Buffer overflow : OpenSSL 0.9.7-beta Buffer Overflow Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.117030

Categoría: Buffer overflow

Título: OpenSSL 0.9.7-beta Buffer Overflow Vulnerability

Resumen: OpenSSL is prone to a buffer overflow vulnerability.

Descripción: Summary:
OpenSSL is prone to a buffer overflow vulnerability.

Vulnerability Insight:
A buffer overflow when Kerberos is enabled allowed attackers to
execute arbitrary code by sending a long master key.

Affected Software/OS:
OpenSSL version 0.9.7-beta1 to 0.9.7-beta3 when Kerberos is enabled.

Solution:
Update to version 0.9.7 or later.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2002-0657
BugTraq ID: 5361
http://www.securityfocus.com/bid/5361
Bugtraq: 20020730 OpenSSL Security Altert - Remote Buffer Overflows: (Google Search)
Bugtraq: 20020730 OpenSSL patches for other versions (Google Search)
Bugtraq: 20020730 [OpenPKG-SA-2002.008] OpenPKG Security Advisory (openssl) (Google Search)
Caldera Security Advisory: CSSA-2002-033.0
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt
Caldera Security Advisory: CSSA-2002-033.1
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt
http://www.cert.org/advisories/CA-2002-23.html
CERT/CC vulnerability note: VU#561275
http://www.kb.cert.org/vuls/id/561275
Conectiva Linux advisory: CLA-2002:513
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000513
Debian Security Information: DSA-136 (Google Search)
FreeBSD Security Advisory: FreeBSD-SA-02:33
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-046.php
SuSE Security Announcement: SuSE-SA:2002:027 (Google Search)
http://www.iss.net/security_center/static/9715.php

Copyright Copyright (C) 2020 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.117030
Categoría:	Buffer overflow
Título:	OpenSSL 0.9.7-beta Buffer Overflow Vulnerability
Resumen:	OpenSSL is prone to a buffer overflow vulnerability.
Descripción:	Summary: OpenSSL is prone to a buffer overflow vulnerability. Vulnerability Insight: A buffer overflow when Kerberos is enabled allowed attackers to execute arbitrary code by sending a long master key. Affected Software/OS: OpenSSL version 0.9.7-beta1 to 0.9.7-beta3 when Kerberos is enabled. Solution: Update to version 0.9.7 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2002-0657 BugTraq ID: 5361 http://www.securityfocus.com/bid/5361 Bugtraq: 20020730 OpenSSL Security Altert - Remote Buffer Overflows: (Google Search) Bugtraq: 20020730 OpenSSL patches for other versions (Google Search) Bugtraq: 20020730 [OpenPKG-SA-2002.008] OpenPKG Security Advisory (openssl) (Google Search) Caldera Security Advisory: CSSA-2002-033.0 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt Caldera Security Advisory: CSSA-2002-033.1 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt http://www.cert.org/advisories/CA-2002-23.html CERT/CC vulnerability note: VU#561275 http://www.kb.cert.org/vuls/id/561275 Conectiva Linux advisory: CLA-2002:513 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000513 Debian Security Information: DSA-136 (Google Search) FreeBSD Security Advisory: FreeBSD-SA-02:33 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-046.php SuSE Security Announcement: SuSE-SA:2002:027 (Google Search) http://www.iss.net/security_center/static/9715.php
Copyright	Copyright (C) 2020 Greenbone Networks GmbH