English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 61204 CVE descriptions
and 32582 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.57495
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-353-1 (openssl)
Summary:Ubuntu USN-353-1 (openssl)
Description:
The remote host is missing an update to openssl
announced via advisory USN-353-1.

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

Dr. Henson of the OpenSSL core team and Open Network Security
discovered a mishandled error condition in the ASN.1 parser. By
sending specially crafted packet data, a remote attacker could exploit
this to trigger an infinite loop, which would render the service
unusable and consume all available system memory. (CVE-2006-2937)

Certain types of public key could take disproportionate amounts of
time to process. The library now limits the maximum key exponent size
to avoid Denial of Service attacks. (CVE-2006-2940)

Tavis Ormandy and Will Drewry of the Google Security Team discovered a
buffer overflow in the SSL_get_shared_ciphers() function. By sending
specially crafted packets to applications that use this function (like
Exim, MySQL, or the openssl command line tool), a remote attacker
could exploit this to execute arbitrary code with the server's
privileges. (CVE-2006-3738)

Tavis Ormandy and Will Drewry of the Google Security Team reported
that the get_server_hello() function did not sufficiently check the
client's session certificate. This could be exploited to crash clients
by remote attackers sending specially crafted SSL responses.
(CVE-2006-4343)

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
libssl0.9.7 0.9.7e-3ubuntu0.4

Ubuntu 5.10:
libssl0.9.7 0.9.7g-1ubuntu1.3

Ubuntu 6.06 LTS:
libssl0.9.8 0.9.8a-7ubuntu0.2

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-353-1

Risk factor : Critical
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-2937
Bugtraq: 20070110 VMware ESX server security updates (Google Search)
http://www.securityfocus.com/archive/1/archive/1/456546/100/200/threaded
Bugtraq: 20060928 rPSA-2006-0175-1 openssl openssl-scripts (Google Search)
http://www.securityfocus.com/archive/1/archive/1/447318/100/0/threaded
Bugtraq: 20060929 rPSA-2006-0175-2 openssl openssl-scripts (Google Search)
http://www.securityfocus.com/archive/1/archive/1/447393/100/0/threaded
Bugtraq: 20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues (Google Search)
http://www.securityfocus.com/archive/1/archive/1/489739/100/0/threaded
http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html
http://marc.theaimsgroup.com/?l=bind-announce&m=116253119512445&w=2
http://lists.vmware.com/pipermail/security-announce/2008/000008.html
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
Cisco Security Advisory: 20061108 Multiple Vulnerabilities in OpenSSL library
http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml
Cisco Security Advisory: 20061108 Multiple Vulnerabilities in OpenSSL Library
http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html
Debian Security Information: DSA-1185 (Google Search)
http://www.debian.org/security/2006/dsa-1185
FreeBSD Security Advisory: FreeBSD-SA-06:23.openssl
http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc
http://security.gentoo.org/glsa/glsa-200610-11.xml
http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml
HPdes Security Advisory: HPSBUX02174
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100
HPdes Security Advisory: SSRT061239
HPdes Security Advisory: HPSBUX02186
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540
HPdes Security Advisory: SSRT071299
HPdes Security Advisory: HPSBTU02207
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144
HPdes Security Advisory: SSRT061213
HPdes Security Advisory: SSRT071304
HPdes Security Advisory: HPSBMA02250
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771
HPdes Security Advisory: SSRT061275
HPdes Security Advisory: HPSBOV02683
http://marc.info/?l=bugtraq&m=130497311408250&w=2
HPdes Security Advisory: SSRT090208
http://www.mandriva.com/security/advisories?name=MDKSA-2006:172
http://www.mandriva.com/security/advisories?name=MDKSA-2006:177
http://www.mandriva.com/security/advisories?name=MDKSA-2006:178
NETBSD Security Advisory: NetBSD-SA2008-007
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc
OpenBSD Security Advisory: [3.9] 20061007 013: SECURITY FIX: October 7, 2006
http://openbsd.org/errata.html#openssl2
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html
http://www.redhat.com/support/errata/RHSA-2006-0695.html
http://www.redhat.com/support/errata/RHSA-2008-0629.html
SGI Security Advisory: 20061001-01-P
ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.676946
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1
SuSE Security Announcement: SUSE-SA:2006:058 (Google Search)
http://www.novell.com/linux/security/advisories/2006_58_openssl.html
SuSE Security Announcement: SUSE-SR:2006:024 (Google Search)
http://www.novell.com/linux/security/advisories/2006_24_sr.html
http://www.trustix.org/errata/2006/0054
http://www.ubuntu.com/usn/usn-353-1
Cert/CC Advisory: TA06-333A
http://www.us-cert.gov/cas/techalerts/TA06-333A.html
CERT/CC vulnerability note: VU#247744
http://www.kb.cert.org/vuls/id/247744
BugTraq ID: 20248
http://www.securityfocus.com/bid/20248
BugTraq ID: 28276
http://www.securityfocus.com/bid/28276
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10560
http://www.vupen.com/english/advisories/2006/3820
http://www.vupen.com/english/advisories/2006/3860
http://www.vupen.com/english/advisories/2006/3902
http://www.vupen.com/english/advisories/2006/3869
http://www.vupen.com/english/advisories/2006/3936
http://www.vupen.com/english/advisories/2006/4019
http://www.vupen.com/english/advisories/2006/4036
http://www.vupen.com/english/advisories/2006/4264
http://www.vupen.com/english/advisories/2006/4327
http://www.vupen.com/english/advisories/2006/4329
http://www.vupen.com/english/advisories/2006/4417
http://www.vupen.com/english/advisories/2006/4401
http://www.vupen.com/english/advisories/2006/4750
http://www.vupen.com/english/advisories/2006/4761
http://www.vupen.com/english/advisories/2006/4980
http://www.vupen.com/english/advisories/2007/0343
http://www.vupen.com/english/advisories/2007/1401
http://www.vupen.com/english/advisories/2007/2315
http://www.vupen.com/english/advisories/2007/2783
http://www.vupen.com/english/advisories/2008/0905/references
http://www.vupen.com/english/advisories/2008/2396
http://www.osvdb.org/29260
http://securitytracker.com/id?1016943
http://secunia.com/advisories/22130
http://secunia.com/advisories/22094
http://secunia.com/advisories/22165
http://secunia.com/advisories/22186
http://secunia.com/advisories/22193
http://secunia.com/advisories/22207
http://secunia.com/advisories/22259
http://secunia.com/advisories/22260
http://secunia.com/advisories/22166
http://secunia.com/advisories/22172
http://secunia.com/advisories/22212
http://secunia.com/advisories/22240
http://secunia.com/advisories/22216
http://secunia.com/advisories/22116
http://secunia.com/advisories/22220
http://secunia.com/advisories/22284
http://secunia.com/advisories/22330
http://secunia.com/advisories/22385
http://secunia.com/advisories/22460
http://secunia.com/advisories/22544
http://secunia.com/advisories/22626
http://secunia.com/advisories/22487
http://secunia.com/advisories/22671
http://secunia.com/advisories/22758
http://secunia.com/advisories/22799
http://secunia.com/advisories/22772
http://secunia.com/advisories/23038
http://secunia.com/advisories/23155
http://secunia.com/advisories/23131
http://secunia.com/advisories/22298
http://secunia.com/advisories/23309
http://secunia.com/advisories/23280
http://secunia.com/advisories/23340
http://secunia.com/advisories/23351
http://secunia.com/advisories/23680
http://secunia.com/advisories/23915
http://secunia.com/advisories/24950
http://secunia.com/advisories/24930
http://secunia.com/advisories/25889
http://secunia.com/advisories/26329
http://secunia.com/advisories/30124
http://secunia.com/advisories/31531
http://secunia.com/advisories/31492
XForce ISS Database: openssl-asn1-error-dos(29228)
http://xforce.iss.net/xforce/xfdb/29228
Common Vulnerability Exposure (CVE) ID: CVE-2006-2940
http://www.uniras.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=en
Debian Security Information: DSA-1195 (Google Search)
http://www.debian.org/security/2006/dsa-1195
http://www.ubuntu.com/usn/usn-353-2
BugTraq ID: 20247
http://www.securityfocus.com/bid/20247
BugTraq ID: 22083
http://www.securityfocus.com/bid/22083
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10311
http://www.osvdb.org/29261
http://securitytracker.com/id?1017522
http://secunia.com/advisories/22500
http://secunia.com/advisories/23794
http://secunia.com/advisories/26893
XForce ISS Database: openssl-publickey-dos(29230)
http://xforce.iss.net/xforce/xfdb/29230
Common Vulnerability Exposure (CVE) ID: CVE-2006-3738
Bugtraq: 20070602 Recent OpenSSL exploits (Google Search)
http://www.securityfocus.com/archive/1/archive/1/470460/100/0/threaded
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1
CERT/CC vulnerability note: VU#547300
http://www.kb.cert.org/vuls/id/547300
BugTraq ID: 20249
http://www.securityfocus.com/bid/20249
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9370
http://www.vupen.com/english/advisories/2006/4314
http://www.vupen.com/english/advisories/2006/4443
http://www.osvdb.org/29262
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4256
http://secunia.com/advisories/22633
http://secunia.com/advisories/22654
http://secunia.com/advisories/22791
http://secunia.com/advisories/30161
XForce ISS Database: openssl-sslgetsharedciphers-bo(29237)
http://xforce.iss.net/xforce/xfdb/29237
Common Vulnerability Exposure (CVE) ID: CVE-2006-4343
http://www.milw0rm.com/exploits/4773
CERT/CC vulnerability note: VU#386964
http://www.kb.cert.org/vuls/id/386964
BugTraq ID: 20246
http://www.securityfocus.com/bid/20246
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10207
http://www.vupen.com/english/advisories/2007/1973
http://www.osvdb.org/29263
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4356
http://secunia.com/advisories/25420
XForce ISS Database: openssl-sslv2-client-dos(29240)
http://xforce.iss.net/xforce/xfdb/29240
CopyrightCopyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.