Test ID:	1.3.6.1.4.1.25623.1.0.68704
Category:	FreeBSD Local Security Checks
Title:	FreeBSD Security Advisory (FreeBSD-SA-10:10.openssl.asc)
Summary:	The remote host is missing an update to the system; as announced in the referenced advisory FreeBSD-SA-10:10.openssl.asc
Description:	Summary: The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-10:10.openssl.asc Vulnerability Insight: FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. A race condition exists in the OpenSSL TLS server extension code parsing when used in a multi-threaded application, which uses OpenSSL's internal caching mechanism. The race condition can lead to a buffer overflow. [CVE-2010-3864] A double free exists in the SSL client ECDH handling code, when processing specially crafted public keys with invalid prime numbers. [CVE-2010-2939] Solution: Upgrade your system to the appropriate stable release or security branch dated after the correction date. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2939 1024296 http://securitytracker.com/id?1024296 20100807 openssl-1.0.0a http://seclists.org/fulldisclosure/2010/Aug/84 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX http://www.securityfocus.com/archive/1/516397/100/0/threaded 40906 http://secunia.com/advisories/40906 41105 http://secunia.com/advisories/41105 42309 http://secunia.com/advisories/42309 42413 http://secunia.com/advisories/42413 43312 http://secunia.com/advisories/43312 ADV-2010-2038 http://www.vupen.com/english/advisories/2010/2038 ADV-2010-2229 http://www.vupen.com/english/advisories/2010/2229 ADV-2010-3077 http://www.vupen.com/english/advisories/2010/3077 DSA-2100 http://www.debian.org/security/2010/dsa-2100 FreeBSD-SA-10:10 http://security.FreeBSD.org/advisories/FreeBSD-SA-10:10.openssl.asc HPSBMA02662 http://marc.info/?l=bugtraq&m=130331363227777&w=2 SSA:2010-326-01 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668793 SSRT100409 SUSE-SR:2010:021 http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html USN-1003-1 http://www.ubuntu.com/usn/USN-1003-1 [openssl-dev] 20100807 Re: openssl-1.0.0a and glibc detected sthg ;) http://www.mail-archive.com/openssl-dev%40openssl.org/msg28045.html [openssl-dev] 20100807 openssl-1.0.0a and glibc detected sthg ;) http://www.mail-archive.com/openssl-dev%40openssl.org/msg28043.html [openssl-dev] 20100808 Re: openssl-1.0.0a and glibc detected sthg ;) http://www.mail-archive.com/openssl-dev%40openssl.org/msg28049.html [oss-security] 20100812 Re: CVE Request: openssl double free http://www.openwall.com/lists/oss-security/2010/08/11/6 http://www.vmware.com/security/advisories/VMSA-2011-0003.html
Copyright	Copyright (C) 2011 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.