Test ID:	1.3.6.1.4.1.25623.1.0.68186
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-1003-1 (openssl)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to openssl announced via advisory USN-1003-1. A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10 Ubuntu 10.04 LTS Ubuntu 10.10 Details follow: It was discovered that OpenSSL incorrectly handled return codes from the bn_wexpand function calls. A remote attacker could trigger this flaw in services that used SSL to cause a denial of service or possibly execute arbitrary code with application privileges. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.04 and 9.10. (CVE-2009-3245) It was discovered that OpenSSL incorrectly handled certain private keys with an invalid prime. A remote attacker could trigger this flaw in services that used SSL to cause a denial of service or possibly execute arbitrary code with application privileges. The default compiler options for affected releases should reduce the vulnerability to a denial of service. (CVE-2010-2939) Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libssl0.9.8 0.9.8a-7ubuntu0.13 Ubuntu 8.04 LTS: libssl0.9.8 0.9.8g-4ubuntu3.11 Ubuntu 9.04: libssl0.9.8 0.9.8g-15ubuntu3.6 Ubuntu 9.10: libssl0.9.8 0.9.8g-16ubuntu3.3 Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.3 Ubuntu 10.10: libssl0.9.8 0.9.8o-1ubuntu4.1 After a standard system update you need to reboot your computer to make all the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-1003-1 Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3245 http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html BugTraq ID: 38562 http://www.securityfocus.com/bid/38562 http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html HPdes Security Advisory: HPSBOV02540 http://marc.info/?l=bugtraq&m=127678688104458&w=2 HPdes Security Advisory: HPSBUX02517 http://marc.info/?l=bugtraq&m=127128920008563&w=2 HPdes Security Advisory: SSRT100058 http://www.mandriva.com/security/advisories?name=MDVSA-2010:076 http://packetstormsecurity.com/files/153392/ABB-HMI-Outdated-Software-Components.html http://marc.info/?l=openssl-cvs&m=126692180606861&w=2 http://marc.info/?l=openssl-cvs&m=126692159706582&w=2 http://marc.info/?l=openssl-cvs&m=126692170906712&w=2 https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11738 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6640 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9790 http://www.redhat.com/support/errata/RHSA-2010-0977.html http://www.redhat.com/support/errata/RHSA-2011-0896.html http://secunia.com/advisories/37291 http://secunia.com/advisories/38761 http://secunia.com/advisories/39461 http://secunia.com/advisories/39932 http://secunia.com/advisories/42724 http://secunia.com/advisories/42733 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049 SuSE Security Announcement: SUSE-SR:2010:013 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://www.ubuntu.com/usn/USN-1003-1 http://www.vupen.com/english/advisories/2010/0839 http://www.vupen.com/english/advisories/2010/0916 http://www.vupen.com/english/advisories/2010/0933 http://www.vupen.com/english/advisories/2010/1216 Common Vulnerability Exposure (CVE) ID: CVE-2010-2939 1024296 http://securitytracker.com/id?1024296 20100807 openssl-1.0.0a http://seclists.org/fulldisclosure/2010/Aug/84 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX http://www.securityfocus.com/archive/1/516397/100/0/threaded 40906 http://secunia.com/advisories/40906 41105 http://secunia.com/advisories/41105 42309 http://secunia.com/advisories/42309 42413 http://secunia.com/advisories/42413 43312 http://secunia.com/advisories/43312 ADV-2010-2038 http://www.vupen.com/english/advisories/2010/2038 ADV-2010-2229 http://www.vupen.com/english/advisories/2010/2229 ADV-2010-3077 http://www.vupen.com/english/advisories/2010/3077 DSA-2100 http://www.debian.org/security/2010/dsa-2100 FreeBSD-SA-10:10 http://security.FreeBSD.org/advisories/FreeBSD-SA-10:10.openssl.asc HPSBMA02662 http://marc.info/?l=bugtraq&m=130331363227777&w=2 SSA:2010-326-01 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668793 SSRT100409 SUSE-SR:2010:021 http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html USN-1003-1 [openssl-dev] 20100807 Re: openssl-1.0.0a and glibc detected sthg ;) http://www.mail-archive.com/openssl-dev%40openssl.org/msg28045.html [openssl-dev] 20100807 openssl-1.0.0a and glibc detected sthg ;) http://www.mail-archive.com/openssl-dev%40openssl.org/msg28043.html [openssl-dev] 20100808 Re: openssl-1.0.0a and glibc detected sthg ;) http://www.mail-archive.com/openssl-dev%40openssl.org/msg28049.html [oss-security] 20100812 Re: CVE Request: openssl double free http://www.openwall.com/lists/oss-security/2010/08/11/6 http://www.vmware.com/security/advisories/VMSA-2011-0003.html
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.