Executive Summary
Summary | |
---|---|
Title | OpenSSL vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-1003-1 | First vendor Publication | 2010-10-07 |
Vendor | Ubuntu | Last vendor Modification | 2010-10-07 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10 Ubuntu 10.04 LTS Ubuntu 10.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: Ubuntu 8.04 LTS: Ubuntu 9.04: Ubuntu 9.10: Ubuntu 10.04 LTS: Ubuntu 10.10: After a standard system update you need to reboot your computer to make all the necessary changes. Details follow: It was discovered that OpenSSL incorrectly handled return codes from the bn_wexpand function calls. A remote attacker could trigger this flaw in services that used SSL to cause a denial of service or possibly execute arbitrary code with application privileges. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.04 and 9.10. (CVE-2009-3245) It was discovered that OpenSSL incorrectly handled certain private keys with an invalid prime. A remote attacker could trigger this flaw in services that used SSL to cause a denial of service or possibly execute arbitrary code with application privileges. The default compiler options for affected releases should reduce the vulnerability to a denial of service. (CVE-2010-2939) |
Original Source
Url : http://www.ubuntu.com/usn/USN-1003-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-399 | Resource Management Errors |
50 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:12299 | |||
Oval ID: | oval:org.mitre.oval:def:12299 | ||
Title: | DSA-2100-1 openssl -- double free | ||
Description: | George Guninski discovered a double free in the ECDH code of the OpenSSL crypto library, which may lead to denial of service and potentially the execution of arbitrary code. For the stable distribution, this problem has been fixed in version 0.9.8g-15+lenny8. For the unstable distribution, this problem has been fixed in version 0.9.8o-2. We recommend that you upgrade your openssl packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2100-1 CVE-2010-2939 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | openssl |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12844 | |||
Oval ID: | oval:org.mitre.oval:def:12844 | ||
Title: | USN-1003-1 -- openssl vulnerabilities | ||
Description: | It was discovered that OpenSSL incorrectly handled return codes from the bn_wexpand function calls. A remote attacker could trigger this flaw in services that used SSL to cause a denial of service or possibly execute arbitrary code with application privileges. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.04 and 9.10. It was discovered that OpenSSL incorrectly handled certain private keys with an invalid prime. A remote attacker could trigger this flaw in services that used SSL to cause a denial of service or possibly execute arbitrary code with application privileges. The default compiler options for affected releases should reduce the vulnerability to a denial of service | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1003-1 CVE-2009-3245 CVE-2010-2939 | Version: | 5 |
Platform(s): | Ubuntu 9.04 Ubuntu 9.10 Ubuntu 6.06 Ubuntu 8.04 Ubuntu 10.10 Ubuntu 10.04 | Product(s): | openssl |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20537 | |||
Oval ID: | oval:org.mitre.oval:def:20537 | ||
Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime. NOTE: some sources refer to this as a use-after-free issue. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-2939 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20930 | |||
Oval ID: | oval:org.mitre.oval:def:20930 | ||
Title: | "Record of death" vulnerability | ||
Description: | OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3245 | Version: | 4 |
Platform(s): | IBM AIX 6.1 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:24436 | |||
Oval ID: | oval:org.mitre.oval:def:24436 | ||
Title: | Vulnerability in OpenSSL 1.0.0a, 0.9.8, 0.9.7, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code | ||
Description: | Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime. NOTE: some sources refer to this as a use-after-free issue. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-2939 | Version: | 4 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | OpenSSL |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25158 | |||
Oval ID: | oval:org.mitre.oval:def:25158 | ||
Title: | Vulnerability in OpenSSL before 0.9.8m, does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c | ||
Description: | OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3245 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | OpenSSL |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6640 | |||
Oval ID: | oval:org.mitre.oval:def:6640 | ||
Title: | VMware ESX, Service Console update for OpenSSL, GnuTLS, NSS and NSPR. | ||
Description: | OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3245 | Version: | 5 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:9790 | |||
Oval ID: | oval:org.mitre.oval:def:9790 | ||
Title: | OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors. | ||
Description: | OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3245 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-07-30 | Name : CentOS Update for openssl CESA-2010:0977 centos4 x86_64 File : nvt/gb_CESA-2010_0977_openssl_centos4_x86_64.nasl |
2012-03-16 | Name : VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCe... File : nvt/gb_VMSA-2011-0003.nasl |
2012-02-12 | Name : Gentoo Security Advisory GLSA 201110-01 (openssl) File : nvt/glsa_201110_01.nasl |
2011-08-19 | Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2011-004) File : nvt/secpod_macosx_su11-004.nasl |
2011-08-09 | Name : CentOS Update for openssl CESA-2010:0162 centos5 i386 File : nvt/gb_CESA-2010_0162_openssl_centos5_i386.nasl |
2011-01-31 | Name : CentOS Update for openssl CESA-2010:0977 centos4 i386 File : nvt/gb_CESA-2010_0977_openssl_centos4_i386.nasl |
2011-01-24 | Name : FreeBSD Security Advisory (FreeBSD-SA-10:10.openssl.asc) File : nvt/freebsdsa_openssl8.nasl |
2010-12-28 | Name : RedHat Update for openssl RHSA-2010:0977-01 File : nvt/gb_RHSA-2010_0977-01_openssl.nasl |
2010-10-19 | Name : Ubuntu Update for openssl vulnerabilities USN-1003-1 File : nvt/gb_ubuntu_USN_1003_1.nasl |
2010-10-10 | Name : Debian Security Advisory DSA 2100-1 (openssl) File : nvt/deb_2100_1.nasl |
2010-09-27 | Name : Mandriva Update for openssl MDVSA-2010:168 (openssl) File : nvt/gb_mandriva_MDVSA_2010_168.nasl |
2010-08-10 | Name : OpenSSL 'ssl3_get_key_exchange()' Use-After-Free Memory Corruption Vulnerability File : nvt/gb_openssl_42306.nasl |
2010-06-25 | Name : Fedora Update for openssl FEDORA-2010-9421 File : nvt/gb_fedora_2010_9421_openssl_fc11.nasl |
2010-05-28 | Name : Fedora Update for openssl FEDORA-2010-8742 File : nvt/gb_fedora_2010_8742_openssl_fc12.nasl |
2010-04-30 | Name : HP-UX Update for OpenSSL HPSBUX02517 File : nvt/gb_hp_ux_HPSBUX02517.nasl |
2010-04-29 | Name : Mandriva Update for openssl MDVSA-2010:076-1 (openssl) File : nvt/gb_mandriva_MDVSA_2010_076_1.nasl |
2010-04-19 | Name : Fedora Update for openssl FEDORA-2010-5357 File : nvt/gb_fedora_2010_5357_openssl_fc11.nasl |
2010-04-19 | Name : Mandriva Update for openssl MDVSA-2010:076 (openssl) File : nvt/gb_mandriva_MDVSA_2010_076.nasl |
2010-03-31 | Name : RedHat Update for openssl096b RHSA-2010:0173-02 File : nvt/gb_RHSA-2010_0173-02_openssl096b.nasl |
2010-03-31 | Name : RedHat Update for openssl RHSA-2010:0162-01 File : nvt/gb_RHSA-2010_0162-01_openssl.nasl |
2010-03-31 | Name : CentOS Update for openssl096b CESA-2010:0173 centos4 i386 File : nvt/gb_CESA-2010_0173_openssl096b_centos4_i386.nasl |
2010-03-31 | Name : CentOS Update for openssl096b CESA-2010:0173 centos3 i386 File : nvt/gb_CESA-2010_0173_openssl096b_centos3_i386.nasl |
2010-03-10 | Name : OpenSSL 'bn_wexpand()' Multiple Vulnerabilities (Win) File : nvt/gb_openssl_bnwexpand_mul_vuln_win.nasl |
2010-03-02 | Name : Mandriva Update for rsh MDVA-2010:076 (rsh) File : nvt/gb_mandriva_MDVA_2010_076.nasl |
0000-00-00 | Name : OpenSSL 'bn_wexpend()' Error Handling Unspecified Vulnerability File : nvt/gb_openssl_38562.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2010-326-01 openssl File : nvt/esoft_slk_ssa_2010_326_01.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2010-060-02 openssl File : nvt/esoft_slk_ssa_2010_060_02.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
66946 | OpenSSL ssl/s3_clnt.c ssl3_get_key_exchange() Function Use-After-Free DoS |
62844 | OpenSSL bn_wexpand Function NULL Return Value Check Weakness |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2011-05-12 | IAVM : 2011-A-0066 - Multiple Vulnerabilities in VMware Products Severity : Category I - VMSKEY : V0027158 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | OpenSSL ssl3_get_key_exchange use-after-free attempt RuleID : 19092 - Revision : 10 - Type : SERVER-OTHER |
2014-01-10 | OpenSSL ssl3_get_key_exchange use-after-free attempt RuleID : 19091 - Revision : 10 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-08 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0015_remote.nasl - Type : ACT_GATHER_INFO |
2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2011-0003_remote.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0008.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0007.nasl - Type : ACT_GATHER_INFO |
2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15404.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_libopenssl-devel-100927.nasl - Type : ACT_GATHER_INFO |
2014-04-16 | Name : The remote AIX host is running a vulnerable version of OpenSSL. File : aix_openssl_advisory.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0977.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2010-0173.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0162.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20100325_openssl096b_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101213_openssl_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100325_openssl_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-01-04 | Name : The remote SSL layer is affected by a denial of service vulnerability. File : openssl_0_9_8p_1_0_0e.nasl - Type : ACT_GATHER_INFO |
2011-10-10 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201110-01.nasl - Type : ACT_GATHER_INFO |
2011-06-24 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_10_6_8.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libopenssl-devel-100927.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libopenssl-devel-100927.nasl - Type : ACT_GATHER_INFO |
2011-04-22 | Name : The remote web server is affected by multiple vulnerabilities. File : hpsmh_6_3_0_22.nasl - Type : ACT_GATHER_INFO |
2011-02-14 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2011-0003.nasl - Type : ACT_GATHER_INFO |
2011-01-28 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0977.nasl - Type : ACT_GATHER_INFO |
2010-12-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0977.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libopenssl-devel-100927.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libopenssl-devel-100331.nasl - Type : ACT_GATHER_INFO |
2010-11-22 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2010-326-01.nasl - Type : ACT_GATHER_INFO |
2010-11-16 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-7174.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-6944.nasl - Type : ACT_GATHER_INFO |
2010-10-08 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1003-1.nasl - Type : ACT_GATHER_INFO |
2010-10-04 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2010-0015.nasl - Type : ACT_GATHER_INFO |
2010-09-02 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-168.nasl - Type : ACT_GATHER_INFO |
2010-09-01 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2100.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-8742.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-5744.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-5357.nasl - Type : ACT_GATHER_INFO |
2010-05-11 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0173.nasl - Type : ACT_GATHER_INFO |
2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0162.nasl - Type : ACT_GATHER_INFO |
2010-04-19 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-076.nasl - Type : ACT_GATHER_INFO |
2010-04-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libopenssl-devel-100401.nasl - Type : ACT_GATHER_INFO |
2010-04-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libopenssl-devel-100331.nasl - Type : ACT_GATHER_INFO |
2010-04-02 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12606.nasl - Type : ACT_GATHER_INFO |
2010-03-31 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-6943.nasl - Type : ACT_GATHER_INFO |
2010-03-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0162.nasl - Type : ACT_GATHER_INFO |
2010-03-26 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0173.nasl - Type : ACT_GATHER_INFO |
2010-03-11 | Name : The remote web server has multiple SSL-related vulnerabilities. File : openssl_0_9_8m.nasl - Type : ACT_GATHER_INFO |
2010-03-02 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2010-060-02.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:57:59 |
|