English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.120555
Categoría:Amazon Linux Local Security Checks
Título:Amazon Linux: Security Advisory (ALAS-2013-171)
Resumen:The remote host is missing an update for the 'openssl' package(s) announced via the ALAS-2013-171 advisory.
Descripción:Summary:
The remote host is missing an update for the 'openssl' package(s) announced via the ALAS-2013-171 advisory.

Vulnerability Insight:
It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169)

A NULL pointer dereference flaw was found in the OCSP response verification in OpenSSL. A malicious OCSP server could use this flaw to crash applications performing OCSP verification by sending a specially-crafted response. (CVE-2013-0166)

It was discovered that the TLS/SSL protocol could leak information about plain text when optional compression was used. An attacker able to control part of the plain text sent over an encrypted TLS/SSL connection could possibly use this flaw to recover other portions of the plain text. (CVE-2012-4929)

Note: This update disables zlib compression, which was previously enabled in OpenSSL by default. Applications using OpenSSL now need to explicitly enable zlib compression to use it.

Affected Software/OS:
'openssl' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-4929
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
BugTraq ID: 55704
http://www.securityfocus.com/bid/55704
Debian Security Information: DSA-2579 (Google Search)
http://www.debian.org/security/2012/dsa-2579
Debian Security Information: DSA-2627 (Google Search)
http://www.debian.org/security/2013/dsa-2627
Debian Security Information: DSA-3253 (Google Search)
http://www.debian.org/security/2015/dsa-3253
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html
HPdes Security Advisory: HPSBUX02866
http://marc.info/?l=bugtraq&m=136612293908376&w=2
HPdes Security Advisory: SSRT101139
http://jvn.jp/en/jp/JVN65273415/index.html
http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000129.html
http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/
http://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.html
http://news.ycombinator.com/item?id=4510829
http://security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successor
http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312
http://threatpost.com/en_us/blogs/new-attack-uses-ssltls-information-leak-hijack-https-sessions-090512
http://www.ekoparty.org/2012/thai-duong.php
http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091
http://www.theregister.co.uk/2012/09/14/crime_tls_attack/
https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls
https://gist.github.com/3696912
https://github.com/mpgn/CRIME-poc
https://threatpost.com/en_us/blogs/demo-crime-tls-attack-091212
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18920
RedHat Security Advisories: RHSA-2013:0587
http://rhn.redhat.com/errata/RHSA-2013-0587.html
SuSE Security Announcement: openSUSE-SU-2012:1420 (Google Search)
http://lists.opensuse.org/opensuse-updates/2012-10/msg00096.html
SuSE Security Announcement: openSUSE-SU-2013:0143 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html
SuSE Security Announcement: openSUSE-SU-2013:0157 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html
http://www.ubuntu.com/usn/USN-1627-1
http://www.ubuntu.com/usn/USN-1628-1
http://www.ubuntu.com/usn/USN-1898-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-0166
http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
CERT/CC vulnerability note: VU#737740
http://www.kb.cert.org/vuls/id/737740
Debian Security Information: DSA-2621 (Google Search)
http://www.debian.org/security/2013/dsa-2621
HPdes Security Advisory: HPSBOV02852
http://marc.info/?l=bugtraq&m=136432043316835&w=2
HPdes Security Advisory: HPSBUX02856
http://marc.info/?l=bugtraq&m=136396549913849&w=2
HPdes Security Advisory: HPSBUX02909
http://marc.info/?l=bugtraq&m=137545771702053&w=2
HPdes Security Advisory: SSRT101104
HPdes Security Advisory: SSRT101108
HPdes Security Advisory: SSRT101289
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18754
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19081
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19360
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19487
RedHat Security Advisories: RHSA-2013:0782
http://rhn.redhat.com/errata/RHSA-2013-0782.html
RedHat Security Advisories: RHSA-2013:0783
http://rhn.redhat.com/errata/RHSA-2013-0783.html
RedHat Security Advisories: RHSA-2013:0833
http://rhn.redhat.com/errata/RHSA-2013-0833.html
http://secunia.com/advisories/53623
http://secunia.com/advisories/55108
http://secunia.com/advisories/55139
SuSE Security Announcement: SUSE-SU-2015:0578 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html
SuSE Security Announcement: openSUSE-SU-2016:0640 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-0169
BugTraq ID: 57778
http://www.securityfocus.com/bid/57778
Cert/CC Advisory: TA13-051A
http://www.us-cert.gov/cas/techalerts/TA13-051A.html
Debian Security Information: DSA-2622 (Google Search)
http://www.debian.org/security/2013/dsa-2622
http://security.gentoo.org/glsa/glsa-201406-32.xml
HPdes Security Advisory: HPSBMU02874
http://marc.info/?l=bugtraq&m=136733161405818&w=2
HPdes Security Advisory: HPSBUX02857
http://marc.info/?l=bugtraq&m=136439120408139&w=2
HPdes Security Advisory: SSRT101103
HPdes Security Advisory: SSRT101184
http://www.mandriva.com/security/advisories?name=MDVSA-2013:095
http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/
http://www.isg.rhul.ac.uk/tls/TLStiming.pdf
https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html
http://openwall.com/lists/oss-security/2013/02/05/24
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18841
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19016
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19424
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19540
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19608
RedHat Security Advisories: RHSA-2013:1455
http://rhn.redhat.com/errata/RHSA-2013-1455.html
RedHat Security Advisories: RHSA-2013:1456
http://rhn.redhat.com/errata/RHSA-2013-1456.html
http://www.securitytracker.com/id/1029190
http://secunia.com/advisories/55322
http://secunia.com/advisories/55350
http://secunia.com/advisories/55351
SuSE Security Announcement: SUSE-SU-2013:0328 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html
SuSE Security Announcement: SUSE-SU-2013:0701 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html
SuSE Security Announcement: SUSE-SU-2014:0320 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html
SuSE Security Announcement: openSUSE-SU-2013:0375 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html
SuSE Security Announcement: openSUSE-SU-2013:0378 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html
http://www.ubuntu.com/usn/USN-1735-1
CopyrightCopyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.