Red Hat Local Security Checks : RedHat Security Advisory RHSA-2004:119

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51125

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2004:119

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2004:119.

OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and
Transport Layer Security (TLS v1) protocols as well as a full-strength
general purpose cryptography library.

Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool
uncovered a bug in older versions of OpenSSL 0.9.6 prior to 0.9.6d that can
lead to a denial of service attack (infinite loop). The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CVE-2004-0081 to this issue.

Testing performed by Novell using a test suite provided by NISCC uncovered
an issue in the ASN.1 parser in versions of OpenSSL 0.9.6 prior to 0.9.6l
which could cause large recursion and possibly lead to a denial of service
attack if used where stack space is limited. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0851
to this issue.

These updated packages contain patches provided by the OpenSSL group that
protect against these issues.

NOTE: Because server applications are affected by this issue, users are
advised to either restart all services using OpenSSL functionality or
restart their system after installing these updated packages.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2004-119.html
http://www.codenomicon.com/testtools/tls/
http://www.niscc.gov.uk/

Risk factor : Medium

CVSS Score:
5.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-0081
BugTraq ID: 9899
http://www.securityfocus.com/bid/9899
Bugtraq: 20040317 Re: New OpenSSL releases fix denial of service attacks [17 March 2004] (Google Search)
http://marc.info/?l=bugtraq&m=107955049331965&w=2
Bugtraq: 20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=108403850228012&w=2
Cert/CC Advisory: TA04-078A
http://www.us-cert.gov/cas/techalerts/TA04-078A.html
CERT/CC vulnerability note: VU#465542
http://www.kb.cert.org/vuls/id/465542
Cisco Security Advisory: 20040317 Cisco OpenSSL Implementation Vulnerability
http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml
Conectiva Linux advisory: CLA-2004:834
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834
Debian Security Information: DSA-465 (Google Search)
http://www.debian.org/security/2004/dsa-465
En Garde Linux Advisory: ESA-20040317-003
http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html
http://fedoranews.org/updates/FEDORA-2004-095.shtml
http://security.gentoo.org/glsa/glsa-200403-03.xml
http://www.uniras.gov.uk/vuls/2004/224012/index.htm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902
RedHat Security Advisories: RHSA-2004:119
http://rhn.redhat.com/errata/RHSA-2004-119.html
http://www.redhat.com/support/errata/RHSA-2004-120.html
http://www.redhat.com/support/errata/RHSA-2004-121.html
http://www.redhat.com/support/errata/RHSA-2004-139.html
SCO Security Bulletin: SCOSA-2004.10
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt
http://secunia.com/advisories/11139
SGI Security Advisory: 20040304-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524
http://www.trustix.org/errata/2004/0012
XForce ISS Database: openssl-tls-dos(15509)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15509
Common Vulnerability Exposure (CVE) ID: CVE-2003-0851
BugTraq ID: 8970
http://www.securityfocus.com/bid/8970
Bugtraq: 20031104 [OpenSSL Advisory] Denial of Service in ASN.1 parsing (Google Search)
http://marc.info/?l=bugtraq&m=106796246511667&w=2
CERT/CC vulnerability note: VU#412478
http://www.kb.cert.org/vuls/id/412478
Cisco Security Advisory: 20030930 SSL Implementation Vulnerabilities
http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml
En Garde Linux Advisory: ESA-20031104-029
http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html
NETBSD Security Advisory: NetBSD-SA2004-003
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-003.txt.asc
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5528
http://secunia.com/advisories/17381

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51125
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2004:119
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2004:119. OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool uncovered a bug in older versions of OpenSSL 0.9.6 prior to 0.9.6d that can lead to a denial of service attack (infinite loop). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0081 to this issue. Testing performed by Novell using a test suite provided by NISCC uncovered an issue in the ASN.1 parser in versions of OpenSSL 0.9.6 prior to 0.9.6l which could cause large recursion and possibly lead to a denial of service attack if used where stack space is limited. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0851 to this issue. These updated packages contain patches provided by the OpenSSL group that protect against these issues. NOTE: Because server applications are affected by this issue, users are advised to either restart all services using OpenSSL functionality or restart their system after installing these updated packages. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2004-119.html http://www.codenomicon.com/testtools/tls/ http://www.niscc.gov.uk/ Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0081 BugTraq ID: 9899 http://www.securityfocus.com/bid/9899 Bugtraq: 20040317 Re: New OpenSSL releases fix denial of service attacks [17 March 2004] (Google Search) http://marc.info/?l=bugtraq&m=107955049331965&w=2 Bugtraq: 20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability (Google Search) http://marc.info/?l=bugtraq&m=108403850228012&w=2 Cert/CC Advisory: TA04-078A http://www.us-cert.gov/cas/techalerts/TA04-078A.html CERT/CC vulnerability note: VU#465542 http://www.kb.cert.org/vuls/id/465542 Cisco Security Advisory: 20040317 Cisco OpenSSL Implementation Vulnerability http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml Conectiva Linux advisory: CLA-2004:834 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834 Debian Security Information: DSA-465 (Google Search) http://www.debian.org/security/2004/dsa-465 En Garde Linux Advisory: ESA-20040317-003 http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html http://fedoranews.org/updates/FEDORA-2004-095.shtml http://security.gentoo.org/glsa/glsa-200403-03.xml http://www.uniras.gov.uk/vuls/2004/224012/index.htm https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902 RedHat Security Advisories: RHSA-2004:119 http://rhn.redhat.com/errata/RHSA-2004-119.html http://www.redhat.com/support/errata/RHSA-2004-120.html http://www.redhat.com/support/errata/RHSA-2004-121.html http://www.redhat.com/support/errata/RHSA-2004-139.html SCO Security Bulletin: SCOSA-2004.10 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt http://secunia.com/advisories/11139 SGI Security Advisory: 20040304-01-U ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524 http://www.trustix.org/errata/2004/0012 XForce ISS Database: openssl-tls-dos(15509) https://exchange.xforce.ibmcloud.com/vulnerabilities/15509 Common Vulnerability Exposure (CVE) ID: CVE-2003-0851 BugTraq ID: 8970 http://www.securityfocus.com/bid/8970 Bugtraq: 20031104 [OpenSSL Advisory] Denial of Service in ASN.1 parsing (Google Search) http://marc.info/?l=bugtraq&m=106796246511667&w=2 CERT/CC vulnerability note: VU#412478 http://www.kb.cert.org/vuls/id/412478 Cisco Security Advisory: 20030930 SSL Implementation Vulnerabilities http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml En Garde Linux Advisory: ESA-20031104-029 http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html NETBSD Security Advisory: NetBSD-SA2004-003 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-003.txt.asc https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5528 http://secunia.com/advisories/17381
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com