Turbolinux Local Security Tests : Turbolinux TLSA-2003-55 (openssl)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.52962

Categoría: Turbolinux Local Security Tests

Título: Turbolinux TLSA-2003-55 (openssl)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to openssl
announced via advisory TLSA-2003-55.

The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade,
full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.
Unusual ASN.1 tag values can cause an out of bounds read under certain circumstances,
resulting in a denial of service vulnerability.

The vulnerability allow an attacker can cause to denial of service of the openssl.

Solution: Please use the turbopkg (zabom) tool to apply the update.
http://www.securityspace.com/smysecure/catid.html?in=TLSA-2003-55

Risk factor : Medium

CVSS Score:
5.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2003-0543
BugTraq ID: 8732
http://www.securityfocus.com/bid/8732
http://www.cert.org/advisories/CA-2003-26.html
CERT/CC vulnerability note: VU#255484
http://www.kb.cert.org/vuls/id/255484
Debian Security Information: DSA-393 (Google Search)
http://www.debian.org/security/2003/dsa-393
Debian Security Information: DSA-394 (Google Search)
http://www.debian.org/security/2003/dsa-394
En Garde Linux Advisory: ESA-20030930-027
http://www.linuxsecurity.com/advisories/engarde_advisory-3693.html
http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4254
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5292
http://www.redhat.com/support/errata/RHSA-2003-291.html
http://www.redhat.com/support/errata/RHSA-2003-292.html
http://secunia.com/advisories/22249
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201029-1
http://www.vupen.com/english/advisories/2006/3900
Common Vulnerability Exposure (CVE) ID: CVE-2003-0544
CERT/CC vulnerability note: VU#380864
http://www.kb.cert.org/vuls/id/380864
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4574
XForce ISS Database: openssl-asn1-sslclient-dos(43041)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43041

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.52962
Categoría:	Turbolinux Local Security Tests
Título:	Turbolinux TLSA-2003-55 (openssl)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to openssl announced via advisory TLSA-2003-55. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. Unusual ASN.1 tag values can cause an out of bounds read under certain circumstances, resulting in a denial of service vulnerability. The vulnerability allow an attacker can cause to denial of service of the openssl. Solution: Please use the turbopkg (zabom) tool to apply the update. http://www.securityspace.com/smysecure/catid.html?in=TLSA-2003-55 Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0543 BugTraq ID: 8732 http://www.securityfocus.com/bid/8732 http://www.cert.org/advisories/CA-2003-26.html CERT/CC vulnerability note: VU#255484 http://www.kb.cert.org/vuls/id/255484 Debian Security Information: DSA-393 (Google Search) http://www.debian.org/security/2003/dsa-393 Debian Security Information: DSA-394 (Google Search) http://www.debian.org/security/2003/dsa-394 En Garde Linux Advisory: ESA-20030930-027 http://www.linuxsecurity.com/advisories/engarde_advisory-3693.html http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4254 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5292 http://www.redhat.com/support/errata/RHSA-2003-291.html http://www.redhat.com/support/errata/RHSA-2003-292.html http://secunia.com/advisories/22249 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201029-1 http://www.vupen.com/english/advisories/2006/3900 Common Vulnerability Exposure (CVE) ID: CVE-2003-0544 CERT/CC vulnerability note: VU#380864 http://www.kb.cert.org/vuls/id/380864 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4574 XForce ISS Database: openssl-asn1-sslclient-dos(43041) https://exchange.xforce.ibmcloud.com/vulnerabilities/43041
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com