English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 76783 CVE descriptions
and 40246 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.68703
Category:FreeBSD Local Security Checks
Title:FreeBSD Ports: openssl
Summary:FreeBSD Ports: openssl
Description:The remote host is missing an update to the system
as announced in the referenced advisory.

The following package is affected: openssl

CVE-2010-3864
Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through
0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching
are enabled on a TLS server, might allow remote attackers to execute
arbitrary code via client data that triggers a heap-based buffer
overflow, related to (1) the TLS server name extension and (2)
elliptic curve cryptography.

Solution:
Update your system with the appropriate patches or
software upgrades.

http://openssl.org/news/secadv_20101116.txt
http://www.vuxml.org/freebsd/3042c33a-f237-11df-9d02-0018fe623f2b.html
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-3864
Bugtraq: 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (Google Search)
http://www.securityfocus.com/archive/1/archive/1/516397/100/0/threaded
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html
http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html
Debian Security Information: DSA-2125 (Google Search)
http://www.debian.org/security/2010/dsa-2125
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051255.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051170.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051237.html
FreeBSD Security Advisory: FreeBSD-SA-10:10
http://security.FreeBSD.org/advisories/FreeBSD-SA-10:10.openssl.asc
HPdes Security Advisory: HPSBMA02658
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777
HPdes Security Advisory: SSRT100413
HPdes Security Advisory: HPSBGN02740
http://marc.info/?l=bugtraq&m=132828103218869&w=2
HPdes Security Advisory: SSRT100741
RedHat Security Advisories: RHSA-2010:0888
https://rhn.redhat.com/errata/RHSA-2010-0888.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668793
SuSE Security Announcement: SUSE-SR:2010:022 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html
CERT/CC vulnerability note: VU#737740
http://www.kb.cert.org/vuls/id/737740
http://securitytracker.com/id?1024743
http://secunia.com/advisories/42243
http://secunia.com/advisories/42309
http://secunia.com/advisories/42336
http://secunia.com/advisories/42352
http://secunia.com/advisories/42397
http://secunia.com/advisories/42241
http://secunia.com/advisories/42413
http://secunia.com/advisories/43312
http://secunia.com/advisories/44269
http://secunia.com/advisories/57353
http://www.vupen.com/english/advisories/2010/3041
http://www.vupen.com/english/advisories/2010/3121
http://www.vupen.com/english/advisories/2010/3077
http://www.vupen.com/english/advisories/2010/3097
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 40246 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.