 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.54252 |
| Category: | Trustix Local Security Checks |
| Title: | Trustix Security Advisory TSLSA-2003-0005 (openssl) |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing updates announced in advisory TSLSA-2003-0005. From the openssl advisory: OpenSSL version since 0.9.6c supposedly treat block cipher padding errors like MAC verification errors during record decryption (see http://www.openssl.org/~ bodo/tls-cbc.txt), but MAC verification was still skipped after detection of a padding error, which allowed the timing attack. (Note that it is likely that other SSL/TLS implementations will have similar problems.) OpenSSL 0.9.6i and 0.9.7a perform a MAC computation even if incorrrect block cipher padding has been found to minimize information leaked via timing. For earlier versions starting with 0.9.6e, the enclosed security patch can be used. Solution: Update your system with the packages as indicated in the referenced security advisory. http://www.securityspace.com/smysecure/catid.html?in=TSLSA-2003-0005 Risk factor : High |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |