English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.57491
Category:Slackware Local Security Checks
Title:Slackware: Security Advisory (SSA:2006-272-01)
Summary:The remote host is missing an update for the 'openssl' package(s) announced via the SSA:2006-272-01 advisory.
Description:Summary:
The remote host is missing an update for the 'openssl' package(s) announced via the SSA:2006-272-01 advisory.

Vulnerability Insight:
New openssl packages are available for Slackware 9.0, 9.1, 10.0, 10.1,
10.2, and -current to fix security issues.

More details about these issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:

[links moved to references]

Here are the details from the Slackware 10.2 ChangeLog:
+--------------------------+
patches/packages/openssl-0.9.7l-i486-1_slack10.2.tgz:
Upgraded to shared libraries from openssl-0.9.7l.
See openssl package update below.
(* Security fix *)
patches/packages/openssl-0.9.7l-i486-1_slack10.2.tgz:
Upgraded to openssl-0.9.7l.
This fixes a few security related issues:
During the parsing of certain invalid ASN.1 structures an error
condition is mishandled. This can result in an infinite loop which
consumes system memory (CVE-2006-2937). (This issue did not affect
OpenSSL versions prior to 0.9.7)
Thanks to Dr S. N. Henson of Open Network Security and NISCC.
Certain types of public key can take disproportionate amounts of
time to process. This could be used by an attacker in a denial of
service attack (CVE-2006-2940).
Thanks to Dr S. N. Henson of Open Network Security and NISCC.
A buffer overflow was discovered in the SSL_get_shared_ciphers()
utility function. An attacker could send a list of ciphers to an
application that uses this function and overrun a buffer.
(CVE-2006-3738)
Thanks to Tavis Ormandy and Will Drewry of the Google Security Team.
A flaw in the SSLv2 client code was discovered. When a client
application used OpenSSL to create an SSLv2 connection to a malicious
server, that server could cause the client to crash (CVE-2006-4343).
Thanks to Tavis Ormandy and Will Drewry of the Google Security Team.
Links to the CVE entries will be found here:
[links moved to references]
(* Security fix *)
+--------------------------+

Affected Software/OS:
'openssl' package(s) on Slackware 9.0, Slackware 9.1, Slackware 10.0, Slackware 10.1, Slackware 10.2, Slackware current.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-2937
1016943
http://securitytracker.com/id?1016943
102668
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1
102747
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1
200585
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1
2006-0054
http://www.trustix.org/errata/2006/0054
20060928 [SECURITY] OpenSSL 0.9.8d and 0.9.7l released
http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html
20060928 rPSA-2006-0175-1 openssl openssl-scripts
http://www.securityfocus.com/archive/1/447318/100/0/threaded
20060929 rPSA-2006-0175-2 openssl openssl-scripts
http://www.securityfocus.com/archive/1/447393/100/0/threaded
20061001-01-P
ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
20061108 Multiple Vulnerabilities in OpenSSL Library
http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html
20061108 Multiple Vulnerabilities in OpenSSL library
http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml
20070110 VMware ESX server security updates
http://www.securityfocus.com/archive/1/456546/100/200/threaded
20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues
http://www.securityfocus.com/archive/1/489739/100/0/threaded
201534
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1
20248
http://www.securityfocus.com/bid/20248
22094
http://secunia.com/advisories/22094
22116
http://secunia.com/advisories/22116
22130
http://secunia.com/advisories/22130
22165
http://secunia.com/advisories/22165
22166
http://secunia.com/advisories/22166
22172
http://secunia.com/advisories/22172
22186
http://secunia.com/advisories/22186
22193
http://secunia.com/advisories/22193
22207
http://secunia.com/advisories/22207
22212
http://secunia.com/advisories/22212
22216
http://secunia.com/advisories/22216
22220
http://secunia.com/advisories/22220
22240
http://secunia.com/advisories/22240
22259
http://secunia.com/advisories/22259
22260
http://secunia.com/advisories/22260
22284
http://secunia.com/advisories/22284
22298
http://secunia.com/advisories/22298
22330
http://secunia.com/advisories/22330
22385
http://secunia.com/advisories/22385
22460
http://secunia.com/advisories/22460
22487
http://secunia.com/advisories/22487
22544
http://secunia.com/advisories/22544
22626
http://secunia.com/advisories/22626
22671
http://secunia.com/advisories/22671
22758
http://secunia.com/advisories/22758
22772
http://secunia.com/advisories/22772
22799
http://secunia.com/advisories/22799
23038
http://secunia.com/advisories/23038
23131
http://secunia.com/advisories/23131
23155
http://secunia.com/advisories/23155
23280
http://secunia.com/advisories/23280
23309
http://secunia.com/advisories/23309
23340
http://secunia.com/advisories/23340
23351
http://secunia.com/advisories/23351
23680
http://secunia.com/advisories/23680
23915
http://secunia.com/advisories/23915
24930
http://secunia.com/advisories/24930
24950
http://secunia.com/advisories/24950
25889
http://secunia.com/advisories/25889
26329
http://secunia.com/advisories/26329
28276
http://www.securityfocus.com/bid/28276
29260
http://www.osvdb.org/29260
30124
http://secunia.com/advisories/30124
31492
http://secunia.com/advisories/31492
31531
http://secunia.com/advisories/31531
ADV-2006-3820
http://www.vupen.com/english/advisories/2006/3820
ADV-2006-3860
http://www.vupen.com/english/advisories/2006/3860
ADV-2006-3869
http://www.vupen.com/english/advisories/2006/3869
ADV-2006-3902
http://www.vupen.com/english/advisories/2006/3902
ADV-2006-3936
http://www.vupen.com/english/advisories/2006/3936
ADV-2006-4019
http://www.vupen.com/english/advisories/2006/4019
ADV-2006-4036
http://www.vupen.com/english/advisories/2006/4036
ADV-2006-4264
http://www.vupen.com/english/advisories/2006/4264
ADV-2006-4327
http://www.vupen.com/english/advisories/2006/4327
ADV-2006-4329
http://www.vupen.com/english/advisories/2006/4329
ADV-2006-4401
http://www.vupen.com/english/advisories/2006/4401
ADV-2006-4417
http://www.vupen.com/english/advisories/2006/4417
ADV-2006-4750
http://www.vupen.com/english/advisories/2006/4750
ADV-2006-4761
http://www.vupen.com/english/advisories/2006/4761
ADV-2006-4980
http://www.vupen.com/english/advisories/2006/4980
ADV-2007-0343
http://www.vupen.com/english/advisories/2007/0343
ADV-2007-1401
http://www.vupen.com/english/advisories/2007/1401
ADV-2007-2315
http://www.vupen.com/english/advisories/2007/2315
ADV-2007-2783
http://www.vupen.com/english/advisories/2007/2783
ADV-2008-0905
http://www.vupen.com/english/advisories/2008/0905/references
ADV-2008-2396
http://www.vupen.com/english/advisories/2008/2396
APPLE-SA-2006-11-28
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
DSA-1185
http://www.debian.org/security/2006/dsa-1185
FreeBSD-SA-06:23.openssl
http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc
GLSA-200610-11
http://security.gentoo.org/glsa/glsa-200610-11.xml
GLSA-200612-11
http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml
HPSBMA02250
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771
HPSBOV02683
http://marc.info/?l=bugtraq&m=130497311408250&w=2
HPSBTU02207
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144
HPSBUX02174
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100
HPSBUX02186
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540
MDKSA-2006:172
http://www.mandriva.com/security/advisories?name=MDKSA-2006:172
MDKSA-2006:177
http://www.mandriva.com/security/advisories?name=MDKSA-2006:177
MDKSA-2006:178
http://www.mandriva.com/security/advisories?name=MDKSA-2006:178
NetBSD-SA2008-007
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc
OpenPKG-SA-2006.021
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html
RHSA-2006:0695
http://www.redhat.com/support/errata/RHSA-2006-0695.html
RHSA-2008:0629
http://www.redhat.com/support/errata/RHSA-2008-0629.html
SSA:2006-272-01
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.676946
SSRT061213
SSRT061239
SSRT061275
SSRT071299
SSRT071304
SSRT090208
SUSE-SA:2006:058
http://www.novell.com/linux/security/advisories/2006_58_openssl.html
SUSE-SR:2006:024
http://www.novell.com/linux/security/advisories/2006_24_sr.html
TA06-333A
http://www.us-cert.gov/cas/techalerts/TA06-333A.html
USN-353-1
http://www.ubuntu.com/usn/usn-353-1
VU#247744
http://www.kb.cert.org/vuls/id/247744
[3.9] 20061007 013: SECURITY FIX: October 7, 2006
http://openbsd.org/errata.html#openssl2
[bind-announce] 20061103 Internet Systems Consortium Security Advisory. [revised]
http://marc.info/?l=bind-announce&m=116253119512445&w=2
[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues
http://lists.vmware.com/pipermail/security-announce/2008/000008.html
http://docs.info.apple.com/article.html?artnum=304829
http://issues.rpath.com/browse/RPL-613
http://kolab.org/security/kolab-vendor-notice-11.txt
http://openvpn.net/changelog.html
http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227
http://support.attachmate.com/techdocs/2374.html
http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm
http://www.arkoon.fr/upload/alertes/37AK-2006-06-FR-1.1_FAST360_OPENSSL_ASN1.pdf
http://www.arkoon.fr/upload/alertes/41AK-2006-08-FR-1.1_SSL360_OPENSSL_ASN1.pdf
http://www.f-secure.com/security/fsc-2006-6.shtml
http://www.openssl.org/news/secadv_20060928.txt
http://www.serv-u.com/releasenotes/
http://www.vmware.com/security/advisories/VMSA-2008-0005.html
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
http://www.vmware.com/support/player/doc/releasenotes_player.html
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
http://www.vmware.com/support/server/doc/releasenotes_server.html
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf
openssl-asn1-error-dos(29228)
https://exchange.xforce.ibmcloud.com/vulnerabilities/29228
oval:org.mitre.oval:def:10560
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10560
Common Vulnerability Exposure (CVE) ID: CVE-2006-2940
1017522
http://securitytracker.com/id?1017522
20247
http://www.securityfocus.com/bid/20247
22083
http://www.securityfocus.com/bid/22083
22500
http://secunia.com/advisories/22500
23794
http://secunia.com/advisories/23794
26893
http://secunia.com/advisories/26893
29261
http://www.osvdb.org/29261
DSA-1195
http://www.debian.org/security/2006/dsa-1195
USN-353-2
http://www.ubuntu.com/usn/usn-353-2
http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html
http://www.uniras.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=en
https://issues.rpath.com/browse/RPL-1633
openssl-publickey-dos(29230)
https://exchange.xforce.ibmcloud.com/vulnerabilities/29230
oval:org.mitre.oval:def:10311
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10311
Common Vulnerability Exposure (CVE) ID: CVE-2006-3738
102711
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1
20070602 Recent OpenSSL exploits
http://www.securityfocus.com/archive/1/470460/100/0/threaded
201531
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1
20249
http://www.securityfocus.com/bid/20249
22633
http://secunia.com/advisories/22633
22654
http://secunia.com/advisories/22654
22791
http://secunia.com/advisories/22791
29262
http://www.osvdb.org/29262
30161
http://secunia.com/advisories/30161
ADV-2006-4314
http://www.vupen.com/english/advisories/2006/4314
ADV-2006-4443
http://www.vupen.com/english/advisories/2006/4443
FreeBSD-SA-06:23
GLSA-200805-07
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
VU#547300
http://www.kb.cert.org/vuls/id/547300
http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=498093&RenditionID=&poid=8881
openssl-sslgetsharedciphers-bo(29237)
https://exchange.xforce.ibmcloud.com/vulnerabilities/29237
oval:org.mitre.oval:def:4256
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4256
oval:org.mitre.oval:def:9370
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9370
Common Vulnerability Exposure (CVE) ID: CVE-2006-4343
20246
http://www.securityfocus.com/bid/20246
25420
http://secunia.com/advisories/25420
29263
http://www.osvdb.org/29263
4773
https://www.exploit-db.com/exploits/4773
ADV-2007-1973
http://www.vupen.com/english/advisories/2007/1973
VU#386964
http://www.kb.cert.org/vuls/id/386964
http://www.ingate.com/relnote-452.php
openssl-sslv2-client-dos(29240)
https://exchange.xforce.ibmcloud.com/vulnerabilities/29240
oval:org.mitre.oval:def:10207
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10207
oval:org.mitre.oval:def:4356
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4356
CopyrightCopyright (C) 2012 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.