE-320Key Management Errors

CPE : Common Platform Enumeration

TypeDescriptionCount
Application35
Os5
Os1

Nessus® Vulnerability Scanner

DateDescription
2019-01-11Name : The remote device is missing a vendor-supplied security patch.
File : juniper_jsa10919.nasl - Type : ACT_GATHER_INFO
2019-01-08Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2019-1009.nasl - Type : ACT_GATHER_INFO
2019-01-03Name : The remote Fedora host is missing a security update.
File : fedora_2018-520e4c5b4e.nasl - Type : ACT_GATHER_INFO
2019-01-02Name : Tenable Nessus running on the remote host is affected by multiple vulnerabili...
File : nessus_tns_2018_17.nasl - Type : ACT_GATHER_INFO
2018-12-28Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2018-1420.nasl - Type : ACT_GATHER_INFO
2018-12-20Name : The remote Debian host is missing a security-related update.
File : debian_DSA-4355.nasl - Type : ACT_GATHER_INFO
2018-12-10Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2018-1392.nasl - Type : ACT_GATHER_INFO
2018-12-01Name : The remote Debian host is missing a security-related update.
File : debian_DSA-4348.nasl - Type : ACT_GATHER_INFO
2018-11-16Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2018-3221.nasl - Type : ACT_GATHER_INFO
2018-11-14Name : Node.js - JavaScript run-time environment is affected by multiple vulnerabili...
File : nodejs_2018_aug.nasl - Type : ACT_GATHER_INFO
2018-11-09Name : The remote Amazon Linux 2 host is missing a security update.
File : al2_ALAS-2018-1102.nasl - Type : ACT_GATHER_INFO
2018-11-09Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201811-03.nasl - Type : ACT_GATHER_INFO
2018-11-02Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-1098.nasl - Type : ACT_GATHER_INFO
2018-11-02Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL21665601.nasl - Type : ACT_GATHER_INFO
2018-10-26Name : A data aggregation application installed on the remote host is affected by a ...
File : lce_5_1_1.nasl - Type : ACT_GATHER_INFO
2018-10-26Name : Tenable Nessus running on the remote host is affected by multiple vulnerabili...
File : nessus_tns_2018_14.nasl - Type : ACT_GATHER_INFO
2018-10-03Name : The remote Fedora host is missing a security update.
File : fedora_2018-02a38af202.nasl - Type : ACT_GATHER_INFO
2018-09-27Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2018-1306.nasl - Type : ACT_GATHER_INFO
2018-08-28Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_0904e81fa89d11e8afbbbc5ff4f77b71.nasl - Type : ACT_GATHER_INFO
2018-08-21Name : The remote PhotonOS host is missing multiple security updates.
File : PhotonOS_PHSA-2018-2_0-0084.nasl - Type : ACT_GATHER_INFO
2018-08-15Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2018-226-01.nasl - Type : ACT_GATHER_INFO
2018-07-30Name : The remote Debian host is missing a security update.
File : debian_DLA-1449.nasl - Type : ACT_GATHER_INFO
2018-07-03Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2018-1214.nasl - Type : ACT_GATHER_INFO
2018-06-13Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_c82ecac56e3f11e88777b499baebfeaf.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2018-11-09 05:17:27
  • First insertion