|Title:||OpenSSL Security Bypass Vulnerability - DEC 2017 (Linux)|
|Summary:||This host is running OpenSSL and is prone; to a security bypass vulnerability.|
This host is running OpenSSL and is prone
to a security bypass vulnerability.
When SSL_read()/SSL_write() is subsequently called by the
application for the same SSL object then it will succeed and the data is passed without being
decrypted/encrypted directly from the SSL/TLS record layer.
Successfully exploiting this issue will allow attackers
to bypass security restrictions and perform unauthorized actions. This may aid in launching
OpenSSL 1.0.2 (starting from version 1.0.2b) before 1.0.2n
OpenSSL 1.0.2 users should upgrade to 1.0.2n.
BugTraq ID: 102103|
Common Vulnerability Exposure (CVE) ID: CVE-2017-3737
Debian Security Information: DSA-4065 (Google Search)
FreeBSD Security Advisory: FreeBSD-SA-17:12
RedHat Security Advisories: RHSA-2018:0998
RedHat Security Advisories: RHSA-2018:2185
RedHat Security Advisories: RHSA-2018:2186
RedHat Security Advisories: RHSA-2018:2187
|Copyright||Copyright (C) 2017 Greenbone Networks GmbH|
|This is only one of 69903 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.