# New openssl vuln not recognized by pkg audit



## getopt (Jan 26, 2017)

After `pkg audit -F` the latest Openssl vulnerability is not recognized.

In /var/db/pkg/vuln.xml:

```
<vuln vid="d455708a-e3d3-11e6-9940-b499baebfeaf">
    <topic>OpenSSL -- multiple vulnerabilities</topic>
    <affects>
      <package>
        <name>openssl</name>
        <range><lt>1.0.2k</lt></range>
      </package>
      <package>
        <name>openssl-devel</name>
        <range><lt>1.1.0d</lt></range>
      </package>    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
        <p>The OpenSSL project reports:</p>
        <blockquote cite="https://www.openssl.org/news/secadv/20170126.txt">
          <ul>
            <li>Truncated packet could crash via OOB read (CVE-2017-3731)<br/>
              Severity: Moderate<br/>
              If an SSL/TLS server or client is running on a 32-bit host, and a specific
              cipher is being used, then a truncated packet can cause that server or client
              to perform an out-of-bounds read, usually resulting in a crash.</li>
            <li>Bad (EC)DHE parameters cause a client crash (CVE-2017-3730)<br/>
              Severity: Moderate<br/>
              If a malicious server supplies bad parameters for a DHE or ECDHE key exchange
              then this can result in the client attempting to dereference a NULL pointer
              leading to a client crash. This could be exploited in a Denial of Service
              attack.</li>
            <li>BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)<br/>
              Severity: Moderate<br/>
              There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No
              EC algorithms are affected. Analysis suggests that attacks against RSA and DSA
              as a result of this defect would be very difficult to perform and are not
              believed likely. Attacks against DH are considered just feasible (although very
              difficult) because most of the work necessary to deduce information
              about a private key may be performed offline. The amount of resources
              required for such an attack would be very significant and likely only
              accessible to a limited number of attackers. An attacker would
              additionally need online access to an unpatched system using the target
              private key in a scenario with persistent DH parameters and a private
              key that is shared between multiple clients. For example this can occur by
              default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very
              similar to CVE-2015-3193 but must be treated as a separate problem.</li>
            <li>Montgomery multiplication may produce incorrect results (CVE-2016-7055)<br/>
              Severity: Low<br/>
              There is a carry propagating bug in the Broadwell-specific Montgomery
              multiplication procedure that handles input lengths divisible by, but
              longer than 256 bits. (OpenSSL 1.0.2 only)<br/>
              This issue was previously fixed in 1.1.0c</li>
          </ul>
        </blockquote>
      </body>
    </description>
    <references>
      <url>https://www.openssl.org/news/secadv/20170126.txt</url>
      <cvename>CVE-2016-7055</cvename>
      <cvename>CVE-2017-3730</cvename>
      <cvename>CVE-2017-3731</cvename>
      <cvename>CVE-2017-3732</cvename>
    </references>
    <dates>
      <discovery>2017-01-26</discovery>
      <entry>2017-01-26</entry>
    </dates>
  </vuln>
```

The port version installed here is 

```
# openssl version
OpenSSL 1.0.2j  26 Sep 2016

# pkg audit
0 problem(s) in the installed packages found.
```

1.0.2j is less then 1.0.2k isn't it?


----------



## OlivierW (Jan 26, 2017)

Are you sure you have openssl installed from ports? Looks like you're running the one from base.
Try: 
	
	



```
/usr/local/bin/openssl version
```


----------



## OlivierW (Jan 26, 2017)

Ok 
So you're right, it seems there's a problem. I'm sorry, I can't help you more: I'm using libressl-devel from ports.


----------



## SirDice (Jan 27, 2017)

Please report the pkg-audit(8) bug. It should indeed report your installed OpenSSL version as vulnerable.


----------



## gofer_touch (Jan 27, 2017)

Is anyone aware of a possible timeline that FreeBSD has for switching to LibreSSL by default?


----------



## aht0 (Feb 20, 2017)

1.0.2 is not affected by the bug AFAIK.


----------

