Test ID:	1.3.6.1.4.1.25623.1.1.2.2023.2183
Category:	Huawei EulerOS Local Security Checks
Title:	Huawei EulerOS: Security Advisory for openssl111d (EulerOS-SA-2023-2183)
Summary:	The remote host is missing an update for the Huawei EulerOS 'openssl111d' package(s) announced via the EulerOS-SA-2023-2183 advisory.
Description:	Summary: The remote host is missing an update for the Huawei EulerOS 'openssl111d' package(s) announced via the EulerOS-SA-2023-2183 advisory. Vulnerability Insight: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).(CVE-2021-3449) Affected Software/OS: 'openssl111d' package(s) on Huawei EulerOS V2.0SP5. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2021-3449 Cisco Security Advisory: 20210325 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb9fa6b51defd48157eeb207f52181f735d96148 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845 https://kc.mcafee.com/corporate/index?page=content&id=SB10356 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013 https://security.netapp.com/advisory/ntap-20210326-0006/ https://security.netapp.com/advisory/ntap-20210513-0002/ https://www.openssl.org/news/secadv/20210325.txt https://www.tenable.com/security/tns-2021-05 https://www.tenable.com/security/tns-2021-06 https://www.tenable.com/security/tns-2021-09 https://www.tenable.com/security/tns-2021-10 Debian Security Information: DSA-4875 (Google Search) https://www.debian.org/security/2021/dsa-4875 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/ https://security.gentoo.org/glsa/202103-03 https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujul2022.html https://www.oracle.com/security-alerts/cpuoct2021.html https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html http://www.openwall.com/lists/oss-security/2021/03/27/1 http://www.openwall.com/lists/oss-security/2021/03/27/2 http://www.openwall.com/lists/oss-security/2021/03/28/3 http://www.openwall.com/lists/oss-security/2021/03/28/4
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.