English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.2.2023.2909
Category:Huawei EulerOS Local Security Checks
Title:Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2023-2909)
Summary:The remote host is missing an update for the Huawei EulerOS 'shim' package(s) announced via the EulerOS-SA-2023-2909 advisory.
Description:Summary:
The remote host is missing an update for the Huawei EulerOS 'shim' package(s) announced via the EulerOS-SA-2023-2909 advisory.

Vulnerability Insight:
Issue summary: Checking excessively long DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays.Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ('p' parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length.However the DH_check() function checks numerous aspects of the key or parameters that have been supplied.Some of those checks use the supplied modulus value even if it has already been found to be too large.An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulernable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSL functions.An application calling any of those other functions may similarly be affected.The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the '-check' option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.(CVE-2023-3446)

Issue summary: Checking excessively long DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays.Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value,if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p.An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSL functions.An application calling any of those other functions may similarly be affected.The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the '-check' option.The OpenSSL SSL/TLS implementation is not affected by this issue.(CVE-2023-3817)

A security vulnerability has been identified in all supported versions of OpenSSL ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'shim' package(s) on Huawei EulerOS V2.0SP9(x86_64).

Solution:
Please install the updated package(s).

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2023-0464
Debian Security Information: DSA-5417 (Google Search)
https://www.debian.org/security/2023/dsa-5417
https://security.gentoo.org/glsa/202402-08
https://www.couchbase.com/alerts/
1.0.2zh patch (premium)
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2dcd4f1e3115f38cefa43e3efbe9b801c27e642e
1.1.1u git commit
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b
3.0.9 git commit
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1
3.1.1 git commit
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545
OpenSSL Advisory
https://www.openssl.org/news/secadv/20230322.txt
https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html
Common Vulnerability Exposure (CVE) ID: CVE-2023-3446
1.0.2zi patch (premium)
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c
1.1.1v git commit
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528
3.0.10 git commit
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb
3.1.2 git commit
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23
https://www.openssl.org/news/secadv/20230719.txt
https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html
http://www.openwall.com/lists/oss-security/2023/07/19/4
http://www.openwall.com/lists/oss-security/2023/07/19/5
http://www.openwall.com/lists/oss-security/2023/07/19/6
http://www.openwall.com/lists/oss-security/2023/07/31/1
http://www.openwall.com/lists/oss-security/2024/05/16/1
Common Vulnerability Exposure (CVE) ID: CVE-2023-3817
http://seclists.org/fulldisclosure/2023/Jul/43
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5
https://www.openssl.org/news/secadv/20230731.txt
http://www.openwall.com/lists/oss-security/2023/09/22/11
http://www.openwall.com/lists/oss-security/2023/09/22/9
http://www.openwall.com/lists/oss-security/2023/11/06/2
CopyrightCopyright (C) 2023 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.