Test ID:	1.3.6.1.4.1.25623.1.0.68254
Category:	Mandrake Local Security Checks
Title:	Mandriva Security Advisory MDVSA-2010:168 (openssl)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to openssl announced via advisory MDVSA-2010:168. A vulnerability has been found and corrected in openssl: Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime. NOTE: some sources refer to this as a use-after-free issue (CVE-2010-2939). The updated packages have been patched to correct this issue. Affected: 2010.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:168 Risk factor : Medium CVSS Score: 4.3
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2939 1024296 http://securitytracker.com/id?1024296 20100807 openssl-1.0.0a http://seclists.org/fulldisclosure/2010/Aug/84 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX http://www.securityfocus.com/archive/1/516397/100/0/threaded 40906 http://secunia.com/advisories/40906 41105 http://secunia.com/advisories/41105 42309 http://secunia.com/advisories/42309 42413 http://secunia.com/advisories/42413 43312 http://secunia.com/advisories/43312 ADV-2010-2038 http://www.vupen.com/english/advisories/2010/2038 ADV-2010-2229 http://www.vupen.com/english/advisories/2010/2229 ADV-2010-3077 http://www.vupen.com/english/advisories/2010/3077 DSA-2100 http://www.debian.org/security/2010/dsa-2100 FreeBSD-SA-10:10 http://security.FreeBSD.org/advisories/FreeBSD-SA-10:10.openssl.asc HPSBMA02662 http://marc.info/?l=bugtraq&m=130331363227777&w=2 SSA:2010-326-01 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668793 SSRT100409 SUSE-SR:2010:021 http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html USN-1003-1 http://www.ubuntu.com/usn/USN-1003-1 [openssl-dev] 20100807 Re: openssl-1.0.0a and glibc detected sthg ;) http://www.mail-archive.com/openssl-dev%40openssl.org/msg28045.html [openssl-dev] 20100807 openssl-1.0.0a and glibc detected sthg ;) http://www.mail-archive.com/openssl-dev%40openssl.org/msg28043.html [openssl-dev] 20100808 Re: openssl-1.0.0a and glibc detected sthg ;) http://www.mail-archive.com/openssl-dev%40openssl.org/msg28049.html [oss-security] 20100812 Re: CVE Request: openssl double free http://www.openwall.com/lists/oss-security/2010/08/11/6 http://www.vmware.com/security/advisories/VMSA-2011-0003.html
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.