Test Kennung:	1.3.6.1.4.1.25623.1.0.64132
Kategorie:	Mandrake Local Security Checks
Titel:	Mandrake Security Advisory MDVSA-2009:120 (openssl)
Zusammenfassung:	The remote host is missing an update to openssl;announced via advisory MDVSA-2009:120.
Beschreibung:	Summary: The remote host is missing an update to openssl announced via advisory MDVSA-2009:120. Vulnerability Insight: Multiple security vulnerabilities has been identified and fixed in OpenSSL: The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of future epoch DTLS records that are buffered in a queue, aka DTLS record buffer limitation bug. (CVE-2009-1377) Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka DTLS fragment handling memory leak. (CVE-2009-1378) The updated packages have been patched to prevent this. Affected: 2008.1, 2009.0, 2009.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1377 1022241 http://www.securitytracker.com/id?1022241 35001 http://www.securityfocus.com/bid/35001 35128 http://secunia.com/advisories/35128 35416 http://secunia.com/advisories/35416 35461 http://secunia.com/advisories/35461 35571 http://secunia.com/advisories/35571 35729 http://secunia.com/advisories/35729 36533 http://secunia.com/advisories/36533 37003 http://secunia.com/advisories/37003 38761 http://secunia.com/advisories/38761 38794 http://secunia.com/advisories/38794 38834 http://secunia.com/advisories/38834 42724 http://secunia.com/advisories/42724 42733 http://secunia.com/advisories/42733 ADV-2009-1377 http://www.vupen.com/english/advisories/2009/1377 ADV-2010-0528 http://www.vupen.com/english/advisories/2010/0528 GLSA-200912-01 http://security.gentoo.org/glsa/glsa-200912-01.xml HPSBMA02492 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444 MDVSA-2009:120 http://www.mandriva.com/security/advisories?name=MDVSA-2009:120 NetBSD-SA2009-009 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc RHSA-2009:1335 http://www.redhat.com/support/errata/RHSA-2009-1335.html SSA:2010-060-02 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049 SSRT100079 SUSE-SR:2009:011 http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html USN-792-1 http://www.ubuntu.com/usn/USN-792-1 [openssl-dev] 20090516 [openssl.org #1930] [PATCH] DTLS record buffer limitation bug http://marc.info/?l=openssl-dev&m=124247675613888&w=2 [oss-security] 20090518 Two OpenSSL DTLS remote DoS http://www.openwall.com/lists/oss-security/2009/05/18/1 [security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates http://lists.vmware.com/pipermail/security-announce/2010/000082.html http://cvs.openssl.org/chngview?cn=18187 http://rt.openssl.org/Ticket/Display.html?id=1930&user=guest&pass=guest http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html https://kb.bluecoat.com/index?page=content&id=SA50 https://launchpad.net/bugs/cve/2009-1377 oval:org.mitre.oval:def:6683 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6683 oval:org.mitre.oval:def:9663 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9663 Common Vulnerability Exposure (CVE) ID: CVE-2009-1378 8720 https://www.exploit-db.com/exploits/8720 [openssl-dev] 20090516 [openssl.org #1931] [PATCH] DTLS fragment handling memory leak http://marc.info/?l=openssl-dev&m=124247679213944&w=2 [openssl-dev] 20090518 Re: [openssl.org #1931] [PATCH] DTLS fragment handling memory leak http://marc.info/?l=openssl-dev&m=124263491424212&w=2 http://cvs.openssl.org/chngview?cn=18188 http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest https://launchpad.net/bugs/cve/2009-1378 oval:org.mitre.oval:def:11309 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11309 oval:org.mitre.oval:def:7229 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7229
Copyright	Copyright (C) 2009 E-Soft Inc.

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.