FreeBSD Local Security Checks : FreeBSD Ports: openssl

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.58053
Category:	FreeBSD Local Security Checks
Title:	FreeBSD Ports: openssl
Summary:	The remote host is missing an update to the system; as announced in the referenced advisory.
Description:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: openssl CVE-2006-2937 OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. CVE-2006-2940 OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) 'public exponent' or (2) 'public modulus' values in X.509 certificates that require extra time to process when using RSA signature verification. CVE-2006-3738 Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers. CVE-2006-4343 The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-2937 1016943 http://securitytracker.com/id?1016943 102668 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1 102747 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1 200585 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1 2006-0054 http://www.trustix.org/errata/2006/0054 20060928 [SECURITY] OpenSSL 0.9.8d and 0.9.7l released http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html 20060928 rPSA-2006-0175-1 openssl openssl-scripts http://www.securityfocus.com/archive/1/447318/100/0/threaded 20060929 rPSA-2006-0175-2 openssl openssl-scripts http://www.securityfocus.com/archive/1/447393/100/0/threaded 20061001-01-P ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc 20061108 Multiple Vulnerabilities in OpenSSL Library http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html 20061108 Multiple Vulnerabilities in OpenSSL library http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml 20070110 VMware ESX server security updates http://www.securityfocus.com/archive/1/456546/100/200/threaded 20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues http://www.securityfocus.com/archive/1/489739/100/0/threaded 201534 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1 20248 http://www.securityfocus.com/bid/20248 22094 http://secunia.com/advisories/22094 22116 http://secunia.com/advisories/22116 22130 http://secunia.com/advisories/22130 22165 http://secunia.com/advisories/22165 22166 http://secunia.com/advisories/22166 22172 http://secunia.com/advisories/22172 22186 http://secunia.com/advisories/22186 22193 http://secunia.com/advisories/22193 22207 http://secunia.com/advisories/22207 22212 http://secunia.com/advisories/22212 22216 http://secunia.com/advisories/22216 22220 http://secunia.com/advisories/22220 22240 http://secunia.com/advisories/22240 22259 http://secunia.com/advisories/22259 22260 http://secunia.com/advisories/22260 22284 http://secunia.com/advisories/22284 22298 http://secunia.com/advisories/22298 22330 http://secunia.com/advisories/22330 22385 http://secunia.com/advisories/22385 22460 http://secunia.com/advisories/22460 22487 http://secunia.com/advisories/22487 22544 http://secunia.com/advisories/22544 22626 http://secunia.com/advisories/22626 22671 http://secunia.com/advisories/22671 22758 http://secunia.com/advisories/22758 22772 http://secunia.com/advisories/22772 22799 http://secunia.com/advisories/22799 23038 http://secunia.com/advisories/23038 23131 http://secunia.com/advisories/23131 23155 http://secunia.com/advisories/23155 23280 http://secunia.com/advisories/23280 23309 http://secunia.com/advisories/23309 23340 http://secunia.com/advisories/23340 23351 http://secunia.com/advisories/23351 23680 http://secunia.com/advisories/23680 23915 http://secunia.com/advisories/23915 24930 http://secunia.com/advisories/24930 24950 http://secunia.com/advisories/24950 25889 http://secunia.com/advisories/25889 26329 http://secunia.com/advisories/26329 28276 http://www.securityfocus.com/bid/28276 29260 http://www.osvdb.org/29260 30124 http://secunia.com/advisories/30124 31492 http://secunia.com/advisories/31492 31531 http://secunia.com/advisories/31531 ADV-2006-3820 http://www.vupen.com/english/advisories/2006/3820 ADV-2006-3860 http://www.vupen.com/english/advisories/2006/3860 ADV-2006-3869 http://www.vupen.com/english/advisories/2006/3869 ADV-2006-3902 http://www.vupen.com/english/advisories/2006/3902 ADV-2006-3936 http://www.vupen.com/english/advisories/2006/3936 ADV-2006-4019 http://www.vupen.com/english/advisories/2006/4019 ADV-2006-4036 http://www.vupen.com/english/advisories/2006/4036 ADV-2006-4264 http://www.vupen.com/english/advisories/2006/4264 ADV-2006-4327 http://www.vupen.com/english/advisories/2006/4327 ADV-2006-4329 http://www.vupen.com/english/advisories/2006/4329 ADV-2006-4401 http://www.vupen.com/english/advisories/2006/4401 ADV-2006-4417 http://www.vupen.com/english/advisories/2006/4417 ADV-2006-4750 http://www.vupen.com/english/advisories/2006/4750 ADV-2006-4761 http://www.vupen.com/english/advisories/2006/4761 ADV-2006-4980 http://www.vupen.com/english/advisories/2006/4980 ADV-2007-0343 http://www.vupen.com/english/advisories/2007/0343 ADV-2007-1401 http://www.vupen.com/english/advisories/2007/1401 ADV-2007-2315 http://www.vupen.com/english/advisories/2007/2315 ADV-2007-2783 http://www.vupen.com/english/advisories/2007/2783 ADV-2008-0905 http://www.vupen.com/english/advisories/2008/0905/references ADV-2008-2396 http://www.vupen.com/english/advisories/2008/2396 APPLE-SA-2006-11-28 http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html DSA-1185 http://www.debian.org/security/2006/dsa-1185 FreeBSD-SA-06:23.openssl http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc GLSA-200610-11 http://security.gentoo.org/glsa/glsa-200610-11.xml GLSA-200612-11 http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml HPSBMA02250 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771 HPSBOV02683 http://marc.info/?l=bugtraq&m=130497311408250&w=2 HPSBTU02207 https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144 HPSBUX02174 http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100 HPSBUX02186 http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540 MDKSA-2006:172 http://www.mandriva.com/security/advisories?name=MDKSA-2006:172 MDKSA-2006:177 http://www.mandriva.com/security/advisories?name=MDKSA-2006:177 MDKSA-2006:178 http://www.mandriva.com/security/advisories?name=MDKSA-2006:178 NetBSD-SA2008-007 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc OpenPKG-SA-2006.021 http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html RHSA-2006:0695 http://www.redhat.com/support/errata/RHSA-2006-0695.html RHSA-2008:0629 http://www.redhat.com/support/errata/RHSA-2008-0629.html SSA:2006-272-01 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.676946 SSRT061213 SSRT061239 SSRT061275 SSRT071299 SSRT071304 SSRT090208 SUSE-SA:2006:058 http://www.novell.com/linux/security/advisories/2006_58_openssl.html SUSE-SR:2006:024 http://www.novell.com/linux/security/advisories/2006_24_sr.html TA06-333A http://www.us-cert.gov/cas/techalerts/TA06-333A.html USN-353-1 http://www.ubuntu.com/usn/usn-353-1 VU#247744 http://www.kb.cert.org/vuls/id/247744 [3.9] 20061007 013: SECURITY FIX: October 7, 2006 http://openbsd.org/errata.html#openssl2 [bind-announce] 20061103 Internet Systems Consortium Security Advisory. [revised] http://marc.info/?l=bind-announce&m=116253119512445&w=2 [security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues http://lists.vmware.com/pipermail/security-announce/2008/000008.html http://docs.info.apple.com/article.html?artnum=304829 http://issues.rpath.com/browse/RPL-613 http://kolab.org/security/kolab-vendor-notice-11.txt http://openvpn.net/changelog.html http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227 http://support.attachmate.com/techdocs/2374.html http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm http://www.arkoon.fr/upload/alertes/37AK-2006-06-FR-1.1_FAST360_OPENSSL_ASN1.pdf http://www.arkoon.fr/upload/alertes/41AK-2006-08-FR-1.1_SSL360_OPENSSL_ASN1.pdf http://www.f-secure.com/security/fsc-2006-6.shtml http://www.openssl.org/news/secadv_20060928.txt http://www.serv-u.com/releasenotes/ http://www.vmware.com/security/advisories/VMSA-2008-0005.html http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html http://www.vmware.com/support/player/doc/releasenotes_player.html http://www.vmware.com/support/player2/doc/releasenotes_player2.html http://www.vmware.com/support/server/doc/releasenotes_server.html http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf openssl-asn1-error-dos(29228) https://exchange.xforce.ibmcloud.com/vulnerabilities/29228 oval:org.mitre.oval:def:10560 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10560 Common Vulnerability Exposure (CVE) ID: CVE-2006-2940 1017522 http://securitytracker.com/id?1017522 20247 http://www.securityfocus.com/bid/20247 22083 http://www.securityfocus.com/bid/22083 22500 http://secunia.com/advisories/22500 23794 http://secunia.com/advisories/23794 26893 http://secunia.com/advisories/26893 29261 http://www.osvdb.org/29261 DSA-1195 http://www.debian.org/security/2006/dsa-1195 USN-353-2 http://www.ubuntu.com/usn/usn-353-2 http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html http://www.uniras.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=en https://issues.rpath.com/browse/RPL-1633 openssl-publickey-dos(29230) https://exchange.xforce.ibmcloud.com/vulnerabilities/29230 oval:org.mitre.oval:def:10311 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10311 Common Vulnerability Exposure (CVE) ID: CVE-2006-3738 102711 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1 20070602 Recent OpenSSL exploits http://www.securityfocus.com/archive/1/470460/100/0/threaded 201531 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1 20249 http://www.securityfocus.com/bid/20249 22633 http://secunia.com/advisories/22633 22654 http://secunia.com/advisories/22654 22791 http://secunia.com/advisories/22791 29262 http://www.osvdb.org/29262 30161 http://secunia.com/advisories/30161 ADV-2006-4314 http://www.vupen.com/english/advisories/2006/4314 ADV-2006-4443 http://www.vupen.com/english/advisories/2006/4443 FreeBSD-SA-06:23 GLSA-200805-07 http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml VU#547300 http://www.kb.cert.org/vuls/id/547300 http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=498093&RenditionID=&poid=8881 openssl-sslgetsharedciphers-bo(29237) https://exchange.xforce.ibmcloud.com/vulnerabilities/29237 oval:org.mitre.oval:def:4256 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4256 oval:org.mitre.oval:def:9370 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9370 Common Vulnerability Exposure (CVE) ID: CVE-2006-4343 20246 http://www.securityfocus.com/bid/20246 25420 http://secunia.com/advisories/25420 29263 http://www.osvdb.org/29263 4773 https://www.exploit-db.com/exploits/4773 ADV-2007-1973 http://www.vupen.com/english/advisories/2007/1973 VU#386964 http://www.kb.cert.org/vuls/id/386964 http://www.ingate.com/relnote-452.php openssl-sslv2-client-dos(29240) https://exchange.xforce.ibmcloud.com/vulnerabilities/29240 oval:org.mitre.oval:def:10207 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10207 oval:org.mitre.oval:def:4356 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4356
Copyright	Copyright (C) 2008 E-Soft Inc.