English | Deutsch | Español | Português
 UserID:
 Passwd:
 new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   		     Search 94899 CVE descriptions
and 51984 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.68684
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-1029-1 (openssl)
Summary:Ubuntu USN-1029-1 (openssl)
Description:Description:
The remote host is missing an update to openssl
announced via advisory USN-1029-1.

Details follow:

It was discovered that an old bug workaround in the SSL/TLS
server code allowed an attacker to modify the stored session cache
ciphersuite. This could possibly allow an attacker to downgrade the
ciphersuite to a weaker one on subsequent connections. (CVE-2010-4180)

It was discovered that an old bug workaround in the SSL/TLS server
code allowed allowed an attacker to modify the stored session cache
ciphersuite. An attacker could possibly take advantage of this to
force the use of a disabled cipher. This vulnerability only affects
the versions of OpenSSL in Ubuntu 6.06 LTS, Ubuntu 8.04 LTS, and
Ubuntu 9.10. (CVE-2008-7270)

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
libssl0.9.8 0.9.8a-7ubuntu0.14

Ubuntu 8.04 LTS:
libssl0.9.8 0.9.8g-4ubuntu3.13

Ubuntu 9.10:
libssl0.9.8 0.9.8g-16ubuntu3.5

Ubuntu 10.04 LTS:
libssl0.9.8 0.9.8k-7ubuntu8.5

Ubuntu 10.10:
libssl0.9.8 0.9.8o-1ubuntu4.3

After a standard system update you need to reboot your computer to make
all the necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-1029-1

Risk factor : Medium

CVSS Score:
4.3

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-7270
HPdes Security Advisory: HPSBHF02706
http://marc.info/?l=bugtraq&m=132077688910227&w=2
HPdes Security Advisory: SSRT100613
HPdes Security Advisory: HPSBMU02759
http://www.securityfocus.com/archive/1/522176
HPdes Security Advisory: SSRT100817
http://www.redhat.com/support/errata/RHSA-2010-0977.html
http://www.redhat.com/support/errata/RHSA-2010-0978.html
http://www.redhat.com/support/errata/RHSA-2011-0896.html
http://ubuntu.com/usn/usn-1029-1
BugTraq ID: 45254
http://www.securityfocus.com/bid/45254
http://secunia.com/advisories/42493
Common Vulnerability Exposure (CVE) ID: CVE-2010-4180
http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html
Debian Security Information: DSA-2141 (Google Search)
http://www.debian.org/security/2011/dsa-2141
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052027.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052315.html
HPdes Security Advisory: HPSBMA02658
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777
HPdes Security Advisory: SSRT100413
HPdes Security Advisory: HPSBOV02670
http://marc.info/?l=bugtraq&m=130497251507577&w=2
HPdes Security Advisory: HPSBUX02638
http://marc.info/?l=bugtraq&m=129916880600544&w=2
HPdes Security Advisory: SSRT100339
HPdes Security Advisory: SSRT100475
http://www.mandriva.com/security/advisories?name=MDVSA-2010:248
http://www.redhat.com/support/errata/RHSA-2010-0979.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668471
SuSE Security Announcement: SUSE-SR:2011:001 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html
SuSE Security Announcement: SUSE-SU-2011:0847 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html
SuSE Security Announcement: openSUSE-SU-2011:0845 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html
SuSE Security Announcement: SUSE-SR:2011:009 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
CERT/CC vulnerability note: VU#737740
http://www.kb.cert.org/vuls/id/737740
BugTraq ID: 45164
http://www.securityfocus.com/bid/45164
http://osvdb.org/69565
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:18910
http://www.securitytracker.com/id?1024822
http://secunia.com/advisories/42473
http://secunia.com/advisories/42469
http://secunia.com/advisories/42571
http://secunia.com/advisories/42620
http://secunia.com/advisories/42811
http://secunia.com/advisories/42877
http://secunia.com/advisories/43169
http://secunia.com/advisories/43170
http://secunia.com/advisories/43171
http://secunia.com/advisories/43172
http://secunia.com/advisories/43173
http://secunia.com/advisories/44269
http://www.vupen.com/english/advisories/2010/3120
http://www.vupen.com/english/advisories/2010/3122
http://www.vupen.com/english/advisories/2010/3134
http://www.vupen.com/english/advisories/2010/3188
http://www.vupen.com/english/advisories/2011/0032
http://www.vupen.com/english/advisories/2011/0076
http://www.vupen.com/english/advisories/2011/0268
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 51984 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  
 Forgot userid or passwd?
Email/Userid:



Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2016 E-Soft Inc. All rights reserved.