English | Deutsch | Español | Português
 UserID:
 Passwd:
 new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   		     Search 61204 CVE descriptions
and 32582 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.68677
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-1018-1 (openssl)
Summary:Ubuntu USN-1018-1 (openssl)
Description:The remote host is missing an update to openssl
announced via advisory USN-1018-1.

Details follow:

Rob Hulswit discovered a race condition in the OpenSSL TLS server
extension parsing code when used within a threaded server. A remote
attacker could trigger this flaw to cause a denial of service
or possibly execute arbitrary code with application privileges.
(CVE-2010-3864)

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
libssl0.9.8 0.9.8g-4ubuntu3.12

Ubuntu 9.10:
libssl0.9.8 0.9.8g-16ubuntu3.4

Ubuntu 10.04 LTS:
libssl0.9.8 0.9.8k-7ubuntu8.4

Ubuntu 10.10:
libssl0.9.8 0.9.8o-1ubuntu4.2

After a standard system update you need to reboot your computer to make
all the necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-1018-1

Risk factor : Critical
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-3864
Bugtraq: 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (Google Search)
http://www.securityfocus.com/archive/1/archive/1/516397/100/0/threaded
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html
http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html
Debian Security Information: DSA-2125 (Google Search)
http://www.debian.org/security/2010/dsa-2125
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051255.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051170.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051237.html
FreeBSD Security Advisory: FreeBSD-SA-10:10
http://security.FreeBSD.org/advisories/FreeBSD-SA-10:10.openssl.asc
HPdes Security Advisory: HPSBMA02658
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777
HPdes Security Advisory: SSRT100413
HPdes Security Advisory: HPSBGN02740
http://marc.info/?l=bugtraq&m=132828103218869&w=2
HPdes Security Advisory: SSRT100741
RedHat Security Advisories: RHSA-2010:0888
https://rhn.redhat.com/errata/RHSA-2010-0888.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668793
SuSE Security Announcement: SUSE-SR:2010:022 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html
http://securitytracker.com/id?1024743
http://secunia.com/advisories/42243
http://secunia.com/advisories/42309
http://secunia.com/advisories/42336
http://secunia.com/advisories/42352
http://secunia.com/advisories/42397
http://secunia.com/advisories/42241
http://secunia.com/advisories/42413
http://secunia.com/advisories/43312
http://secunia.com/advisories/44269
http://www.vupen.com/english/advisories/2010/3041
http://www.vupen.com/english/advisories/2010/3121
http://www.vupen.com/english/advisories/2010/3077
http://www.vupen.com/english/advisories/2010/3097
Common Vulnerability Exposure (CVE) ID: CVE-2010-4298
Bugtraq: 20101121 'Free Simple Software' SQL Injection Vulnerability (CVE-2010-4298) (Google Search)
http://www.securityfocus.com/archive/1/archive/1/514863/100/0/threaded
https://www.uncompiled.com/2010/11/free-simple-software-sql-injection-vulnerability-cve-2010-4298/
BugTraq ID: 44998
http://www.securityfocus.com/bid/44998
Common Vulnerability Exposure (CVE) ID: CVE-2010-3307
http://www.openwall.com/lists/oss-security/2010/09/17/11
http://www.openwall.com/lists/oss-security/2010/09/17/4
http://www.ocert.org/advisories/ocert-2010-003.html
http://secunia.com/advisories/41001
Common Vulnerability Exposure (CVE) ID: CVE-2010-1845
Bugtraq: 20101122 NGS00015 Patch Notification: ImageIO Memory Corruption (Google Search)
http://www.securityfocus.com/archive/1/archive/1/514867/100/0/threaded
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
http://www.securitytracker.com/id?1024723
Common Vulnerability Exposure (CVE) ID: CVE-2010-4172
Bugtraq: 20101122 [SECURITY] CVE-2010-4172: Apache Tomcat Manager application XSS vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/514866/100/0/threaded
http://archives.neohapsis.com/archives/fulldisclosure/2010-11/0285.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
http://www.redhat.com/support/errata/RHSA-2011-0791.html
http://www.redhat.com/support/errata/RHSA-2011-0896.html
http://www.redhat.com/support/errata/RHSA-2011-0897.html
http://www.ubuntu.com/usn/USN-1048-1
BugTraq ID: 45015
http://www.securityfocus.com/bid/45015
http://securitytracker.com/id?1024764
http://secunia.com/advisories/42337
http://secunia.com/advisories/43019
http://secunia.com/advisories/45022
http://www.vupen.com/english/advisories/2010/3047
http://www.vupen.com/english/advisories/2011/0203
XForce ISS Database: tomcat-sessionlist-xss(63422)
http://xforce.iss.net/xforce/xfdb/63422
Common Vulnerability Exposure (CVE) ID: CVE-2010-4159
http://lists.ximian.com/pipermail/mono-patches/2010-October/177900.html
http://marc.info/?l=oss-security&m=128939873515821&w=2
http://marc.info/?l=oss-security&m=128939912716499&w=2
http://marc.info/?l=oss-security&m=128941802415318&w=2
http://www.mandriva.com/security/advisories?name=MDVSA-2010:240
BugTraq ID: 44810
http://www.securityfocus.com/bid/44810
http://secunia.com/advisories/42174
http://www.vupen.com/english/advisories/2010/3059
Common Vulnerability Exposure (CVE) ID: CVE-2010-3999
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050177.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050164.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050269.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:241
BugTraq ID: 44563
http://www.securityfocus.com/bid/44563
http://secunia.com/advisories/42048
http://secunia.com/advisories/42054
http://www.vupen.com/english/advisories/2010/2898
http://www.vupen.com/english/advisories/2010/2848
http://www.vupen.com/english/advisories/2010/3060
Common Vulnerability Exposure (CVE) ID: CVE-2010-2227
Bugtraq: 20100709 [SECURITY] CVE-2010-2227: Apache Tomcat Remote Denial Of Service and Information Disclosure Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/512272/100/0/threaded
Debian Security Information: DSA-2207 (Google Search)
http://www.debian.org/security/2011/dsa-2207
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050207.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050214.html
HPdes Security Advisory: HPSBUX02579
http://marc.info/?l=bugtraq&m=129070310906557&w=2
HPdes Security Advisory: SSRT100203
http://www.mandriva.com/security/advisories?name=MDVSA-2010:176
http://www.mandriva.com/security/advisories?name=MDVSA-2010:177
http://www.redhat.com/support/errata/RHSA-2010-0580.html
http://www.redhat.com/support/errata/RHSA-2010-0583.html
http://www.redhat.com/support/errata/RHSA-2010-0581.html
http://www.redhat.com/support/errata/RHSA-2010-0582.html
SuSE Security Announcement: SUSE-SR:2010:017 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
BugTraq ID: 41544
http://www.securityfocus.com/bid/41544
http://securitytracker.com/id?1024180
http://secunia.com/advisories/40813
http://secunia.com/advisories/41025
http://secunia.com/advisories/42079
http://secunia.com/advisories/42368
http://secunia.com/advisories/42454
http://secunia.com/advisories/43310
http://secunia.com/advisories/44183
http://www.vupen.com/english/advisories/2010/1986
http://www.vupen.com/english/advisories/2010/2868
http://www.vupen.com/english/advisories/2010/3056
XForce ISS Database: tomcat-transferencoding-dos(60264)
http://xforce.iss.net/xforce/xfdb/60264
Common Vulnerability Exposure (CVE) ID: CVE-2010-1157
Bugtraq: 20100421 [SECURITY] CVE-2010-1157: Apache Tomcat information disclosure vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/510879/100/0/threaded
BugTraq ID: 39635
http://www.securityfocus.com/bid/39635
http://secunia.com/advisories/39574
http://www.vupen.com/english/advisories/2010/0980
Common Vulnerability Exposure (CVE) ID: CVE-2009-0783
Bugtraq: 20090604 [SECURITY] CVE-2009-0783 Apache Tomcat Information disclosure (Google Search)
http://www.securityfocus.com/archive/1/archive/1/504090/100/0/threaded
Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search)
http://www.securityfocus.com/archive/1/archive/1/507985/100/0/threaded
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:136
http://www.mandriva.com/security/advisories?name=MDVSA-2009:138
http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1
SuSE Security Announcement: SUSE-SR:2009:012 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
BugTraq ID: 35416
http://www.securityfocus.com/bid/35416
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10716
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6450
http://www.securitytracker.com/id?1022336
http://secunia.com/advisories/35685
http://secunia.com/advisories/35788
http://secunia.com/advisories/37460
http://www.vupen.com/english/advisories/2009/1856
http://www.vupen.com/english/advisories/2009/3316
XForce ISS Database: tomcat-xml-information-disclosure(51195)
http://xforce.iss.net/xforce/xfdb/51195
Common Vulnerability Exposure (CVE) ID: CVE-2009-0781
Bugtraq: 20090306 [SECURITY] CVE-2009-0781 XSS in Apache Tomcat examples web application (Google Search)
http://www.securityfocus.com/archive/1/archive/1/501538/100/0/threaded
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11041
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6564
XForce ISS Database: tomcat-cal2-xss(49213)
http://xforce.iss.net/xforce/xfdb/49213
Common Vulnerability Exposure (CVE) ID: CVE-2009-0580
Bugtraq: 20090603 [SECURITY] CVE-2009-0580 Apache Tomcat User enumeration vulnerability with FORM authentication (Google Search)
http://www.securityfocus.com/archive/1/archive/1/504045/100/0/threaded
Bugtraq: 20090604 Re: [SECURITY] CVE-2009-0580 Apache Tomcat User enumeration vulnerability with FORM authentication (Google Search)
http://www.securityfocus.com/archive/1/archive/1/504108/100/0/threaded
Bugtraq: 20090605 [SECURITY] CVE-2009-0580 UPDATED Apache Tomcat User enumeration vulnerability with FORM authentication (Google Search)
http://www.securityfocus.com/archive/1/archive/1/504125/100/0/threaded
BugTraq ID: 35196
http://www.securityfocus.com/bid/35196
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6628
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9101
http://securitytracker.com/id?1022332
http://secunia.com/advisories/35326
http://secunia.com/advisories/35344
http://www.vupen.com/english/advisories/2009/1496
XForce ISS Database: tomcat-jsecuritycheck-info-disclosure(50930)
http://xforce.iss.net/xforce/xfdb/50930
Common Vulnerability Exposure (CVE) ID: CVE-2009-0033
Bugtraq: 20090603 [SECURITY] CVE-2009-0033 Apache Tomcat DoS when using Java AJP connector (Google Search)
http://www.securityfocus.com/archive/1/archive/1/504044/100/0/threaded
http://jvn.jp/en/jp/JVN87272440/index.html
BugTraq ID: 35193
http://www.securityfocus.com/bid/35193
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10231
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5739
http://securitytracker.com/id?1022331
XForce ISS Database: tomcat-ajp-dos(50928)
http://xforce.iss.net/xforce/xfdb/50928
Common Vulnerability Exposure (CVE) ID: CVE-2008-5515
Bugtraq: 20090608 [SECURITY] CVE-2008-5515 RequestDispatcher directory traversal vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/504170/100/0/threaded
Bugtraq: 20090610 [SECURITY] UPDATED CVE-2008-5515 RequestDispatcher directory traversal vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/504202/100/0/threaded
SuSE Security Announcement: SUSE-SR:2010:008 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html
http://jvn.jp/en/jp/JVN63832775/index.html
BugTraq ID: 35263
http://www.securityfocus.com/bid/35263
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10422
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6445
http://secunia.com/advisories/35393
http://secunia.com/advisories/39317
http://www.vupen.com/english/advisories/2009/1520
http://www.vupen.com/english/advisories/2009/1535
Common Vulnerability Exposure (CVE) ID: CVE-2009-3743
Bugtraq: 20101125 TSSA-2010-01 Ghostscript library Ins_MINDEX() integer overflow and heap corruption (Google Search)
http://www.securityfocus.com/archive/1/archive/1/514892/100/0/threaded
http://www.kb.cert.org/vuls/id/JALR-87YGN8
CERT/CC vulnerability note: VU#644319
http://www.kb.cert.org/vuls/id/644319
http://www.securitytracker.com/id?1024785
Common Vulnerability Exposure (CVE) ID: CVE-2010-1452
http://marc.info/?l=apache-announce&m=128009718610929&w=2
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
HPdes Security Advisory: HPSBUX02612
http://marc.info/?l=bugtraq&m=129190899612998&w=2
HPdes Security Advisory: SSRT100345
http://www.redhat.com/support/errata/RHSA-2010-0659.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.467395
SuSE Security Announcement: SUSE-SU-2011:1000 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00009.html
SuSE Security Announcement: SUSE-SU-2011:1216 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00008.html
http://ubuntu.com/usn/usn-1021-1
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11683
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12341
http://secunia.com/advisories/42367
http://www.vupen.com/english/advisories/2010/2218
http://www.vupen.com/english/advisories/2010/3064
http://www.vupen.com/english/advisories/2011/0291
Common Vulnerability Exposure (CVE) ID: CVE-2010-1623
AIX APAR: PM23263
http://www-01.ibm.com/support/docview.wss?uid=swg1PM31601
AIX APAR: PM31601
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049939.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049885.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:192
http://www.redhat.com/support/errata/RHSA-2010-0950.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.627828
SuSE Security Announcement: SUSE-SU-2011:1229 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html
http://www.ubuntu.com/usn/USN-1022-1
BugTraq ID: 43673
http://www.securityfocus.com/bid/43673
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12800
http://secunia.com/advisories/41701
http://secunia.com/advisories/42015
http://secunia.com/advisories/42361
http://secunia.com/advisories/42403
http://secunia.com/advisories/42537
http://secunia.com/advisories/43211
http://secunia.com/advisories/43285
http://www.vupen.com/english/advisories/2010/2556
http://www.vupen.com/english/advisories/2010/2557
http://www.vupen.com/english/advisories/2010/2806
http://www.vupen.com/english/advisories/2010/3065
http://www.vupen.com/english/advisories/2010/3074
http://www.vupen.com/english/advisories/2011/0358
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  
 Forgot userid or passwd?
Email/Userid:



Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2013 E-Soft Inc. All rights reserved.