English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.58681
Categoría:Red Hat Local Security Checks
Título:RedHat Security Advisory RHSA-2007:0813
Resumen:NOSUMMARY
Descripción:Description:

The remote host is missing updates announced in
advisory RHSA-2007:0813.

OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and
Transport Layer Security (TLS v1) protocols as well as a full-strength
general purpose cryptography library.

A flaw was found in the SSL_get_shared_ciphers() utility function. An
attacker could send a list of ciphers to an application that used this
function and overrun a buffer with a single byte (CVE-2007-5135). Few
applications make use of this vulnerable function and generally it is used
only when applications are compiled for debugging.

A number of possible side-channel attacks were discovered affecting
OpenSSL. A local attacker could possibly obtain RSA private keys being
used on a system. In practice these attacks would be difficult to perform
outside of a lab environment. This update contains backported patches
designed to mitigate these issues. (CVE-2007-3108).

Users of OpenSSL should upgrade to these updated packages, which contain
backported patches to resolve these issues.

Note: After installing this update, users are advised to either restart all
services that use OpenSSL or restart their system.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2007-0813.html
http://www.redhat.com/security/updates/classification/#moderate

Risk factor : High

CVSS Score:
6.8

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2007-3108
20070813 FLEA-2007-0043-1 openssl
http://www.securityfocus.com/archive/1/476341/100/0/threaded
20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages
http://www.securityfocus.com/archive/1/485936/100/0/threaded
20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages
http://www.securityfocus.com/archive/1/486859/100/0/threaded
25163
http://www.securityfocus.com/bid/25163
26411
http://secunia.com/advisories/26411
26893
http://secunia.com/advisories/26893
27021
http://secunia.com/advisories/27021
27078
http://secunia.com/advisories/27078
27097
http://secunia.com/advisories/27097
27205
http://secunia.com/advisories/27205
27330
http://secunia.com/advisories/27330
27770
http://secunia.com/advisories/27770
27870
http://secunia.com/advisories/27870
28368
http://secunia.com/advisories/28368
30161
http://secunia.com/advisories/30161
30220
http://secunia.com/advisories/30220
31467
http://secunia.com/advisories/31467
31489
http://secunia.com/advisories/31489
31531
http://secunia.com/advisories/31531
ADV-2007-2759
http://www.vupen.com/english/advisories/2007/2759
ADV-2007-4010
http://www.vupen.com/english/advisories/2007/4010
ADV-2008-0064
http://www.vupen.com/english/advisories/2008/0064
ADV-2008-2361
http://www.vupen.com/english/advisories/2008/2361
ADV-2008-2362
http://www.vupen.com/english/advisories/2008/2362
ADV-2008-2396
http://www.vupen.com/english/advisories/2008/2396
DSA-1571
http://www.debian.org/security/2008/dsa-1571
GLSA-200710-06
http://security.gentoo.org/glsa/glsa-200710-06.xml
GLSA-200805-07
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
MDKSA-2007:193
http://www.mandriva.com/security/advisories?name=MDKSA-2007:193
RHSA-2007:0813
http://www.redhat.com/support/errata/RHSA-2007-0813.html
RHSA-2007:0964
http://www.redhat.com/support/errata/RHSA-2007-0964.html
RHSA-2007:1003
http://www.redhat.com/support/errata/RHSA-2007-1003.html
USN-522-1
https://usn.ubuntu.com/522-1/
VU#724968
http://www.kb.cert.org/vuls/id/724968
[Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages
http://lists.vmware.com/pipermail/security-announce/2008/000002.html
http://cvs.openssl.org/chngview?cn=16275
http://openssl.org/news/patch-CVE-2007-3108.txt
http://support.attachmate.com/techdocs/2374.html
http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm
http://www.bluecoat.com/support/securityadvisories/advisory_openssl_rsa_key_reconstruction_vulnerability
http://www.kb.cert.org/vuls/id/RGII-74KLP3
http://www.vmware.com/security/advisories/VMSA-2008-0001.html
http://www.vmware.com/security/advisories/VMSA-2008-0013.html
https://issues.rpath.com/browse/RPL-1613
https://issues.rpath.com/browse/RPL-1633
oval:org.mitre.oval:def:9984
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9984
Common Vulnerability Exposure (CVE) ID: CVE-2007-5135
http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
BugTraq ID: 25831
http://www.securityfocus.com/bid/25831
Bugtraq: 20070927 OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow (Google Search)
http://www.securityfocus.com/archive/1/480855/100/0/threaded
Bugtraq: 20071004 Re: OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow (Google Search)
http://www.securityfocus.com/archive/1/481217/100/0/threaded
Bugtraq: 20071003 FLEA-2007-0058-1 openssl openssl-scripts (Google Search)
http://www.securityfocus.com/archive/1/481488/100/0/threaded
http://www.securityfocus.com/archive/1/481506/100/0/threaded
Bugtraq: 20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages (Google Search)
Bugtraq: 20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages (Google Search)
Debian Security Information: DSA-1379 (Google Search)
http://www.debian.org/security/2007/dsa-1379
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00218.html
FreeBSD Security Advisory: FreeBSD-SA-07:08
http://security.freebsd.org/advisories/FreeBSD-SA-07:08.openssl.asc
HPdes Security Advisory: HPSBUX02292
http://www.securityfocus.com/archive/1/484353/100/0/threaded
HPdes Security Advisory: SSRT071499
https://bugs.gentoo.org/show_bug.cgi?id=194039
NETBSD Security Advisory: NetBSD-SA2008-007
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc
OpenBSD Security Advisory: [4.0] 017: SECURITY FIX: October 10, 2007
http://www.openbsd.org/errata40.html
OpenBSD Security Advisory: [4.1] 011: SECURITY FIX: October 10, 2007
http://www.openbsd.org/errata41.html
OpenBSD Security Advisory: [4.2] 002: SECURITY FIX: October 10, 2007
http://www.openbsd.org/errata42.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10904
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5337
http://www.securitytracker.com/id?1018755
http://secunia.com/advisories/22130
http://secunia.com/advisories/27012
http://secunia.com/advisories/27031
http://secunia.com/advisories/27051
http://secunia.com/advisories/27186
http://secunia.com/advisories/27217
http://secunia.com/advisories/27229
http://secunia.com/advisories/27394
http://secunia.com/advisories/27851
http://secunia.com/advisories/27961
http://secunia.com/advisories/29242
http://secunia.com/advisories/30124
http://secunia.com/advisories/31308
http://secunia.com/advisories/31326
http://securityreason.com/securityalert/3179
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103130-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200858-1
SuSE Security Announcement: SUSE-SR:2007:020 (Google Search)
http://www.novell.com/linux/security/advisories/2007_20_sr.html
SuSE Security Announcement: SUSE-SR:2008:005 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
http://www.vupen.com/english/advisories/2007/3325
http://www.vupen.com/english/advisories/2007/3625
http://www.vupen.com/english/advisories/2007/4042
http://www.vupen.com/english/advisories/2007/4144
http://www.vupen.com/english/advisories/2008/2268
XForce ISS Database: openssl-sslgetshared-bo(36837)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36837
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.