Nessus Plugin #15302
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
[DSA465] DSA-465-1 openssl
- Family:
- Debian Local Security Checks
- Category:
- infos
- Copyright:
- This script is (C) 2004 Michel Arboi
- Summary:
- DSA-465-1 openssl
- Version:
- $Revision: 1.4 $
- Cve_id:
- CAN-2004-0079, CAN-2004-0081
- Bugtraq_id:
- 9899
- Xrefs:
- DSA:465, CERT:288574, CERT:465542
- Description:
Two vulnerabilities were discovered in openssl, an implementation of
the SSL protocol, using the Codenomicon TLS Test Tool. More
information can be found in the following <a
href="http://www.uniras.gov.uk/vuls/2004/224012/index.htm">NISCC
Vulnerability Advisory</a> and this <a
href="http://www.openssl.org/news/secadv_20040317.txt">OpenSSL
advisory</a>. The Common Vulnerabilities and Exposures project
identified the following vulnerabilities:
Null-pointer assignment in the
do_change_cipher_spec() function. A remote attacker could perform
a carefully crafted SSL/TLS handshake against a server that used
the OpenSSL library in such a way as to cause OpenSSL to crash.
Depending on the application this could lead to a denial of
service.
A bug in older versions of OpenSSL 0.9.6 that
can lead to a Denial of Service attack (infinite loop).
For the stable distribution (woody) these problems have been fixed in
openssl version 0.9.6c-2.woody.6, openssl094 version 0.9.4-6.woody.4
and openssl095 version 0.9.5a-6.woody.5.
For the unstable distribution (sid) these problems will be fixed soon.
We recommend that you update your openssl package.
Solution : http://www.debian.org/security/2004/dsa-465
Risk factor : High
Generiert am 27.04.2005 um 18:49:54 Uhr.