English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 324607 CVE Beschreibungen
und 145615 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.50823
Kategorie:Mandrake Local Security Checks
Titel:Mandrake Security Advisory MDKSA-2002:046-1 (openssl)
Zusammenfassung:NOSUMMARY
Beschreibung:Description:

The remote host is missing an update to openssl
announced via advisory MDKSA-2002:046-1.

An audit of the OpenSSL code by A.L. Digital Ltd and The Bunker, under
the DARPA program CHATS, discovered a number of vulnerabilities in the
OpenSSL code that are all potentially remotely exploitable.

From the OpenSSL advisory:

1. The client master key in SSL2 could be oversized and overrun a
buffer. This vulnerability was also independently discovered by
consultants at Neohapsis (http://www.neohapsis.com/) who have also
demonstrated that the vulerability is exploitable. Exploit code is
NOT available at this time.

2. The session ID supplied to a client in SSL3 could be oversized and
overrun a buffer.

3. The master key supplied to an SSL3 server could be oversized and
overrun a stack-based buffer. This issues only affects OpenSSL
0.9.7 with Kerberos enabled.

4. Various buffers for ASCII representations of integers were too
small on 64 bit platforms.

At the same time, various potential buffer overflows have had
assertions added
these are not known to be exploitable.

Finally, a vulnerability was found by Adi Stav and James Yonan
independantly in the ASN1 parser which can be confused by supplying it
with certain invalid encodings. There are no known exploits for this
vulnerability.

All of these vulnerabilities are fixed in OpenSSL 0.9.6f. Patches have
been applied to the versions of OpenSSL provided in this update to fix
all of these problems.

Update:

These new OpenSSL packages are available to additionally fix the ASN1
vulnerability described above. All Mandrake Linux users are encouraged
to upgrade to these new packages.

Affected versions: 7.1, 7.2, 8.0, 8.1, 8.2, Corporate Server 1.0.1,
Single Network Firewall 7.2


Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2002:046-1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0655
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0656
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0657

Risk factor : High

CVSS Score:
7.5

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2002-0655
BugTraq ID: 5364
http://www.securityfocus.com/bid/5364
Bugtraq: 20020730 GLSA: OpenSSL (Google Search)
Bugtraq: 20020730 OpenSSL Security Altert - Remote Buffer Overflows (Google Search)
Bugtraq: 20020730 OpenSSL patches for other versions (Google Search)
Bugtraq: 20020730 TSLSA-2002-0063 - openssl (Google Search)
Bugtraq: 20020730 [OpenPKG-SA-2002.008] OpenPKG Security Advisory (openssl) (Google Search)
Caldera Security Advisory: CSSA-2002-033.0
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt
Caldera Security Advisory: CSSA-2002-033.1
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt
http://www.cert.org/advisories/CA-2002-23.html
CERT/CC vulnerability note: VU#308891
http://www.kb.cert.org/vuls/id/308891
Conectiva Linux advisory: CLA-2002:513
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000513
Debian Security Information: DSA-136 (Google Search)
En Garde Linux Advisory: ESA-20020730-019
FreeBSD Security Advisory: FreeBSD-SA-02:33
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-046.php
RedHat Security Advisories: RHSA-2002:155
SuSE Security Announcement: SuSE-SA:2002:027 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2002-0656
BugTraq ID: 5362
http://www.securityfocus.com/bid/5362
BugTraq ID: 5363
http://www.securityfocus.com/bid/5363
CERT/CC vulnerability note: VU#102795
http://www.kb.cert.org/vuls/id/102795
CERT/CC vulnerability note: VU#258555
http://www.kb.cert.org/vuls/id/258555
http://www.iss.net/security_center/static/9714.php
http://www.iss.net/security_center/static/9716.php
Common Vulnerability Exposure (CVE) ID: CVE-2002-0657
BugTraq ID: 5361
http://www.securityfocus.com/bid/5361
Bugtraq: 20020730 OpenSSL Security Altert - Remote Buffer Overflows: (Google Search)
CERT/CC vulnerability note: VU#561275
http://www.kb.cert.org/vuls/id/561275
http://www.iss.net/security_center/static/9715.php
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2025 E-Soft Inc. Alle Rechte vorbehalten.