 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.51398 |
| Kategorie: | Conectiva Local Security Checks |
| Titel: | Conectiva Security Advisory CLA-2003:570 |
| Zusammenfassung: | NOSUMMARY |
| Beschreibung: | Description: The remote host is missing updates announced in advisory CLA-2003:570. OpenSSL[1] implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as full-strength general purpose cryptography functions. It's used (as a library) by several projects, like Apache, OpenSSH, Bind, OpenLDAP and many others clients and servers programs. In an upcoming paper, Brice Canvel (EPFL), Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and Martin Vuagnoux (EPFL, Ilion) describe and demonstrate a timing-based attack on CBC ciphersuites in SSL and TLS. Vulnerable[2][3] openssl versions do not perform a MAC computation if an incorrect block cipher padding is used. An active attacker who can insert data into an existing encrypted connection is then able to measure time differences between the error messages the server sends. This information can make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext. The openssl packages provided with this update are patched against this vulnerability. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:570 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003 Risk factor : Medium CVSS Score: 5.0 |
| Querverweis: |
BugTraq ID: 6884 Common Vulnerability Exposure (CVE) ID: CVE-2003-0078 http://www.securityfocus.com/bid/6884 Bugtraq: 20030219 OpenSSL 0.9.7a and 0.9.6i released (Google Search) http://marc.info/?l=bugtraq&m=104567627211904&w=2 Bugtraq: 20030219 [OpenPKG-SA-2003.013] OpenPKG Security Advisory (openssl) (Google Search) http://marc.info/?l=bugtraq&m=104568426824439&w=2 Computer Incident Advisory Center Bulletin: N-051 http://www.ciac.org/ciac/bulletins/n-051.shtml Conectiva Linux advisory: CLSA-2003:570 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000570 Debian Security Information: DSA-253 (Google Search) http://www.debian.org/security/2003/dsa-253 En Garde Linux Advisory: ESA-20030220-005 http://www.linuxsecurity.com/advisories/engarde_advisory-2874.html FreeBSD Security Advisory: FreeBSD-SA-03:02 http://marc.info/?l=bugtraq&m=104577183206905&w=2 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:020 NETBSD Security Advisory: NetBSD-SA2003-001 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-001.txt.asc http://www.osvdb.org/3945 http://www.redhat.com/support/errata/RHSA-2003-062.html http://www.redhat.com/support/errata/RHSA-2003-063.html http://www.redhat.com/support/errata/RHSA-2003-082.html http://www.redhat.com/support/errata/RHSA-2003-104.html http://www.redhat.com/support/errata/RHSA-2003-205.html SGI Security Advisory: 20030501-01-I ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I SuSE Security Announcement: SuSE-SA:2003:011 (Google Search) http://www.trustix.org/errata/2003/0005 http://www.iss.net/security_center/static/11369.php |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |