FreeBSD Local Security Checks : FreeBSD Security Advisory (FreeBSD-SA-04:05.openssl.asc)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.52647

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Security Advisory (FreeBSD-SA-04:05.openssl.asc)

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory FreeBSD-SA-04:05.openssl.asc

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory FreeBSD-SA-04:05.openssl.asc

Vulnerability Insight:
FreeBSD includes software from the OpenSSL Project. The OpenSSL
Project is a collaborative effort to develop a robust, commercial-
grade, full-featured, and Open Source toolkit implementing the Secure
Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
protocols as well as a full-strength general purpose cryptography
library.

When processing an SSL/TLS ChangeCipherSpec message, OpenSSL may fail to
check that a new cipher has been previously negotiated. This may result
in a null pointer dereference.

Solution:
Upgrade your system to the appropriate stable release
or security branch dated after the correction date.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-0079
http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html
http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html
BugTraq ID: 9899
http://www.securityfocus.com/bid/9899
Bugtraq: 20040317 New OpenSSL releases fix denial of service attacks [17 March 2004] (Google Search)
http://marc.info/?l=bugtraq&m=107953412903636&w=2
Cert/CC Advisory: TA04-078A
http://www.us-cert.gov/cas/techalerts/TA04-078A.html
CERT/CC vulnerability note: VU#288574
http://www.kb.cert.org/vuls/id/288574
Computer Incident Advisory Center Bulletin: O-101
http://www.ciac.org/ciac/bulletins/o-101.shtml
Cisco Security Advisory: 20040317 Cisco OpenSSL Implementation Vulnerability
http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml
Conectiva Linux advisory: CLA-2004:834
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834
Debian Security Information: DSA-465 (Google Search)
http://www.debian.org/security/2004/dsa-465
En Garde Linux Advisory: ESA-20040317-003
http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html
http://fedoranews.org/updates/FEDORA-2004-095.shtml
http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html
FreeBSD Security Advisory: FreeBSD-SA-04:05
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc
http://security.gentoo.org/glsa/glsa-200403-03.xml
HPdes Security Advisory: SSRT4717
http://marc.info/?l=bugtraq&m=108403806509920&w=2
http://www.mandriva.com/security/advisories?name=MDKSA-2004:023
http://www.uniras.gov.uk/vuls/2004/224012/index.htm
NETBSD Security Advisory: NetBSD-SA2004-005
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5770
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A870
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779
http://www.redhat.com/support/errata/RHSA-2004-120.html
http://www.redhat.com/support/errata/RHSA-2004-121.html
http://www.redhat.com/support/errata/RHSA-2004-139.html
http://www.redhat.com/support/errata/RHSA-2005-829.html
http://www.redhat.com/support/errata/RHSA-2005-830.html
SCO Security Bulletin: SCOSA-2004.10
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt
http://secunia.com/advisories/11139
http://secunia.com/advisories/17381
http://secunia.com/advisories/17398
http://secunia.com/advisories/17401
http://secunia.com/advisories/18247
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.455961
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524
SuSE Security Announcement: SuSE-SA:2004:007 (Google Search)
http://www.novell.com/linux/security/advisories/2004_07_openssl.html
http://www.trustix.org/errata/2004/0012
XForce ISS Database: openssl-dochangecipherspec-dos(15505)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15505

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.52647
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Security Advisory (FreeBSD-SA-04:05.openssl.asc)
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory FreeBSD-SA-04:05.openssl.asc
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-04:05.openssl.asc Vulnerability Insight: FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial- grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. When processing an SSL/TLS ChangeCipherSpec message, OpenSSL may fail to check that a new cipher has been previously negotiated. This may result in a null pointer dereference. Solution: Upgrade your system to the appropriate stable release or security branch dated after the correction date. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0079 http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html BugTraq ID: 9899 http://www.securityfocus.com/bid/9899 Bugtraq: 20040317 New OpenSSL releases fix denial of service attacks [17 March 2004] (Google Search) http://marc.info/?l=bugtraq&m=107953412903636&w=2 Cert/CC Advisory: TA04-078A http://www.us-cert.gov/cas/techalerts/TA04-078A.html CERT/CC vulnerability note: VU#288574 http://www.kb.cert.org/vuls/id/288574 Computer Incident Advisory Center Bulletin: O-101 http://www.ciac.org/ciac/bulletins/o-101.shtml Cisco Security Advisory: 20040317 Cisco OpenSSL Implementation Vulnerability http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml Conectiva Linux advisory: CLA-2004:834 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834 Debian Security Information: DSA-465 (Google Search) http://www.debian.org/security/2004/dsa-465 En Garde Linux Advisory: ESA-20040317-003 http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html http://fedoranews.org/updates/FEDORA-2004-095.shtml http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html FreeBSD Security Advisory: FreeBSD-SA-04:05 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc http://security.gentoo.org/glsa/glsa-200403-03.xml HPdes Security Advisory: SSRT4717 http://marc.info/?l=bugtraq&m=108403806509920&w=2 http://www.mandriva.com/security/advisories?name=MDKSA-2004:023 http://www.uniras.gov.uk/vuls/2004/224012/index.htm NETBSD Security Advisory: NetBSD-SA2004-005 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5770 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A870 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779 http://www.redhat.com/support/errata/RHSA-2004-120.html http://www.redhat.com/support/errata/RHSA-2004-121.html http://www.redhat.com/support/errata/RHSA-2004-139.html http://www.redhat.com/support/errata/RHSA-2005-829.html http://www.redhat.com/support/errata/RHSA-2005-830.html SCO Security Bulletin: SCOSA-2004.10 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt http://secunia.com/advisories/11139 http://secunia.com/advisories/17381 http://secunia.com/advisories/17398 http://secunia.com/advisories/17401 http://secunia.com/advisories/18247 http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.455961 http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524 SuSE Security Announcement: SuSE-SA:2004:007 (Google Search) http://www.novell.com/linux/security/advisories/2004_07_openssl.html http://www.trustix.org/errata/2004/0012 XForce ISS Database: openssl-dochangecipherspec-dos(15505) https://exchange.xforce.ibmcloud.com/vulnerabilities/15505
Copyright	Copyright (C) 2008 E-Soft Inc.