ID de Prueba:	1.3.6.1.4.1.25623.1.0.68704
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Security Advisory (FreeBSD-SA-10:10.openssl.asc)
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory FreeBSD-SA-10:10.openssl.asc
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-10:10.openssl.asc Vulnerability Insight: FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. A race condition exists in the OpenSSL TLS server extension code parsing when used in a multi-threaded application, which uses OpenSSL's internal caching mechanism. The race condition can lead to a buffer overflow. [CVE-2010-3864] A double free exists in the SSL client ECDH handling code, when processing specially crafted public keys with invalid prime numbers. [CVE-2010-2939] Solution: Upgrade your system to the appropriate stable release or security branch dated after the correction date. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2939 1024296 http://securitytracker.com/id?1024296 20100807 openssl-1.0.0a http://seclists.org/fulldisclosure/2010/Aug/84 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX http://www.securityfocus.com/archive/1/516397/100/0/threaded 40906 http://secunia.com/advisories/40906 41105 http://secunia.com/advisories/41105 42309 http://secunia.com/advisories/42309 42413 http://secunia.com/advisories/42413 43312 http://secunia.com/advisories/43312 ADV-2010-2038 http://www.vupen.com/english/advisories/2010/2038 ADV-2010-2229 http://www.vupen.com/english/advisories/2010/2229 ADV-2010-3077 http://www.vupen.com/english/advisories/2010/3077 DSA-2100 http://www.debian.org/security/2010/dsa-2100 FreeBSD-SA-10:10 http://security.FreeBSD.org/advisories/FreeBSD-SA-10:10.openssl.asc HPSBMA02662 http://marc.info/?l=bugtraq&m=130331363227777&w=2 SSA:2010-326-01 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668793 SSRT100409 SUSE-SR:2010:021 http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html USN-1003-1 http://www.ubuntu.com/usn/USN-1003-1 [openssl-dev] 20100807 Re: openssl-1.0.0a and glibc detected sthg ;) http://www.mail-archive.com/openssl-dev%40openssl.org/msg28045.html [openssl-dev] 20100807 openssl-1.0.0a and glibc detected sthg ;) http://www.mail-archive.com/openssl-dev%40openssl.org/msg28043.html [openssl-dev] 20100808 Re: openssl-1.0.0a and glibc detected sthg ;) http://www.mail-archive.com/openssl-dev%40openssl.org/msg28049.html [oss-security] 20100812 Re: CVE Request: openssl double free http://www.openwall.com/lists/oss-security/2010/08/11/6 http://www.vmware.com/security/advisories/VMSA-2011-0003.html
Copyright	Copyright (C) 2011 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.