English | Deutsch | Español | Português
 UserID:
 Passwd:
 new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   		     Search 61204 CVE descriptions
and 32582 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.11060
Category:Gain a shell remotely
Title:OpenSSL overflow (generic test)
Summary:Checks for the behavior of OpenSSL
Description:
The remote host seems to be using a version of OpenSSL which is
older than 0.9.6e or 0.9.7-beta3

This version is vulnerable to a buffer overflow which,
may allow an attacker to obtain a shell on this host.

Solution : Upgrade to version 0.9.6e (0.9.7beta3) or newer
Compaq Insight Manager: www.compaq.com/support/files/server/us/download/15803.h
tml
Risk factor : High
Cross-Ref: BugTraq ID: 3004
BugTraq ID: 4316
BugTraq ID: 5363
Common Vulnerability Exposure (CVE) ID: CVE-2002-0656
Bugtraq: 20020730 OpenSSL Security Altert - Remote Buffer Overflows (Google Search)
RedHat Security Advisories: RHSA-2002:155
Debian Security Information: DSA-136 (Google Search)
Bugtraq: 20020730 [OpenPKG-SA-2002.008] OpenPKG Security Advisory (openssl) (Google Search)
Bugtraq: 20020730 TSLSA-2002-0063 - openssl (Google Search)
Bugtraq: 20020730 OpenSSL patches for other versions (Google Search)
En Garde Linux Advisory: ESA-20020730-019
Bugtraq: 20020730 GLSA: OpenSSL (Google Search)
SuSE Security Announcement: SuSE-SA:2002:027 (Google Search)
http://www.cert.org/advisories/CA-2002-23.html
CERT/CC vulnerability note: VU#102795
http://www.kb.cert.org/vuls/id/102795
CERT/CC vulnerability note: VU#258555
http://www.kb.cert.org/vuls/id/258555
Caldera Security Advisory: CSSA-2002-033.0
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt
Caldera Security Advisory: CSSA-2002-033.1
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt
FreeBSD Security Advisory: FreeBSD-SA-01:51
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-046.php
Conectiva Linux advisory: CLA-2002:513
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000513
http://www.iss.net/security_center/static/9714.php
BugTraq ID: 5362
http://www.securityfocus.com/bid/5362
http://www.securityfocus.com/bid/5363
http://www.iss.net/security_center/static/9716.php
Common Vulnerability Exposure (CVE) ID: CVE-2002-0655
CERT/CC vulnerability note: VU#308891
http://www.kb.cert.org/vuls/id/308891
BugTraq ID: 5364
http://www.securityfocus.com/bid/5364
Common Vulnerability Exposure (CVE) ID: CVE-2002-0657
Bugtraq: 20020730 OpenSSL Security Altert - Remote Buffer Overflows: (Google Search)
CERT/CC vulnerability note: VU#561275
http://www.kb.cert.org/vuls/id/561275
http://www.iss.net/security_center/static/9715.php
BugTraq ID: 5361
http://www.securityfocus.com/bid/5361
Common Vulnerability Exposure (CVE) ID: CVE-2002-0659
CERT/CC vulnerability note: VU#748355
http://www.kb.cert.org/vuls/id/748355
RedHat Security Advisories: RHSA-2002:164
http://rhn.redhat.com/errata/RHSA-2002-164.html
RedHat Security Advisories: RHSA-2002:161
http://rhn.redhat.com/errata/RHSA-2002-161.html
RedHat Security Advisories: RHSA-2002:160
http://rhn.redhat.com/errata/RHSA-2002-160.html
Conectiva Linux advisory: CLA-2002:516
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000516
BugTraq ID: 5366
http://www.securityfocus.com/bid/5366
http://www.iss.net/security_center/static/9718.php
Common Vulnerability Exposure (CVE) ID: CVE-2001-1141
Bugtraq: 20010710 OpenSSL Security Advisory: PRNG weakness in versions up to 0.9.6a (Google Search)
http://www.securityfocus.com/archive/1/195829
http://www.securityfocus.com/advisories/3475
NETBSD Security Advisory: NetBSD-SA2001-013
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-013.txt.asc
Conectiva Linux advisory: CLA-2001:418
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000418
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-065.php3?dis=8.0
http://www.redhat.com/support/errata/RHSA-2001-051.html
En Garde Linux Advisory: ESA-20010709-01
http://www.linuxsecurity.com/advisories/other_advisory-1483.html
http://www.securityfocus.com/bid/3004
XForce ISS Database: openssl-prng-brute-force(6823)
http://xforce.iss.net/static/6823.php
http://www.osvdb.org/853
CopyrightThis script is Copyright (C) 2002 Solar Eclipse / Renaud Deraison

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  
 Forgot userid or passwd?
Email/Userid:



Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2013 E-Soft Inc. All rights reserved.