English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 72022 CVE descriptions
and 38680 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.50753
Category:Mandrake Local Security Checks
Title:Mandrake Security Advisory MDKSA-2003:098 (openssl)
Summary:Mandrake Security Advisory MDKSA-2003:098 (openssl)
Description:
The remote host is missing an update to openssl
announced via advisory MDKSA-2003:098.

Two bugs were discovered in OpenSSL 0.9.6 and 0.9.7 by NISCC. The
parsing of unusual ASN.1 tag values can cause OpenSSL to crash, which
could be triggered by a remote attacker by sending a carefully-crafted
SSL client certificate to an application. Depending upon the
application targetted, the effects seen will vary
in some cases a DoS
(Denial of Service) could be performed, in others nothing noticeable
or adverse may happen. These two vulnerabilities have been assigned
CVE-2003-0543 and CVE-2003-0544.

Additionally, NISCC discovered a third bug in OpenSSL 0.9.7. Certain
ASN.1 encodings that are rejected as invalid by the parser can trigger
a bug in deallocation of a structure, leading to a double free. This
can be triggered by a remote attacker by sending a carefully-crafted
SSL client certificate to an application. This vulnerability may be
exploitable to execute arbitrary code. This vulnerability has been
assigned CVE-2003-0545.

The packages provided have been built with patches provided by the
OpenSSL group that resolve these issues.

A number of server applications such as OpenSSH and Apache that make
use of OpenSSL need to be restarted after the update has been applied
to ensure that they are protected from these issues. Users are
encouraged to restart all of these services or reboot their systems.

Affected versions: 8.2, 9.0, 9.1, 9.2, Corporate Server 2.1,
Multi Network Firewall 8.2


Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2003:098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0543
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0544
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0545
http://www.kb.cert.org/vuls/id/255484
http://www.kb.cert.org/vuls/id/380864
http://www.kb.cert.org/vuls/id/935264
http://www.openssl.org/news/secadv_20030930.txt
http://www.uniras.gov.uk/vuls/2003/006489/tls.htm
http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm

Risk factor : Critical
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2003-0543
http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm
http://www.redhat.com/support/errata/RHSA-2003-291.html
http://www.redhat.com/support/errata/RHSA-2003-292.html
En Garde Linux Advisory: ESA-20030930-027
http://www.linuxsecurity.com/advisories/engarde_advisory-3693.html
Debian Security Information: DSA-393 (Google Search)
http://www.debian.org/security/2003/dsa-393
Debian Security Information: DSA-394 (Google Search)
http://www.debian.org/security/2003/dsa-394
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201029-1
http://www.cert.org/advisories/CA-2003-26.html
CERT/CC vulnerability note: VU#255484
http://www.kb.cert.org/vuls/id/255484
BugTraq ID: 8732
http://www.securityfocus.com/bid/8732
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5292
http://www.vupen.com/english/advisories/2006/3900
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4254
http://secunia.com/advisories/22249
Common Vulnerability Exposure (CVE) ID: CVE-2003-0544
CERT/CC vulnerability note: VU#380864
http://www.kb.cert.org/vuls/id/380864
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4574
XForce ISS Database: openssl-asn1-sslclient-dos(43041)
http://xforce.iss.net/xforce/xfdb/43041
Common Vulnerability Exposure (CVE) ID: CVE-2003-0545
CERT/CC vulnerability note: VU#935264
http://www.kb.cert.org/vuls/id/935264
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2590
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 38680 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.