Test ID:	1.3.6.1.4.1.25623.1.0.64947
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDVSA-2009:237 (openssl)
Summary:	The remote host is missing an update to openssl;announced via advisory MDVSA-2009:237.
Description:	Summary: The remote host is missing an update to openssl announced via advisory MDVSA-2009:237. Vulnerability Insight: Multiple vulnerabilities was discovered and corrected in openssl: ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello (CVE-2009-1386). The NSS library library before 3.12.3, as used in Firefox, GnuTLS before 2.6.4 and 2.7.4, OpenSSL 0.9.8 through 0.9.8k, and other products support MD2 with X.509 certificates, which might allow remote attackers to spooof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large (CVE-2009-2409). This update provides a solution to these vulnerabilities. Affected: Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 5.1 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1386 35174 http://www.securityfocus.com/bid/35174 35571 http://secunia.com/advisories/35571 35685 http://secunia.com/advisories/35685 35729 http://secunia.com/advisories/35729 36533 http://secunia.com/advisories/36533 38794 http://secunia.com/advisories/38794 38834 http://secunia.com/advisories/38834 8873 https://www.exploit-db.com/exploits/8873 ADV-2010-0528 http://www.vupen.com/english/advisories/2010/0528 HPSBMA02492 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444 NetBSD-SA2009-009 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc RHSA-2009:1335 http://www.redhat.com/support/errata/RHSA-2009-1335.html SSRT100079 SUSE-SR:2009:012 http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html USN-792-1 http://www.ubuntu.com/usn/USN-792-1 [oss-security] 20090602 Re: Two OpenSSL DTLS remote DoS http://www.openwall.com/lists/oss-security/2009/06/02/1 [security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates http://lists.vmware.com/pipermail/security-announce/2010/000082.html http://cvs.openssl.org/chngview?cn=17369 http://rt.openssl.org/Ticket/Display.html?id=1679&user=guest&pass=guest openssl-changecipherspec-dos(50963) https://exchange.xforce.ibmcloud.com/vulnerabilities/50963 oval:org.mitre.oval:def:11179 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11179 oval:org.mitre.oval:def:7469 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7469 Common Vulnerability Exposure (CVE) ID: CVE-2009-2409 1022631 http://www.securitytracker.com/id?1022631 20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console http://www.securityfocus.com/archive/1/515055/100/0/threaded 36139 http://secunia.com/advisories/36139 36157 http://secunia.com/advisories/36157 36434 http://secunia.com/advisories/36434 36669 http://secunia.com/advisories/36669 36739 http://secunia.com/advisories/36739 37386 http://secunia.com/advisories/37386 42467 http://secunia.com/advisories/42467 ADV-2009-2085 http://www.vupen.com/english/advisories/2009/2085 ADV-2009-3184 http://www.vupen.com/english/advisories/2009/3184 ADV-2010-3126 http://www.vupen.com/english/advisories/2010/3126 APPLE-SA-2009-11-09-1 http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html DSA-1874 http://www.debian.org/security/2009/dsa-1874 DSA-1888 https://www.debian.org/security/2009/dsa-1888 GLSA-200911-02 http://security.gentoo.org/glsa/glsa-200911-02.xml GLSA-200912-01 http://security.gentoo.org/glsa/glsa-200912-01.xml MDVSA-2009:197 http://www.mandriva.com/security/advisories?name=MDVSA-2009:197 MDVSA-2009:216 http://www.mandriva.com/security/advisories?name=MDVSA-2009:216 MDVSA-2009:258 http://www.mandriva.com/security/advisories?name=MDVSA-2009:258 MDVSA-2010:084 http://www.mandriva.com/security/advisories?name=MDVSA-2010:084 RHSA-2009:1207 http://www.redhat.com/support/errata/RHSA-2009-1207.html RHSA-2009:1432 http://www.redhat.com/support/errata/RHSA-2009-1432.html RHSA-2010:0095 https://rhn.redhat.com/errata/RHSA-2010-0095.html USN-810-1 http://www.ubuntu.com/usn/usn-810-1 USN-810-2 https://usn.ubuntu.com/810-2/ [syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html [syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html http://java.sun.com/j2se/1.5.0/ReleaseNotes.html http://java.sun.com/javase/6/webnotes/6u17.html http://support.apple.com/kb/HT3937 http://www.vmware.com/security/advisories/VMSA-2010-0019.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2409 oval:org.mitre.oval:def:10763 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10763 oval:org.mitre.oval:def:6631 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6631 oval:org.mitre.oval:def:7155 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7155 oval:org.mitre.oval:def:8594 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8594
Copyright	Copyright (C) 2009 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.