English | Deutsch | Español | Português
 Benutzerkennung:
 Passwort:
Registrieren
 About:   Dediziert  | Erweitert  | Standard  | Wiederkehrend  | Risikolos  | Desktop  | Basis  | Einmalig  | Sicherheits Siegel  | FAQ
  Preis/Funktionszusammenfassung  | Bestellen  | Neue Anfälligkeiten  | Vertraulichkeit  | Anfälligkeiten Suche
 Anfälligkeitssuche        Suche in 72151 CVE Beschreibungen
und 38907 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.58961
Kategorie:Red Hat Local Security Checks
Titel:RedHat Security Advisory RHSA-2007:0964
Zusammenfassung:Redhat Security Advisory RHSA-2007:0964
Beschreibung:
The remote host is missing updates announced in
advisory RHSA-2007:0964.

OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and
Transport Layer Security (TLS v1) protocols as well as a full-strength
general purpose cryptography library. Datagram TLS (DTLS) is a protocol
based on TLS that is capable of securing datagram transport (UDP for
instance).

The OpenSSL security team discovered a flaw in DTLS support. An attacker
could create a malicious client or server that could trigger a heap
overflow. This is possibly exploitable to run arbitrary code, but it has
not been verified (CVE-2007-5135). Note that this flaw only affects
applications making use of DTLS. Red Hat does not ship any DTLS client or
server applications in Red Hat Enterprise Linux.

A flaw was found in the SSL_get_shared_ciphers() utility function. An
attacker could send a list of ciphers to an application that used this
function and overrun a buffer with a single byte (CVE-2007-4995). Few
applications make use of this vulnerable function and generally it is used
only when applications are compiled for debugging.

A number of possible side-channel attacks were discovered affecting
OpenSSL. A local attacker could possibly obtain RSA private keys being
used on a system. In practice these attacks would be difficult to perform
outside of a lab environment. This update contains backported patches
designed to mitigate these issues. (CVE-2007-3108).

Users of OpenSSL should upgrade to these updated packages, which contain
backported patches to resolve these issues.

Please note that the fix for the DTLS flaw involved an overhaul of the DTLS
handshake processing which may introduce incompatibilities if a new client
is used with an older server.

After installing this update, users are advised to either restart all
services that use OpenSSL or restart their system.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2007-0964.html
http://www.openssl.org/news/secadv_20071012.txt
http://www.redhat.com/security/updates/classification/#important

Risk factor : Critical
Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2007-3108
Bugtraq: 20070813 FLEA-2007-0043-1 openssl (Google Search)
http://www.securityfocus.com/archive/1/archive/1/476341/100/0/threaded
Bugtraq: 20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages (Google Search)
http://www.securityfocus.com/archive/1/archive/1/485936/100/0/threaded
Bugtraq: 20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages (Google Search)
http://www.securityfocus.com/archive/1/archive/1/486859/100/0/threaded
http://lists.vmware.com/pipermail/security-announce/2008/000002.html
Debian Security Information: DSA-1571 (Google Search)
http://www.debian.org/security/2008/dsa-1571
http://security.gentoo.org/glsa/glsa-200710-06.xml
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:193
http://www.redhat.com/support/errata/RHSA-2007-0964.html
http://www.redhat.com/support/errata/RHSA-2007-0813.html
http://www.redhat.com/support/errata/RHSA-2007-1003.html
http://www.ubuntulinux.org/support/documentation/usn/usn-522-1
CERT/CC vulnerability note: VU#724968
http://www.kb.cert.org/vuls/id/724968
BugTraq ID: 25163
http://www.securityfocus.com/bid/25163
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9984
http://www.vupen.com/english/advisories/2007/2759
http://www.vupen.com/english/advisories/2007/4010
http://www.vupen.com/english/advisories/2008/0064
http://www.vupen.com/english/advisories/2008/2396
http://www.vupen.com/english/advisories/2008/2361
http://www.vupen.com/english/advisories/2008/2362
http://secunia.com/advisories/26411
http://secunia.com/advisories/26893
http://secunia.com/advisories/27021
http://secunia.com/advisories/27097
http://secunia.com/advisories/27078
http://secunia.com/advisories/27205
http://secunia.com/advisories/27330
http://secunia.com/advisories/27770
http://secunia.com/advisories/27870
http://secunia.com/advisories/28368
http://secunia.com/advisories/30161
http://secunia.com/advisories/30220
http://secunia.com/advisories/31467
http://secunia.com/advisories/31489
http://secunia.com/advisories/31531
Common Vulnerability Exposure (CVE) ID: CVE-2007-4995
Bugtraq: 20071012 OpenSSL Security Advisory (Google Search)
http://www.securityfocus.com/archive/1/archive/1/482167/100/0/threaded
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738962
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00218.html
http://security.gentoo.org/glsa/glsa-200710-30.xml
HPdes Security Advisory: HPSBUX02296
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01299773
HPdes Security Advisory: SSRT071504
http://www.mandriva.com/security/advisories?name=MDKSA-2007:237
SuSE Security Announcement: SUSE-SR:2007:021 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html
http://www.ubuntulinux.org/support/documentation/usn/usn-534-1
BugTraq ID: 26055
http://www.securityfocus.com/bid/26055
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10288
http://secunia.com/advisories/30852
http://www.vupen.com/english/advisories/2007/3487
http://www.vupen.com/english/advisories/2007/4219
http://securitytracker.com/id?1018810
http://secunia.com/advisories/25878
http://secunia.com/advisories/27217
http://secunia.com/advisories/27271
http://secunia.com/advisories/27363
http://secunia.com/advisories/27434
http://secunia.com/advisories/27933
http://secunia.com/advisories/28084
http://www.vupen.com/english/advisories/2008/1937/references
XForce ISS Database: openssl-dtls-code-execution(37185)
http://xforce.iss.net/xforce/xfdb/37185
Common Vulnerability Exposure (CVE) ID: CVE-2007-5135
Bugtraq: 20070927 OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow (Google Search)
http://www.securityfocus.com/archive/1/archive/1/480855/100/0/threaded
Bugtraq: 20071001 Re: OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow (Google Search)
http://www.securityfocus.com/archive/1/archive/1/481506/100/0/threaded
Bugtraq: 20071003 FLEA-2007-0058-1 openssl openssl-scripts (Google Search)
http://www.securityfocus.com/archive/1/archive/1/481488/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/481217/100/0/threaded
https://bugs.gentoo.org/show_bug.cgi?id=194039
http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
Debian Security Information: DSA-1379 (Google Search)
http://www.debian.org/security/2007/dsa-1379
FreeBSD Security Advisory: FreeBSD-SA-07:08
http://security.freebsd.org/advisories/FreeBSD-SA-07:08.openssl.asc
HPdes Security Advisory: HPSBUX02292
http://www.securityfocus.com/archive/1/archive/1/484353/100/0/threaded
HPdes Security Advisory: SSRT071499
NETBSD Security Advisory: NetBSD-SA2008-007
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc
OpenBSD Security Advisory: [4.0] 017: SECURITY FIX: October 10, 2007
http://www.openbsd.org/errata40.html
OpenBSD Security Advisory: [4.1] 011: SECURITY FIX: October 10, 2007
http://www.openbsd.org/errata41.html
OpenBSD Security Advisory: [4.2] 002: SECURITY FIX: October 10, 2007
http://www.openbsd.org/errata42.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103130-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200858-1
SuSE Security Announcement: SUSE-SR:2007:020 (Google Search)
http://www.novell.com/linux/security/advisories/2007_20_sr.html
SuSE Security Announcement: SUSE-SR:2008:005 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
BugTraq ID: 25831
http://www.securityfocus.com/bid/25831
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10904
http://www.vupen.com/english/advisories/2007/3625
http://www.vupen.com/english/advisories/2007/3325
http://www.vupen.com/english/advisories/2007/4042
http://www.vupen.com/english/advisories/2007/4144
http://www.vupen.com/english/advisories/2008/2268
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5337
http://www.securitytracker.com/id?1018755
http://secunia.com/advisories/22130
http://secunia.com/advisories/27012
http://secunia.com/advisories/27051
http://secunia.com/advisories/27186
http://secunia.com/advisories/27394
http://secunia.com/advisories/27229
http://secunia.com/advisories/27031
http://secunia.com/advisories/27851
http://secunia.com/advisories/27961
http://secunia.com/advisories/29242
http://secunia.com/advisories/30124
http://secunia.com/advisories/31326
http://secunia.com/advisories/31308
http://securityreason.com/securityalert/3179
XForce ISS Database: openssl-sslgetshared-bo(36837)
http://xforce.iss.net/xforce/xfdb/36837
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 38907 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Registrierung eines neuen Benutzers
Email:
Benutzerkennung:
Passwort:
Bitte schicken Sie mir den monatlichen Newsletter, der mich über die neuesten Services, Verbesserungen und Umfragen informiert.
Bitte schicken Sie mir eine Anfälligkeitstest Benachrichtigung, wenn ein neuer Test hinzugefügt wird.
   Datenschutz
Anmeldung für registrierte Benutzer
 
Benutzerkennung:   
Passwort:  

 Benutzerkennung oder Passwort vergessen?
Email/Benutzerkennung:




Startseite | Über uns | Kontakt | Partnerprogramme | Datenschutz | Mailinglisten | Missbrauch
Sicherheits Überprüfungen | Verwaltete DNS | Netzwerk Überwachung | Webseiten Analysator | Internet Recherche Berichte
Web Sonde | Whois

© 1998-2014 E-Soft Inc. Alle Rechte vorbehalten.